DevOps Gurgaon Meetup : Some High octane gyan

DevOps Gurgaon Meetup : Some High octane gyan

DevOps Gurgaon Meetup

With the clock striking 6 P.M. on the 12th of July,  few geeks from MakeMyTrip were all set to brainstorm with some other fellow geeks from the DevOps community, for the first time in the Northern region of the country. There is a good chance that this was the first time such a platform was being set up in the country.

Devs, Ops, Hackers, and Engineers wanted to learn from each other, and share what is new and cooking in their web of cyber world. The theme of primary interest revolved around CentOS 6.0, Security(Systems/Network + WebAppSec) , understand how DevOps as a culture could establish best practices, tools, infrastructure as a code, Datacentre and operations automation.

We were hoping that about 7 or 8 people would show up, but a gathering of 18 exceeded our expectations.

The nerdy geeks attending this session, were:

  1. Karanbir Singh : Project Lead (The CentOS Project)
  2. Satyaakam Goswami: FOSS consultant and evangelist
  3. Jasbir Khehra : Infra Architect(NDTV)
  4. Abhishek : Infra team(NDTV)
  5. Shomirondas Gupta : Founder NetMonastery
  6. Sanjay Kharb: AVP, Website operations (MakeMyTrip)
  7. Asheesh Saxena : AVP, Tech development(MakeMyTrip)
  8. Virender Bisht : AVP, Tech development(MakeMyTrip)
  9. Manish Gupta
  10. Dharmendra Kumar
  11. Ayush Gupta
  12. Garima Sharma
  13. Akhilesh Gupta
  14. Munish Kumar
  15. Sudhanshu Shekhar Sharma : Cloud computing enthusiast
  16. Neeraj Arora : Network Specialist (MakeMyTrip)
  17. Konark Modi
  18. Piyush Kumar

Mr. Satyaakam Goswami kick started the Meetup by gelling with young guys/gals  and making them understand the nuances of operations, the associated learning curve, and utility of being a part of the operations team.

An appropriate example quoted was – “Everyone uses Facebook, Everyone uses Google! But as an engineer you should also have the zeal to learn/know how things are running behind Facebook, and Google in terms of technology and processess, which will not only increase your knowledge, but also help you create interest and awareness.”

Trippers, Konark and Piyush shared what DevOps culture is all about, a term coined by Patrick Debois from Belgium.

It was very rightly explained that “It is not just about tools: it is about people, processes and then about tools. Until and unless the people are appropriate, and the process is right, a DevOps culture cannot sustain in an organization”.

Neeraj Arora and Sanjay Kharb (Infrastructure team) shared their experience of collaboration between  the development team and the business folks, while designing the setup of a new facility at VSNL Chennai (Co-Location services).

To better understand the packet flow it is necessary to understand how an application works and there is no better source than the developer him/ herself.

Initially – while discussing the failure points in the  N/W design,  they(Neeraj and Sanjay) only considered from systems/network’s perspective and planned for redundancy/failover/DR  accordingly. After taking insights from the development leads and business leads,  they were able to pin point more failure points from application’s perspective such as connections made to GDS etc.  To mitigate this business risk of loosing connectivity to GDS systems within and outside the country they designed a solution for having a direct link via an MPLS cloud.

ShomironDas Gupta who heads a company that provides real-time network attack monitoring was the best guy to raise queries about security. One of the questions asked to him by Dharmendra was “How have the attacks changed from 2000-2005 to 2005-2011 era ”.

What was explained to us made real sense, he answered “In 2000-2005  majority of the attacks were on web servers like IIS , now the trend has shifted and majority of attacks are on Web Applications.”

It is very important for every individual in the organization  to understand the importance of security, why it is necessary, what is the impact of security on business. Security at every layer has its own importance, Securing the network, OS, and server but neglecting to

secure the application is like building an elaborate fortress, but leaving its main gate open and

unguarded; which will allow attacker to damage the system.

Application security should start from the planning/designing of the application and should be continued throughout the SDLC called Secure SDLC (SSDLC).

Shomiron also mentioned about “Cyber Drills” that is being recently practiced by many companies which helps them measure their capabilities of incident handling and fill the gaps (if any).

By the time we finished discussing Security and role of devs and ops in it, we were joined by Karanbir, Jasbir and Abhishek.

Karanbir started to share history(his-story) of:

  • How he started with Linux in late 90s
  • Why he and his colleagues/friends decided to build a new Enterprise OS now known as CommunityENTerpriseOperatingSystem(CentOS) along the lines of White Box Enterprise Linux(WBEL).
  • How they are same and different from RedHat.
  • He shared some instances where they were served legal notices from RedHat and how they overcame them.
  • He shared some interesting stories about Oracle Unbreakable Linux and CentOS.
  • Various different weird clauses in licensing and subscription of enterprise distributions of Linux and company concerns on licensing and subscription  models.

Taking a break from the Gyan session we celebrated the Release of CentOS 6 and it was one the the first cake cutting ceremonies for CentOS 6. :)

After the cake cutting ceremony and snacks break, it was time to hear from Karanbir speaking about “CentOS : Beyond distributed engineering” .

The talk was a full blown tech session where he talked about:

  • The idea of a platform
  • The real world
  • CentOS Perspective
  • Build system
  • Testing Harness
  • ContentDB
  • Reemzul
  • 4D packaging

One of the key things KB mentioned about CentOS 6.0 and upcoming releases is the effort being put behind by CentOS community to get most of the stuff automated and  a strong testing processes (Build environment,Functional testing and Integration testing).

Karan,Satyaakam also highlighted and explained in detail the need to contribute to community at an organizational level:

  1. To protect the interest and copyrights of the organization; there is a strong need to draft a policy beforehand.
  2. Inculcate a culture in the workforce to contribute to open source projects.
  3. Doing this would not only encourage the individual but also helps represent the company at a larger landscape.
  4. Increases the productivity and talent within the organization. Also helps to attract good talent  as they are willing to work with an organization which is actively involved in the community.
  5. Community participation takes both an individual and an organization one step further because  contributions like code is reviewed/tested/used by people/geeks worldwide.

BeerParty@Howzatt: No DevOps meetup is complete without BEER and continuing the culture we enjoyed  a lot @Howzatt sports bar Gurgaon to digest the High Octane Gyan.

For event snaps: https://picasaweb.google.com/118131677760195552668/DevOpsMeetingGurgoan12July2011

DevOps Gurgaon Meetup

DevOps Gurgaon Meetup

Time  Tuesday, July 12 2011 · 6:00pm – 9:00pm

Location :

MakeMyTrip Office – Gurgaon

103 Udyog Vihar Phase I, Gurgaon – 122016, Haryana, India
Gurgaon, India
Come to DevOps Gurgaon Meetup to:-
- hang around with ppl from Dev & Ops / engineers/hackers
+ share information on the best practices, tools , culture etc

  • Infrastructure As Code
  • System Administration
  • IaaS,PaaS
  • Datacenter and Operations Automation
  • CentOS (6.x)
  • Ganglia (3.2.x) + Ganglia-Web (2.x)
  • Security (Systems/Network  + WebAppSec)

No serious lectures !!

Simple fun/talks with geeks like
- Karanbir Singh (@kbsingh) http://www.karan.org/ #CentOS
- Satyaakam Goswami http://facebook.com/satyaa​kam
and other geeks !!

hashtag #DevOpsGGN

Maps URL: http://bit.ly/oysreI

Event Page: http://on.fb.me/mXUBCw (invite only)
DevOps Gurgaon

some good security related links

http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
http://testasp.acunetix.com/Default.asp
http://test.acunetix.com/
http://hackme.ntobjectives.com/
http://www.foundstone.com/us/resources/proddesc/hacmeshipping.htm
http://www.foundstone.com/us/resources/proddesc/hacmecasino.htm
http://www.foundstone.com/us/resources/proddesc/hacmebooks.htm
http://www.foundstone.com/us/resources/proddesc/hacmetravel.htm
http://zero.webappsecurity.com/
http://www.hackertest.net/
http://www.hackthissite.org/
http://www.mavensecurity.com/WebMaven.php
http://ha.ckers.org/challenge/
http://ha.ckers.org/challenge2/
http://demo.testfire.net/
http://scanme.nmap.org/
http://www.hellboundhackers.org/
http://www.overthewire.org/wargames/
http://roothack.org/
http://heorot.net/
http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10

http://wocares.com/xsstester.php
https://how2hack.net
http://hax.tor.hu/