Consistency 4 Image Security 5 Image Distribution 6 Registry Robustness / High Availability 4 Agenda 1 Containers 101 2 Introduction to Harbor 3 Image Consistency 4 Image Security 5 Image Distribution Containers and Images Agenda 1 Containers 101 2 Introduction to Harbor 3 Image Consistency 4 Image Security 5 Image Distribution 6 Registry Robustness / High Availability 8 • Created by VMware in 2014 Multi-tenant content signing and validation − Identity integration and role-based access control − Security and vulnerability analysis − Image replication between instances − Internationalization (currently

Consistency of Images 4 Security 5 Image Distribution 6 High Availability of Registry Agenda 1 Container Image Basics 2 Project Harbor Introduction 3 Consistency of Images 4 Security 5 Image Distribution Images Agenda 1 Container Image Basics 2 Project Harbor Introduction 3 Consistency of Images 4 Security 5 Image Distribution 6 High Availability of Registry Project Harbor • An open source enterprise-class deletion) Agenda 1 Container Image Basics 2 Project Harbor Introduction 3 Consistency of Images 4 Security 5 Image Distribution 6 High Availability of Registry Consistency of Container Images • Container

image Image Management through Pipeline Distributions Multiple teams Multiple roles Availability Security Multiple Platforms goharbor.io � VMware �� ������, ������ �������� ���:VIC�PKS GitHub Repo: Isolation • Access Control • Vulnerability • Content Trust • Replication • Control Policy SECURITY DISTRIBUTION RELIABILITY DEPLOYMENT OVERVIEW • HA Supporting • Helm Chart Repo • Deployments services Harbor Packaging Docker Kubernetes Cloud Foundry 12 Confidential � ©2018 VMware, Inc. SECURITY Isolation Access control Content Trust Vulnerability Scanning ���� NS �� ���� �� • ���������NS

image Image Management through Pipeline Distributions Multiple teams Multiple roles Availability Security Multiple Platforms goharbor.io � VMware �� ������, ������ �������� ���:VIC�PKS GitHub Repo: Isolation • Access Control • Vulnerability • Content Trust • Replication • Control Policy SECURITY DISTRIBUTION RELIABILITY DEPLOYMENT OVERVIEW • HA Supporting • Helm Chart Repo • Deployments services Harbor Packaging Docker Kubernetes Cloud Foundry 12 Confidential � ©2018 VMware, Inc. SECURITY Isolation Access control Content Trust Vulnerability Scanning ���� NS �� ���� �� • ���������NS

• 漏洞扫描是对镜像的文件做静态分析 (Clair) • 漏洞数据来源 - Debian Security Bug Tracker - Ubuntu CVE Tracker - Red Hat Security Data - Oracle Linux Security Data - Alpine SecDB 控制策略 21 • 设置自动扫描：上传即扫描 Infrastructure Kubernetes on BOSH (Kubo) BOSH NSX Analytics Automation Security Operations Monitoring GCP Service Broker etcd worker Logging vSAN vSphere

Enterprise-Class Private Registry Why does one need a private registry? • Efficiency • LAN vs WAN • Security • Intellectual property stays in organization • Access Control 13 Enterprise Oriented Features