Repeatable DCO Platforms (Built in Partnership with ARCYBER)

A presentation at AUSA Conference 2017 in October 2017 in Washington, DC, USA by Shawn Wells

REPEATABLE DCO PLATFORMS Built in partnership with ARCYBER Shawn Wells Chief Security Strategist U.S. Public Sector shawn@redhat.com || 443-534-0130

NDA REQUIRED | JIM TYRRELL

RELEASES PER YEAR 1/day 1/hour

DCO Challenge: ARCYBER requires dozens of applications for DCO mission. Applications require complicated collaboration during installation and integration every time they are deployed. 10

DCO Challenge: Many CPTs have different requirements. They also use different languages, databases, and tools. 11

DCO Challenge: To deploy, manage, configure DCO tools takes: - People, - Expertise, - and the right systems, infrastructure, and architecture. This costs time. 12

DCO Challenge: Waterfall and Silos 13

Goals 14

A Solution Adopting a container strategy allows applications to be easily shared and deployed. 15

WHAT ARE CONTAINERS? It Depends Who You Ask INFRASTRUCTURE 16 APPLICATIONS ● Sandboxed application processes on a shared Linux OS kernel ● Package my application and all of its dependencies ● Simpler, lighter, and denser than virtual machines ● Deploy to any environment in seconds and enable CI/CD ● Portable across different environments ● Easily access and share containerized components

LOAD APPLICATIONS AT THE FACTORY, NOT THE DOCK 17

A SOLUTION Container App Operating System Controlled by IT Operations Virtual Machine Hardware 18 Controlled by Developers

19 Everything as code Application monitoring Automate everything Rapid feedback Continuous Integration/Delivery Rebuild vs. Repair Application is always “releaseable” Delivery pipeline

$ docker build -t app:v1 . 20

$ docker build -t app:v1 . $ docker run app:v1 21

physical virtual private cloud public cloud 22

TOOL FACTORY WITH CONTAINERS physical virtual private cloud dev source repository CI/CD engine container public cloud 23

? 24

? 25

WE NEED MORE THAN JUST CONTAINERS 26 Scheduling Security Decide where to deploy containers Control who can do what Lifecycle and health Scaling Keep containers running despite failures Scale containers up and down Discovery Persistence Find other containers on the network Survive data beyond container lifecycle Monitoring Aggregation Visibility into running containers Compose apps from multiple containers

Kubernetes is an open-source system for automating deployment, operations, and scaling of containerized applications across multiple hosts kubernetes 27

kubernetes 28

INDUSTRY CONVERGING ON KUBERNETES 29

DCO PLATFORM WITH CONTAINERS AND KUBERNETES NETWORK Not enough! Need networking 30

DCO PLATFORM WITH CONTAINERS AND KUBERNETES IMAGE REGISTRY NETWORK Not enough! Need an image registry 31

DCO PLATFORM WITH CONTAINERS AND KUBERNETES heapster IMAGE REGISTRY METRICS AND LOGGING NETWORK Not enough! Need metrics and logging 32

DCO PLATFORM WITH CONTAINERS AND KUBERNETES APP LIFECYCLE MGMT IMAGE REGISTRY METRICS AND LOGGING NETWORK Not enough! Need application lifecycle management 33

DCO PLATFORM WITH CONTAINERS AND KUBERNETES APP SERVICES APP LIFECYCLE MGMT IMAGE REGISTRY METRICS AND LOGGING NETWORK Not enough! Need application services e.g. database and messaging 34

DCO PLATFORM WITH CONTAINERS AND KUBERNETES SELF-SERVICE APP SERVICES IMAGE REGISTRY APP LIFECYCLE MGMT METRICS AND LOGGING NETWORK Not enough! Need self-service portal 35

Container application platform based on Docker and Kubernetes for building, distributing and running containers at scale 36

REMEMBER THIS? DESIGN BUILD SECURITY CHECKLIST ADAPT Security policy, process & procedures RUN MANAGE 37

OpenShift for Government Accreditations & Standards OCTOBER 2016 DECEMBER 2016 MARCH 2017 JUNE 2017 38 RHEL7 COMMON CRITERIA - EAL4+ - Container Framework - Secure Multi-tenancy RHEL7 FIPS 140-2 CERTIFIED - Data at Rest - Data in Transport INDUSTRY FIRST: NIST CERTIFIED CONFIGURATION AND VULNERABILITY SCANNER FOR CONTAINER OPENSHIFT BLUEPRINT FOR AZURE (FedRAMP MODERATE)

WHY OPEN SOURCE?

OPEN SOURCE DEVELOPMENT DRIVES RAPID INNOVATION

OPEN SOURCE ADOPTION…SOARING 78% of enterprises run open source. 65% of companies are contributing to open software. [1] Black Duck Software, 9th Annual Future of Open Source survey, 2015. www.blackducksoftware.com/2015-future-of-open-source [2] Black Duck Software, 10th Annual Future of Open Source survey, 2016. www.blackducksoftware.com/2016-future-of-open-source [2] [1]

OPEN SOURCE CULTURE Collaboration * Transparency (both access and the ability to act) 42 Shared problems are solved faster Working together creates standardization

THANK YOU plus.google.com/+RedHat facebook.com/redhatinc linkedin.com/company/red-hat twitter.com/RedHatNews youtube.com/user/RedHatVideos

Contact Info LinkedIn: https://www.linkedin.com/in/shawndwells/ EMail: shawn@redhat.com Cell: 443-534-0130 (US EST) Blog: https://shawnwells.io

Shawn Wells
@shawndwells

1 / 45

This session detailed the OpenShift-based Cyber DCO platform which was built with ARCYBER at Fort Gordon.