youtube image
From YouTube: Stay Out of My Yard! Isolation Segments - a New Feature for Isolating Workloads in Cloud Foundry

Description

Stay Out of My Yard! Isolation Segments - a New Feature for Isolating Workloads in Cloud Foundry [I] - Sandy Cash & Dan Lavine, IBM

Tenancy in Cloud Foundry only provides a logical sort of separation currently - access and ownership of orgs, apps, and spaces is restricted to the appropriate individuals, e.g. But with the introduction of Isolation Segments for compute in CF 250 and later, deployers have the option of providing their tenants with true workload isolation at the compute layer. Sandy and Dan describe the ins and outs of this exciting new feature, the benefits and the limitations, and how best to take advantage of it. They will describe not only how it functions today, but also how they see it progressing to provide an even fuller set of isolation capabilities in future CF releases.

Sandy Cash
Sandy is a Senior Software Engineer and Cloud Architect IBM who has worked in a variety of roles, including development, architecture, and consulting. Past projects have included designing and implementing enterprise and hybrid clouds, as well as advising clients on their cloud strategies. He has contributed to Cloud Foundry multiple components, including Diego, the Cloud Controller, and the legacy DEA runtime. He currently works for IBM BlueMix, the world's largest single Cloud Foundry deployment, and he greatly enjoys working in the open source world.

Dan Lavine
IBM
Dan has spent the last couple of years with IBM working extensively on Cloud Foundry and worked with a number of teams, including: CLI, Diego, Routing, CAPI, RuntimeOG, and Release Integration. With his vast knowledge of Cloud Foundry, Dan has been working alongside many of those previous teams to implement the much requested Isolation Segment feature. Besides this current work, Dan enjoys tackling complicated issues brought up in Slack or GitHub. For instance, he enjoyed tracking down a potential memory leak in the DEAs when there was poor network connectivity.