ECS & Docker: Secure Async Brennan Saeta
|
|
- Dale Dalton
- 5 years ago
- Views:
Transcription
1 ECS & Docker: Secure Async Brennan Saeta
2
3 The Beginnings million learners worldwide 4 partners 10 courses
4 Education at Scale 18 million learners worldwide 140 partners 1,800 courses
5 Outline Evolution of Coursera s nearline execution systems Next-generation execution framework: Iguazú Iguazú application deep dive: GrID evaluating programming assignments
6 Key Takeaways What is nearline execution, and why it is useful Best practices for running containers in production in the cloud Hardening techniques for securely operating container infrastructure at scale
7 A history of nearline execution
8
9 Coursera Architecture (2012) PHP Monolith
10 Early days - Requirements Video re-encoding for distribution Grade computation for 100,000+ learners Pedagogical data exports for courses
11 Coursera Architecture (2012) PHP Monolith
12 Cascade Architecture Cascade PHP Monolith PHP Monolith
13 Cascade Architecture PHP Monolith Queue Cascade PHP Monolith
14 Upgrading to Scala Re-architecting delayed execution for our 2 nd generation learning platform.
15 Upgrading to the JVM Leverage mature Scala & JVM ecosystems for code sharing JVM much more reliable (no memory leaks) New job model: scheduled recurring jobs. Named: Saturn
16 Saturn Architecture Online Serving Scala/micro-service architecture Service A Service B Service C C* C*
17 Saturn Architecture Online Serving Scala/micro-service architecture Service A Saturn Service B Service C C* C*
18 Saturn Architecture Service B Service A Service C Saturn ZK Ensemble C* C*
19 Saturn Architecture Service B Service A Service C Saturn Leader ZK Ensemble C* C*
20 Problems with Saturn Single master meant naïve implementation ran all jobs in same JVM Huge CPU top of the hour OOM Exceptions & GC issues
21 Enter: Docker Containers allow for resource isolation! CC-by-2.0
22 Supported Features Platform Saturn Docker Amazon ECS Iguazú Run code Resource Isolation Clusters / HA Great developer workflow Scheduled Jobs
23 Supported Features Platform Saturn Docker Amazon ECS Iguazú Run code Resource Isolation Clusters / HA Great developer workflow Scheduled Jobs
24 Supported Features Platform Saturn Docker Amazon ECS Iguazú Run code Resource Isolation Clusters / HA Great developer workflow Scheduled Jobs
25 Supported Features Platform Saturn Docker Amazon ECS Iguazú Run code Resource Isolation Clusters / HA Great developer workflow Scheduled Jobs
26 Supported Features Platform Saturn Docker Amazon ECS??? Run code Resource Isolation Clusters / HA Great developer workflow Scheduled Jobs
27 Solution: Iguazú Marissa Strniste ( CC-BY-2.0
28 Solution: Iguazú Framework & service for asynchronous execution Optimized Scala developer experience for Coursera Unified scheduler supports: Immediate execution (nearline) Scheduled recurring execution (cron-like) Deferred execution (run time X) Marissa Strniste ( CC-BY-2.0
29 Iguazú Architecture ECS API Devs Iguazú Admin Iguazú Scheduler SQS Iguazú Backend Iguazú Frontend Iguazú Workers Services Services Cassandra Users
30 Iguazú Architecture ECS API Devs Iguazú Admin Iguazú Scheduler SQS Queue Iguazú Backend Iguazú Frontend Iguazú Workers Services Services Cassandra Users
31 Iguazú Architecture ECS API Devs Iguazú Admin Iguazú Scheduler SQS Queue Iguazú Backend Iguazú Frontend Iguazú Workers Services Services Cassandra Users
32 Iguazú Architecture ZK Ensemble ECS API Devs Iguazú Admin Iguazú Scheduler SQS Queue Iguazú Backend Iguazú Frontend Iguazú Workers Services Services Cassandra Users
33 Iguazú Architecture ZK Ensemble ECS API Devs Iguazú Admin Iguazú Scheduler SQS Queue Iguazú Backend Iguazú Frontend Iguazú Workers Services Services Cassandra Users
34 Autoscale, autoscale, autoscale!
35 Autoscaling Iguazú ECS Shutdown Lifecycle Notification Poll Worker Job Status Autoscaling Proceed Iguazu All finished ECS API Terminate EC2 Worker EC2 Worker EC2 Worker
36 Failure in Nearline Systems Most jobs are non-idempotent Iguazú: At most once execution Time-bounded delay Future: At least once execution With caveats
37 Iguazú adoption by the numbers ~100 jobs in production >100 different job schedules >1000 runs per day
38 Iguazú Applications Nearline Jobs Pedagogical Instructor Data Exports System Integrations Course Migrations Scheduled Recurring Jobs Course Reminders System Integrations Payment reconciliation Course translations Housekeeping Build artifact archival A/B Experiments
39 While containers may help you on your journey, they are not themselves a destination. CC-by-2.0
40 Writing an Iguazu Job class (abclient: AbClient, API) extends AbstractJob { override val reservedcpu = 1024 // 1 CPU core override val reservedmemory = 1024 // 1 GB RAM } def run(parameters: JsValue) = { val experiments = abclient.findforgotten() logger.info(s"found ${experiments.size} forgotten experiments.") experiments.foreach { experiment => sendreminder(experiment.owners, experiment.description) } }
41 Writing an Iguazu Job class (abclient: AbClient, API) extends AbstractJob { override val reservedcpu = 1024 // 1 CPU core override val reservedmemory = 1024 // 1 GB RAM } def run(parameters: JsValue) = { val experiments = abclient.findforgotten() logger.info(s"found ${experiments.size} forgotten experiments.") experiments.foreach { experiment => sendreminder(experiment.owners, experiment.description) } }
42 Writing an Iguazu Job class (abclient: AbClient, API) extends AbstractJob { override val reservedcpu = 1024 // 1 CPU core override val reservedmemory = 1024 // 1 GB RAM } def run(parameters: JsValue) = { val experiments = abclient.findforgotten() logger.info(s"found ${experiments.size} forgotten experiments.") experiments.foreach { experiment => sendreminder(experiment.owners, experiment.description) } }
43 Writing an Iguazu Job class (abclient: AbClient, API) extends AbstractJob { override val reservedcpu = 1024 // 1 CPU core override val reservedmemory = 1024 // 1 GB RAM } def run(parameters: JsValue) = { val experiments = abclient.findforgotten() logger.info(s"found ${experiments.size} forgotten experiments.") experiments.foreach { experiment => sendreminder(experiment.owners, experiment.description) } }
44 Writing an Iguazu Job class (abclient: AbClient, API) extends AbstractJob { override val reservedcpu = 1024 // 1 CPU core override val reservedmemory = 1024 // 1 GB RAM } def run(parameters: JsValue) = { val experiments = abclient.findforgotten() logger.info(s"found ${experiments.size} forgotten experiments.") experiments.foreach { experiment => sendreminder(experiment.owners, experiment.description) } }
45 Testing an Iguazu job
46 The Hollywood Principle applies to distributed systems. CC-by-2.0
47 Deploying a new Iguazu Job Developer merge into master done Jenkins Build Steps Compile & package job JAR Prepare Docker image Pushes image into registry Register updated job with Amazon ECS API
48 Invoking an Iguazú Job // invoking a job with one function call // from another service via REST framework RPC val invocationid = iguazujobinvocationclient.create(iguazujobinvocationrequest( jobname = "exportquizgrades", parameters = quizparams))
49 A clean environment increases reliability. CC-by-2.0
50 Evaluating Programming Assignments An application of Iguazú
51
52
53 Design Goals Elastic Infrastructure No Maintenance Near Real-time Secure Infrastructure
54 Design Goals Elastic Infrastructure No Maintenance Near Real-time Secure Infrastructure
55 Design Goals Elastic Infrastructure No Maintenance Near Real-time Secure Infrastructure
56 Solution: GrID Service + framework for grading programming assignments Builds on Iguazú Named for Tron s digital frontier Backronym: Grading Inside Docker Patrick Hoesly ( CC-BY-2.0
57 High-level GrID Architecture GrID S3 Bucket Learners VPC Firewalls Grading Machines Iguazú ECS APIs Coursera Production Account Coursera GrID Grading Account
58 High-level GrID Architecture GrID S3 Bucket Learners VPC Firewalls Grading Machines Iguazú ECS APIs Coursera Production Account Coursera GrID Grading Account
59 High-level GrID Architecture GrID S3 Bucket Learners VPC Firewalls Grading Machines Iguazú ECS API Production Acct GrID Grading Account
60 High-level GrID Architecture GrID S3 Bucket Learners VPC Firewalls Grading Machines Iguazú ECS API Production Acct GrID Grading Account
61 Design Goals Elastic Infrastructure No Maintenance Near Real-time Secure Infrastructure
62 Programming Assignments
63 The Security Challenge Compiling and running untrusted, arbitrary code on our cluster in near real time. Would you like to compile and run C code from random people on the Internet on your servers?
64 FROM redis FROM ubuntu:latest FROM jane s-image
65 Security Assumptions Run arbitrary binaries Instructor grading scripts may have vulnerabilities Grading code is untrusted Unknown vulnerabilities in Docker and Linux name-spacing and/or container implementation
66 Security Goals Prevent submitted code from: impacting the evaluation of other submissions. disrupting the grading environment (e.g., DoS) affecting the rest of the Coursera learning platform
67 Grading assignment submissions CC-by-2.0
68
69 Alice s Submission Alice s Container Grader Bob s Submission Bob s Container Grader Mallory s Submission Mallory s Container Grader Kernel RAM CPU CPU CPU CPU Disk
70 Alice s Submission Alice s Container Grader Bob s Submission Bob s Container Grader Mallory s Submission Mallory s Container Grader Kernel RAM CPU CPU CPU CPU Disk
71 Alice s Submission Alice s Container Grader Bob s Submission Bob s Container Grader Mallory s Submission Mallory s Container Grader Kernel RAM cgroups CPU cgroups CPU cgroups Disk
72 Alice s Submission Alice s Container Grader Bob s Submission Bob s Container Grader Mallory s Submission Mallory s Container Grader Kernel RAM cgroups CPU cgroups CPU cgroups Disk
73 Alice s Submission Alice s Container Grader Bob s Submission Bob s Container Grader Mallory s Submission Mallory s Container Grader Kernel RAM cgroups CPU cgroups CPU cgroups Disk blkio limits & btrfs quotas
74 Alice s Submission Alice s Container Grader Bob s Submission Bob s Container Grader Mallory s Submission Mallory s Container Grader Kernel RAM cgroups CPU cgroups CPU cgroups Disk blkio limits & btrfs quotas
75 Attacks: Kernel Resource Exhaustion Open file limits per container (nofile) nproc Process limits Limit kernel memory per cgroup Limit execution time
76
77 Alice s Submission Alice s Container Grader Bob s Submission Bob s Container Grader Mallory s Submission Mallory s Container Grader Kernel cgroups, ulimits RAM cgroups CPU cgroups CPU cgroups Disk blkio limits & btrfs quotas Network
78 Attacks: Network attacks Attacks: Bitcoin mining DoS attacks on other systems Access Amazon S3 and other AWS APIs Defense: Deny network access
79 Docker Network Modes NetworkDisabled too restrictive Some graders require local loopback Feature also deprecated --net=none + deny net_admin + audit network Isolation via Docker creating an independent network stack for each container github.com/coursera/amazon-ecs-agent
80 CC-by-2.0
81 CC-by-2.0
82 CC-by-2.0
83 Defense in Depth Mandatory Access Control (App Armor) Allows auditing or denying access to a variety of subsystems Drop capabilities from bounding set No need for NET_BIND_SERVICE, CAP_FOWNER, MKNOD Deny root within container
84 Deny Root Escalations We modify instructor grader images before allowing them to be run Clears setuid Inserts C wrapper to drop privileges from root and redirect stdin/stdout/stderr Run cleaning job on another Iguazú cluster Run Docker in Docker! Docker 1.10 adds User Namespaces
85 If all else fails Utilizes VPC security measures to further restrict network access No public internet access Security group to restrict inbound/outbound access Network flow logs for auditing Separate AWS account Run in an Auto Scaling group Regularly terminate all grading EC2 instances
86 Other Security Measures Utilize AWS CloudTrail for audit logs Third-party security monitoring (Threat Stack) No one should log in, so any TTY is an alert Penetration testing by third-party red team (Synack)
87 Lessons Learned - GrID Building a platform for code execution is hard! Carefully monitor disk usage Run the latest kernels Latest security patches btrfs wedging on older kernels Default Ubuntu kernel not new enough!
88 Reliable deploy tooling pays for itself.
89 Thank you! Brennan Saeta GrID lead Frank Chen Iguazú Lead
90 Questions? Brennan Saeta GrID lead Frank Chen Iguazú Lead
Permanent IT Salaries Q Working with you to create a great recruitment experience
Working with you to create a great recruitment experience Introduction Evolution Recruitment Solutions delivers IT and tech recruitment solutions for niche and volume contingent, retained search, RPO and
More informationEnhancing Workday with BetterWorks
Enhancing Workday with BetterWorks Workday is a leading Human Capital (HCM) and financial management platform for managing talent across global organizations. Workday effectively supports traditional and
More informationWe make it fly. Digital Transformation in the Airspace industry powered by Internet of Things
We make it fly. Digital Transformation in the Airspace industry powered by Internet of Things Dr.-Ing. Anes Hodžić Airbus Digital Transformation Office Vice President, Digital Transformation and IoT Berlin,
More informationMelanie. Persona. Hotel Manager. I need to make sure the hotel is ran efficiently and provides the services to make our guests comfortable.
Story A hotel manager is looking for an easy to use tool that allows them to efficiently manage and be a proactive guest services organization; while providing a simple way for guests to make the requests.
More informationHow to Integrate CA SiteMinder with the Barracuda Web Application Firewall
How to Integrate CA SiteMinder with the Barracuda Web Application Firewall Overview CA/Netegrity SiteMinder provides an infrastructure for centralized and secure policy management of websites. It uniquely
More informationBonita Workflow. Getting Started BONITA WORKFLOW
Bonita Workflow Getting Started BONITA WORKFLOW Bonita Workflow Getting Started Bonita Workflow v3.0 Software January 2007 Copyright Bull SAS Table of Contents Chapter 1. New Features for Workflow...1
More informationDistributed Object Storage System Ceph in Practice
Distributed Object Storage System Ceph in Practice Dominik Joe Pantůček dominik.pantucek@trustica.cz Trustica 8.10.2016 Dominik Joe Pantůček Trustica Practical Ceph 8.10.2016 1 / 32 Legal notice. Dominik
More informationInstallation Guide. Unisphere Central. Installation. Release number REV 07. October, 2015
Unisphere Central Release number 4.0 Installation 300-013-602 REV 07 October, 2015 Introduction... 2 Environment and system requirements... 2 Network planning...4 Download Unisphere Central...6 Deploy
More informationMoving Towards a Customer Centric Approach. Dr. Philippe Villard Head, Policy & Economics
Moving Towards a Customer Centric Approach Dr. Philippe Villard Head, Policy & Economics pvillard@aci.aero Introduction to Airport Service Quality What is Airport Service Quality? ACI s customer satisfaction
More informationGROUND HANDLING COURSES Amadeus Customer Service
GROUND HANDLING COURSES Amadeus Customer Service 30 April 2018 SUMMARY Altéa Administration for Ground Handlers... 3 Amadeus Altea document management for Altea Departure Control... 4 Amadeus Security
More informationNavitaire GoNow Day-of-departure services
Navitaire GoNow: Day-of-Departure Made Smarter GoNow is Navitaire s advanced day-of-departure suite offering today s evolving airlines a comprehensive, scalable solution to support efficient, cost-effective
More informationDART. Duty & Recreation Travel STAFF TRAVEL SIMPLIFIED. Straightforward, easy to use staff travel management system for the airline industry
DART Duty & Recreation Travel STAFF TRAVEL SIMPLIFIED. Straightforward, easy to use staff travel management system for the airline industry DART Duty & Recreation Travel 2 STAFF TRAVEL COULDN T GET EASIER
More informationAmadeus Airport IT Conference 2018 April 3-5 Venetian Resort & Casino Las Vegas, Nevada Event Agenda
Amadeus Airport IT Conference 2018 April 3-5 Venetian Resort & Casino Las Vegas, Nevada Event Agenda Tuesday, April 3 (Optional functional training day for North American users) 8:00AM - 9:00AM Breakfast
More informationRSA SecurID Ready Implementation Guide
RSA SecurID Ready Implementation Guide Last Modified Thursday, May 08, 2003 1. Partner Information Partner Name Web Site Product Name Version & Platform Product Description Product Category Netegrity,
More informationVideo Media Center - VMC 1000 Getting Started Guide
Video Media Center - VMC 1000 Getting Started Guide Video Media Center - VMC 1000 Getting Started Guide Trademark Information Polycom, the Polycom logo design, Video Media Center, and RSS 2000 are registered
More informationICFP programming contest 2017 Lambda punter (1.3)
ICFP programming contest 2017 Lambda punter (1.3) ICFP programming contest organisers 4th August 2017 1 Introduction This year s task is to efficiently transport lambdas around the world by punt. A punt
More information# 1 in ease-of-use. Guest Service Interconnectivity. Made by hoteliers, for hoteliers.
1.415.992.3999 - The voice of the hotel # 1 in ease-of-use. Guest Service Interconnectivity. Made by hoteliers, for hoteliers. An intuitive guest service management software for hotels. Table of Content
More informationFirewall Network and Proxy Datasheet
Firewall Network and Proxy Datasheet This document lists information about Kontiki servers that you might need for configuring firewalls and proxy servers. As Kontiki selects vendors and expands services,
More informationSpecial edition paper Development of a Crew Schedule Data Transfer System
Development of a Crew Schedule Data Transfer System Hideto Murakami* Takashi Matsumoto* Kazuya Yumikura* Akira Nomura* We developed a crew schedule data transfer system where crew schedule data is transferred
More informationAirspace Infringement
Airspace Infringement A KEY RISK DEMANDING DEDICATED ACTION Airspace Infringement Workshop 24 January 2008, Brussels Peter Stastny, EUROCONTROL SRU and Alexander Krastev, EUROCONTROL DAP/SSH 1 European
More informationVacuum Controls and Interlocks
Vacuum Controls and Interlocks CERN Accelerator School Platja D Aro, 16-24 May 2006 P. Strubin (CERN) Outline Introduction Architecture 3 tiers architecture Example of the LHC vacuum system Mapping the
More informationPan Pacific Hotels Group rolls out Milestone IP video technology to ensure guest safety
Pan Pacific Hotels Group rolls out Milestone IP video technology to ensure guest safety Pan Pacific, managed by Pan Pacific Hotels Group, is a leading hospitality brand in Asia and the Pacific Rim, situated
More informationEmerging Technologies in BPM
Emerging Technologies in BPM Keynote: Emerging BPM Techniques & Technology Summit Building Business Capability 2012 Sandy Kemsley www.column2.com @skemsley Emerging BPM Techniques & Technologies Summit
More informationScalable Runtime Support for Data-Intensive Applications on the Single-Chip Cloud Computer
Scalable Runtime Support for Data-Intensive Applications on the Single-Chip Cloud Computer Anastasios Papagiannis and Dimitrios S. Nikolopoulos, FORTH-ICS Institute of Computer Science (ICS) Foundation
More informationAI in a SMART AIrport
AI in a SMART AIrport Steve Lee CIO & Group SVP(Technology) Changi Airport Group (Singapore) Pte. Ltd. 24 Oct 2017 2017 Changi Airport Group (Singapore) Pte. Ltd. Not to be used, disclosed or reproduced
More informationNDC - One Order Pilot
NDC - One Order Pilot Insel Air Dutch Caribbean carrier that serves as the national airline of Curaçao. Serves 5 destinations Aruba Curacao St. Maarten Bonaire Paramaribo 3 aircrafts Fokker 50's Embraer
More informationOnline flight bookings
Travel and Events Online flight bookings A quick guide to booking flights online Welcome The flight tool is the online booking tool containing everything you need to book a flight, simply and quickly.
More informationDisruptive technologies and societal trends are changing everyday lives and shaking up competition across all industries
Disruptive technologies and societal trends are changing everyday lives and shaking up competition across all industries 5 years ago Now In 5 years Smartphones share (%) 18,6% 74,6% Total share? Will it
More informationSetup and Configure the Siteminder Policy Store with Dxmanager
One CA Plaza Islandia, NY 11749 T +1 631 342 6000 F +1 631 342 6800 ca.com June 20, 2013 Customer Request Number: N/A System/Application: Policy Server Module: Siteminder Policy Store with DXmanager Request
More informationCA SiteMinder. Agent for JBoss Guide SP1
CA SiteMinder Agent for JBoss Guide 12.52 SP1 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is for your
More informationACI EUROPE POSITION PAPER
ACI EUROPE POSITION PAPER November 2018 Cover / Photo: Stockholm Arlanda Airport (ARN) Introduction Air traffic growth in Europe has shown strong performance in recent years, but airspace capacity has
More informationMyTraveler User s Manual
MyTraveler User s Manual MyTraveler is the DataTraveler Elite tool that enables you to access and customize your DataTraveler Elite through the MyTraveler Console. Messages and prompts guide you through
More informationPunt Policing and Monitoring
Punt Policing and Monitoring Punt policing protects the Route Processor (RP) from having to process noncritical traffic, which increases the CPU bandwidth available to critical traffic. Traffic is placed
More informationGogo Connected Aircraft Services
Gogo Connected Aircraft Services Connected Aircraft Services The power of a connected fleet These benefits are made possible through Gogo Inflight Services, the Gogo FLEX Inflight System, the Gogo Inflight
More informationApplicability / Compatibility of STPA with FAA Regulations & Guidance. First STAMP/STPA Workshop. Federal Aviation Administration
Applicability / Compatibility of STPA with FAA Regulations & Guidance First STAMP/STPA Workshop Presented by: Peter Skaves, FAA Chief Scientific and Technical Advisor for Advanced Avionics Briefing Objectives
More informationConfiguring a Secure Access etrust SiteMinder Server Instance (NSM Procedure)
Configuring a Secure Access etrust SiteMinder Server Instance (NSM Procedure) Within the Secure Access device, a SiteMinder instance is a set of configuration settings that defines how the Secure Access
More informationReal-time route planning streamlines onboard operations, reduces fuel burn and delays, and improves on-time performance.
Real-time route planning streamlines onboard operations, reduces fuel burn and delays, and improves on-time performance. Operational Efficiency of Dynamic Navigation Charting Benefits such as improved
More informationPRIVACY POLICY KEY DEFINITIONS. Aquapark Wrocław Wrocławski Park Wodny S.A. with the registered office in Wrocław, ul. Borowska 99, Wrocław.
Shall enter into force on the 25th May 2018, PRIVACY POLICY Aquapark Wrocław shall endeavour to protect privacy of persons who use our services. This document has been implemented to comply with rules
More informationIntroduction to Off-Airport Baggage Processing Solutions IATA GAPS application July. Service by
Introduction to Off-Airport Baggage Processing Solutions IATA GAPS application - 2018 July Service by We re helping airports and airlines manage their capacity, expand without building more infrastructure
More informationetrust SiteMinder Agent r5.5 for BEA WebLogic 9.0 etrust SiteMinder Agent for BEA WebLogic Guide
etrust SiteMinder Agent r5.5 for BEA WebLogic 9.0 etrust SiteMinder Agent for BEA WebLogic Guide This documentation (the Documentation ) and related computer software program (the Software ) (hereinafter
More informationOfficial Journal of the European Union L 186/27
7.7.2006 Official Journal of the European Union L 186/27 COMMISSION REGULATION (EC) No 1032/2006 of 6 July 2006 laying down requirements for automatic systems for the exchange of flight data for the purpose
More informationTotal Airport Management Solution DELIVERING THE NEXT GENERATION AIRPORT
Total Airport Management Solution DELIVERING THE NEXT GENERATION AIRPORT Benefits of Total Airport Management Greater end-to-end visibility across landside and airside operations More accurate passenger
More informationThe Skyward Platform Helps You Manage UAV Operations
The Skyward Platform Helps You Manage UAV Operations About Skyward Skyward s cloud-based UAV management platform powers scalable, efficient, safe, and insurable UAV operations for small businesses and
More informationFINAL REPORT OF THE USOAP CMA AUDIT OF THE CIVIL AVIATION SYSTEM OF THE KINGDOM OF NORWAY
ICAO UNIVERSAL SAFETY OVERSIGHT AUDIT PROGRAMME (USOAP) Continuous Monitoring Approach (CMA) FINAL REPORT OF THE USOAP CMA AUDIT OF THE CIVIL AVIATION SYSTEM OF THE KINGDOM OF NORWAY (16 to 20 November
More informationHotel Booking System For Magento
Hotel Booking System For Magento webkul.com/blog/magento-hotel-booking-system/ On - November 23, 2015 Hotel Booking System For Magento is a module which helps in developing your Magento Website into a
More informationetrust SiteMinder Agent r6.0 for IBM WebSphere
etrust SiteMinder Agent r6.0 for IBM WebSphere SiteMinder Agent for IBM WebSphere Guide r6.0 This documentation (the Documentation ) and related computer software program (the Software ) (hereinafter collectively
More informationAeroCRS Keynote. AeroCRS Corporate Update Mr. Meir Hadassi Turner AeroCRS CEO
AeroCRS Keynote AeroCRS Corporate Update Mr. Meir Hadassi Turner AeroCRS CEO Welcome 2018 customers! Global Distribution Systems integrations Type A + Type B full integration with GDS Direct connection
More informationConcur Travel FAQs. 5. How do I log in to Concur Travel? Visit or the link is available on the Travel page of the Compass.
General 1. What is Concur Travel? Concur Travel is a hosted, web-based system that allows users to book travel using a web browser or mobile device instead of booking travel through a travel agent. Concur
More informationMobile FliteDeck VFR Release Notes
Mobile FliteDeck VFR Release Notes This document supports version 2.3.0 (build 2.3.0.10334) of Mobile FliteDeck VFR for ios. The minimum operating system requirement for this release is ios10. On the date
More informationMultiple Wishlists extension for Magento2. User Guide
Multiple Wishlists extension for Magento2 User Guide version 1.0 Website: http://www.itoris.com Page 1 Contents 1. Introduction... 3 2. Installation... 3 2.1. System Requirements... 3 2.2. Installation...
More informationCA SITEMINDER OVERVIEW
info@tutionbooks.com CA SITEMINDER OVERVIEW www.tutionbooks.com Session Overview 1 2 3 4 Concept of application Security Requirement of Siteminder Features of siteminder Basic of request to access an application
More informationIncorporates passenger management, fleet management and revenue/cost reporting
1 Web based business system providing comprehensive functionality for domestic and international airline operations Incorporates passenger management, fleet management and revenue/cost reporting Comprehensive
More informationProvincial Land and Resource Management Initiative
Provincial Land and Resource Management Initiative Esri Canada User Conference November 6, 2013 Gretchen Pohlkamp, Executive Director Land Services Department of Natural Resources The Problem Like most
More informationVisitor Management Plan innovative and hospitable
Visitor Management Plan 2015-2020 innovative and hospitable Outline of policy, objectives, and enabling conditions Drawn up on 19 March 2015 1. Introduction The Visitor Management Plan 2015-2020 outlines
More informationAmadeus Altéa Airport Link
Product information & MORE Amadeus Altéa Airport Link Customer Solutions Distribution & Content
More informationManagement System for Flight Information
Management System for Flight Information COP 5611 Chantelle Erasmus Page 1 of 17 Project Phases Design Phase (100 percent complete)... 3 Initial Implementation and Testing Phase (90 percent complete)...
More informationTransforming Passenger Processing
Transforming Passenger Processing Through Self Service Sam Munda Sales Director, Sub-Sahara Africa ACI AFRICA ABUJA 17 Sep 2010 Agenda Market Overview SITA Self Service Portfolio Conclusions What is the
More informationTHE REAL-TIME AIRLINE TAKES FLIGHT
THE REAL-TIME AIRLINE TAKES FLIGHT THE AIRLINE INDUSTRY HAS ALWAYS BEEN CHARACTERIZED BY HIGHLY CYCLICAL DEMAND AND LOW PROFITABILITY, STRONGLY INFLUENCED BY EXTERNAL FACTORS SUCH AS THE FUEL PRICE. In
More informationPerformance monitoring report 2017/18
Performance monitoring report /18 Gatwick Airport Limited 1. Introduction Date of issue: 20 July 2018 This report provides an update on performance at Gatwick in the financial year /18, ending 31 March
More informationThe Transforming Airport
DAY 2 FOUR PATHWAYS The Transforming Airport Distributed Airport Infrastructure Airport infrastructure; Creating greater choice and convenience for passengers is driving the trend for off-airport facilities.
More informationSmart Marine Ecosystem Strategy
Smart Marine Ecosystem Strategy Dmitry Rostopshin Director, Traffic Control & Management Solutions E-Navigation Underway North America 2018 Wärtsilä Why is the industry transforming? 20 BEUR waste not
More informationCrosswind-based wake avoidance system approved by the FAA for operational use. Clark Lunsford (MITRE) & Dr. Edward Johnson May 15-16, 2013
Crosswind-based wake avoidance system approved by the FAA for operational use Clark Lunsford (MITRE) & Dr. Edward Johnson May 15-16, 2013 Outline WTMD Concept Order signed authorizing WTMD operations WTMD
More informationmaking air travel smarter 2016 Resilient Ops, Inc.
making air travel smarter Don t just react to flight delays manage them ~30,000 passengers will fly into Orlando from within the US each day On average, 2,500 of those passengers will have their plans
More informationTable of Content. Table of Contents Mobile Experts LLC. All Rights Reserved. 1
Table of Content Table of Contents 2015 Mobile Experts LLC. All Rights Reserved. 1 Table of Content List of Figures... 5 List of Tables... 9 Executive Summary...11 Synopsis of C-RAN Developments in the
More informationA Survey of Time and Space Partitioning for Space Avionics
2018-05-25, 21:52:13 A Survey of Time and Space Partitioning for Space Avionics Presentation at DASIA 2018 31st May 2018 The Basic Idea of TSP Motivation Time and Space Partitioning (TSP) Why? several
More informationCMS FacilitiesOps and IN2P3
CMS FacilitiesOps and IN2P3 [ CMS visit to IN2P3 - Lyon, 23 Oct 09] Daniele Bonacorsi, Peter Kreuzer [ CMS Facilities Ops ] Claudio Grandi, Chris Brew [ T1 coordination in CMS Facilities Ops ] Andrea Sciabà,
More informationImplementing OpenID for Your Social Networking Web Site
Implementing OpenID for Your Social Networking Web Site By David Keener http://www.keenertech.com Introduction Social networking sites are communities Communities consist of people Getting people to join
More informationSimplifying the business of flight. ARINCDirectSM FLIGHT SOLUTIONS
Simplifying the business of flight. ARINCDirectSM FLIGHT SOLUTIONS Manage your fleet with comprehensive flight solutions. Rockwell Collins is simplifying the business of flight with our ARINCDirect SM
More informationSeptember 20, RAA Coin. United Currency for RAA Delivery Service and Decentralized Payment Network
September 20, 2017 RAA Coin United Currency for RAA Delivery Service and Decentralized Payment Network CONTENTS I/ Vision 2 II/ Characterization of RAA Coin 3 III/ RAA Ecosystem 4 IV/ 1. City Wide Delivery
More informationFAA NextGENProgram & NEAR Laboratory. Massood Towhidnejad, PhD Director of NEAR lab
FAA NextGENProgram & NEAR Laboratory Massood Towhidnejad, PhD Director of NEAR lab www.near.aero towhid@erau.edu U.S. Air Traffic System World s Most Demanding 689M Passengers/Year 36B Pounds of Cargo/Year
More informationEnabling Civilian Low-Altitude Airspace and Unmanned Aerial System (UAS) Operations. Unmanned Aerial System Traffic Management (UTM)
Enabling Civilian Low-Altitude Airspace and Unmanned Aerial System (UAS) Operations By Unmanned Aerial System Traffic Management (UTM) Parimal Kopardekar, Ph.D. UTM Principal Investigator and Manager,
More informationSTAIRWAY IDS ATC SIMULATION ENVIRONMENT - SWIM COMPATIBLE SYSTEM
STAIRWAY IDS ATC SIMULATION ENVIRONMENT - SWIM COMPATIBLE SYSTEM Content The problem Simulation Platform Problem Statements The solution Use Case Application Description The benefits and next steps 2 IDS
More informationCA SiteMinder Federation Standalone
CA SiteMinder Federation Standalone Installation and Upgrade Guide r12.52 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as
More informationPerformance monitoring report for 2014/15
Performance monitoring report for 20/15 Date of issue: August 2015 Gatwick Airport Limited Summary Gatwick Airport is performing well for passengers and airlines, and in many aspects is ahead of the performance
More informationPerformance monitoring report for first half of 2015
Performance monitoring report for first half of 2015 Gatwick Airport Limited 1. Introduction Date of issue: 11 November 2015 This report provides an update on performance at Gatwick in the first half of
More informationCA SiteMinder. Agent for JBoss Guide. r12.1 SP3. Third Edition
CA SiteMinder Agent for JBoss Guide r12.1 SP3 Third Edition This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationATPCO. Intended positioning on the market
Company profile Founded in 1965 Head Office address USA (Washington Dulles International Airport) Countries with offices 3 countries (USA, UK, Singapore) Main activities Number of employees Countries with
More informationQuickstart Guide to HIPE and the HSA
Hitchhiker s Guide to the Herschel Science Archive Pasadena, 6 th -10 th October 2014 Quickstart Guide to HIPE and the HSA David Shupe User Support coordinator / NHSC Archive Scientist PACS Hitchhiker
More information9/16/ CHG 213 VOLUME 3 GENERAL TECHNICAL ADMINISTRATION CHAPTER 61 AIRCRAFT NETWORK SECURITY PROGRAM
VOLUME 3 GENERAL TECHNICAL ADMINISTRATION CHAPTER 61 AIRCRAFT NETWORK SECURITY PROGRAM Section 1 Safety Assurance System: Evaluate the Operator s 14 CFR Parts 121, 121/135, 125, and 129 Aircraft Network
More informationThe World s First Robotic Digitization Company
The World s First Robotic Digitization Company Ripcord is the world s first robotic digitization company on a mission to transform how companies manage their paper records. There are roughly 5 billion
More informationNATIONAL AIRSPACE POLICY OF NEW ZEALAND
NATIONAL AIRSPACE POLICY OF NEW ZEALAND APRIL 2012 FOREWORD TO NATIONAL AIRSPACE POLICY STATEMENT When the government issued Connecting New Zealand, its policy direction for transport in August 2011, one
More informationIntegrated Applications Programme (IAP) & Space for UAS UAS for Applications
ESA s Integrated Applications Programme (IAP) & Space for UAS UAS for Applications M. Vaissiere ESA Director of Telecommunications and Integrated Applications Programme European High Level UAS Conference
More informationConcur Travel: Post Ticket Change Using Sabre Automated Exchanges
Concur Travel: Post Ticket Change Using Sabre Automated Exchanges Travel Service Guide Applies to Concur Travel: Professional/Premium edition TMC Partners Direct Customers Standard edition TMC Partners
More informationProgressive Technology Facilitates Ground-To-Flight-Deck Connectivity
Progressive Technology Facilitates Ground-To-Flight-Deck Connectivity By Robert Turner Connected Airline and Connected Flight Deck are two of the latest phrases regularly being voiced by the airline industry,
More informationFederal GIS Conference February 10 11, 2014 Washington DC. ArcGIS for Aviation. David Wickliffe
Federal GIS Conference 2014 February 10 11, 2014 Washington DC ArcGIS for Aviation David Wickliffe What is ArcGIS for Aviation? Part of a complete system for managing data, products, workflows, and quality
More informationTable of Contents 2015 Mobile Experts LLC. All Rights Reserved. 1
Table of Contents 2015 Mobile Experts LLC. All Rights Reserved. 1 List of Figures... 5 List of Tables... 8 Executive Summary... 9 Synopsis of C-RAN Developments in the Past Year (2014)... 13 Drivers of
More informationUpdate on the Thameslink programme
A picture of the National Audit Office logo Report by the Comptroller and Auditor General Department for Transport Update on the Thameslink programme HC 413 SESSION 2017 2019 23 NOVEMBER 2017 4 Key facts
More informationUM1868. The BlueNRG and BlueNRG-MS information register (IFR) User manual. Introduction
User manual The BlueNRG and BlueNRG-MS information register (IFR) Introduction This user manual describes the information register (IFR) of the BlueNRG and BlueNRG-MS devices and provides related programming
More informationSix Must Have Capabilities to Improve the Passenger Experience
Six Must Have Capabilities to Improve the Passenger Experience Introduction At their worst, airports, both large and small, are noisy, crowded and stressful. As global air traic continues to grow the International
More informationICAO Regional FAL Seminar Paris, France October 2014 Annex 9: Compliance Issues
ICAO Regional FAL Seminar Paris, France 13-16 October 2014 Annex 9: Compliance Issues 14 October 2014 ANNEX 9 COMPLIANCE ISSUES: OVERVIEW 1. INTRODUCTION 2. OBLIGATIONS UNDER CHICAGO CONVENTION 3. ASSEMBLY
More informationWhat s New in VAX VacationAccess? VAX VacationAccess December 8, 2011 Enhancements Reference Guide
? VAX VacationAccess December 8, 2011 Enhancements Reference Guide Intentionally left blank January 2013 VAX VacationAccess Page 2 Version Date: December 8, 2011 Introduction At VAX VacationAccess, we
More informationTivoli/Plus for ADSM 1.0
Tivoli/Plus for ADSM 1.0 8 Tivoli/Plus for??? Release Notes Tivoli/Plus for ADSM 1.0 System Requirements The Tivoli/Plus for ADSM module provides management of the ADSM version 1.2 server application and
More informationWishlist Auto Registration Manual
Wishlist Auto Registration Manual Table of Contents Use the quick navigation links below to navigate through the manual: Introduction to Wishlist Auto Registration Complete Activation Process Summary in
More informationDeutscher Wetterdienst
Scalability and Performance of COSMO-Model 5.1 on Cray XC30 Ulrich Schättler Source Code Administrator COSMO-Model Contents è Old Scalability Results è Latest Changes è Scalability Tests with COSMO-DE65
More information2017 Digital Grid Customer Summit Session Abstracts
2017 Digital Grid Customer Summit Session Abstracts April 3-7, 2017 PTI PSC/EBA Breakout Session April 4, 2017 Summit Day 2 State of the Utility: How to Embrace Distributed Energy Resources (DER) Market
More informationThe Fly In/Fly-Out Guide
Contents A. Before Leaving Home... 1 B. Suncor s alcohol and drug policy... 3 C. Medical/special needs... 3 D. Arriving at the Airport... 3 E. Check-in and boarding... 4 F. Safety and security... 4 G.
More informationE-RECORDS. Heading towards a Paperless operation SWARAN SIDHU - HEAD OF FLEET TECHNICAL MANAGEMENT
Heading towards a SWARAN SIDHU - HEAD OF FLEET TECHNICAL MANAGEMENT something about us Ambition > What we do: We are low-cost European point-to-point short-haul airline. > Where we do it: Intra-European
More informationSIMAIR: A STOCHASTIC MODEL OF AIRLINE OPERATIONS
SIMAIR: A STOCHASTIC MODEL OF AIRLINE OPERATIONS Jay M. Rosenberger Andrew J. Schaefer David Goldsman Ellis L. Johnson Anton J. Kleywegt George L. Nemhauser School of Industrial and Systems Engineering
More informationAir Traffic Management
Air Traffic Management Transforming Air Traffic Management T rans f orming A ir Today s airspace users are grappling with the air traffic control system s inability to manage an ever-growing amount of
More informationPrice-Setting Auctions for Airport Slot Allocation: a Multi-Airport Case Study
Price-Setting Auctions for Airport Slot Allocation: a Multi-Airport Case Study An Agent-Based Computational Economics Approach to Strategic Slot Allocation SESAR Innovation Days Bologna, 2 nd December
More information