Replication Job Services Notary client Remote Harbor Instance Notary Registry V2 Vulnerability Scanning Admin Service 基于角色的访问控制 18 项目 Project 成员 Members 镜像 Images Guest: Kubernetes on BOSH (Kubo) BOSH NSX Analytics Automation Security Operations Monitoring GCP Service Broker etcd worker Logging vSAN vSphere etcd worker Container

signing and validation − Identity integration and role-based access control − Security and vulnerability analysis − Image replication between instances − Internationalization (currently English and Architecture 13 13 API Routing Core Service (API/Auth/GUI) Image Registry Trusted Content Vulnerability Scanning Job Service Admin Service Harbor components 3rd party components SQL Database Key/Value Image is pulled using digest • Perform vulnerability scanning – Prevent images with vulnerabilities from being pulled – Regular scanning based on updated vulnerability database 23 Content trust for image

– RBAC: admin, developer, guest – AD/LDAP integration • Policy based image replication • Vulnerability Scanning • Notary • Web UI • Audit and logs • Restful API for integration • Lightweight and Replication Job Services Notary client Remote Harbor Instance Notary Registry V2 Vulnerability Scanning Admin Service Harbor users and partners (selected) 12 Image replication (synchronization) Image is pulled using digest • Perform vulnerability scanning – Prevent images with vulnerabilities from being pulled – Regular scanning based on updated vulnerability database 21 Content trust for image

Harbor���� 6 x x Agenda 7 Confidential � ©2018 VMware, Inc. • Isolation • Access Control • Vulnerability • Content Trust • Replication • Control Policy SECURITY DISTRIBUTION RELIABILITY DEPLOYMENT ������������� Harbor�� API Routing Core Service (API/Auth/GUI) Image Registry Trusted Content Vulnerability Scanning Job Service Admin Service Harbor components 3rd party components SQL Database 12 Confidential � ©2018 VMware, Inc. SECURITY Isolation Access control Content Trust Vulnerability Scanning ���� NS �� ���� �� • ���������NS • ��������� • ������� • �������� ���� ����

Harbor���� 6 x x Agenda 7 Confidential � ©2018 VMware, Inc. • Isolation • Access Control • Vulnerability • Content Trust • Replication • Control Policy SECURITY DISTRIBUTION RELIABILITY DEPLOYMENT ������������� Harbor�� API Routing Core Service (API/Auth/GUI) Image Registry Trusted Content Vulnerability Scanning Job Service Admin Service Harbor components 3rd party components SQL Database 12 Confidential � ©2018 VMware, Inc. SECURITY Isolation Access control Content Trust Vulnerability Scanning ���� NS �� ���� �� • ���������NS • ��������� • ������� • �������� ���� ����

audit Distribution Policy • Based on content trust • Based on vulnerability • Based on RBAC Main Features （ Cont. ） 7 Vulnerability Scanning • Kinds of scanning policies • Elaborate scanning report Architecture API Routing API Routing Core Service (API/Auth/GUI) Image Registry Trusted Content Vulnerability Scanning Job Service Admin Service Harbor components 3rd party components SQL Database

tags No Yes The Complexity of Replication Job •The complexity adds up in these aspects: • Monitoring (logging) • Error handling • Arbitrary exit • Graceful retry • Auto recovery •Really messy in transition handlers Demo Results •Small code base •Straightforward logic •Reliable operations •Monitoring and logging •Container image replication is very welcome by users Summary •Goroutine is great