Repeatable DCO Platforms (Built in Partnership with ARCYBER)

A presentation at AUSA Conference 2017 in October 2017 in Washington, DC, USA by Shawn Wells

Slide 1

Slide 1

Slide 2

Slide 2

REPEATABLE DCO PLATFORMS Built in partnership with ARCYBER Shawn Wells Chief Security Strategist U.S. Public Sector shawn@redhat.com || 443-534-0130

Slide 3

Slide 3

NDA REQUIRED | JIM TYRRELL

Slide 4

Slide 4

Slide 5

Slide 5

Slide 6

Slide 6

Slide 7

Slide 7

Slide 8

Slide 8

Slide 9

Slide 9

RELEASES PER YEAR 1/day 1/hour

Slide 10

Slide 10

DCO Challenge: ARCYBER requires dozens of applications for DCO mission. Applications require complicated collaboration during installation and integration every time they are deployed. 10

Slide 11

Slide 11

DCO Challenge: Many CPTs have different requirements. They also use different languages, databases, and tools. 11

Slide 12

Slide 12

DCO Challenge: To deploy, manage, configure DCO tools takes: - People, - Expertise, - and the right systems, infrastructure, and architecture. This costs time. 12

Slide 13

Slide 13

DCO Challenge: Waterfall and Silos 13

Slide 14

Slide 14

Goals 14

Slide 15

Slide 15

A Solution Adopting a container strategy allows applications to be easily shared and deployed. 15

Slide 16

Slide 16

WHAT ARE CONTAINERS? It Depends Who You Ask INFRASTRUCTURE 16 APPLICATIONS ● Sandboxed application processes on a shared Linux OS kernel ● Package my application and all of its dependencies ● Simpler, lighter, and denser than virtual machines ● Deploy to any environment in seconds and enable CI/CD ● Portable across different environments ● Easily access and share containerized components

Slide 17

Slide 17

LOAD APPLICATIONS AT THE FACTORY, NOT THE DOCK 17

Slide 18

Slide 18

A SOLUTION Container App Operating System Controlled by IT Operations Virtual Machine Hardware 18 Controlled by Developers

Slide 19

Slide 19

19 Everything as code Application monitoring Automate everything Rapid feedback Continuous Integration/Delivery Rebuild vs. Repair Application is always “releaseable” Delivery pipeline

Slide 20

Slide 20

$ docker build -t app:v1 . 20

Slide 21

Slide 21

$ docker build -t app:v1 . $ docker run app:v1 21

Slide 22

Slide 22

physical virtual private cloud public cloud 22

Slide 23

Slide 23

TOOL FACTORY WITH CONTAINERS physical virtual private cloud dev source repository CI/CD engine container public cloud 23

Slide 24

Slide 24

? 24

Slide 25

Slide 25

? 25

Slide 26

Slide 26

WE NEED MORE THAN JUST CONTAINERS 26 Scheduling Security Decide where to deploy containers Control who can do what Lifecycle and health Scaling Keep containers running despite failures Scale containers up and down Discovery Persistence Find other containers on the network Survive data beyond container lifecycle Monitoring Aggregation Visibility into running containers Compose apps from multiple containers

Slide 27

Slide 27

Kubernetes is an open-source system for automating deployment, operations, and scaling of containerized applications across multiple hosts kubernetes 27

Slide 28

Slide 28

kubernetes 28

Slide 29

Slide 29

INDUSTRY CONVERGING ON KUBERNETES 29

Slide 30

Slide 30

DCO PLATFORM WITH CONTAINERS AND KUBERNETES NETWORK Not enough! Need networking 30

Slide 31

Slide 31

DCO PLATFORM WITH CONTAINERS AND KUBERNETES IMAGE REGISTRY NETWORK Not enough! Need an image registry 31

Slide 32

Slide 32

DCO PLATFORM WITH CONTAINERS AND KUBERNETES heapster IMAGE REGISTRY METRICS AND LOGGING NETWORK Not enough! Need metrics and logging 32

Slide 33

Slide 33

DCO PLATFORM WITH CONTAINERS AND KUBERNETES APP LIFECYCLE MGMT IMAGE REGISTRY METRICS AND LOGGING NETWORK Not enough! Need application lifecycle management 33

Slide 34

Slide 34

DCO PLATFORM WITH CONTAINERS AND KUBERNETES APP SERVICES APP LIFECYCLE MGMT IMAGE REGISTRY METRICS AND LOGGING NETWORK Not enough! Need application services e.g. database and messaging 34

Slide 35

Slide 35

DCO PLATFORM WITH CONTAINERS AND KUBERNETES SELF-SERVICE APP SERVICES IMAGE REGISTRY APP LIFECYCLE MGMT METRICS AND LOGGING NETWORK Not enough! Need self-service portal 35

Slide 36

Slide 36

Container application platform based on Docker and Kubernetes for building, distributing and running containers at scale 36

Slide 37

Slide 37

REMEMBER THIS? DESIGN BUILD SECURITY CHECKLIST ADAPT Security policy, process & procedures RUN MANAGE 37

Slide 38

Slide 38

OpenShift for Government Accreditations & Standards OCTOBER 2016 DECEMBER 2016 MARCH 2017 JUNE 2017 38 RHEL7 COMMON CRITERIA - EAL4+ - Container Framework - Secure Multi-tenancy RHEL7 FIPS 140-2 CERTIFIED - Data at Rest - Data in Transport INDUSTRY FIRST: NIST CERTIFIED CONFIGURATION AND VULNERABILITY SCANNER FOR CONTAINER OPENSHIFT BLUEPRINT FOR AZURE (FedRAMP MODERATE)

Slide 39

Slide 39

WHY OPEN SOURCE?

Slide 40

Slide 40

OPEN SOURCE DEVELOPMENT DRIVES RAPID INNOVATION

Slide 41

Slide 41

OPEN SOURCE ADOPTION…SOARING 78% of enterprises run open source. 65% of companies are contributing to open software. [1] Black Duck Software, 9th Annual Future of Open Source survey, 2015. www.blackducksoftware.com/2015-future-of-open-source [2] Black Duck Software, 10th Annual Future of Open Source survey, 2016. www.blackducksoftware.com/2016-future-of-open-source [2] [1]

Slide 42

Slide 42

OPEN SOURCE CULTURE Collaboration * Transparency (both access and the ability to act) 42 Shared problems are solved faster Working together creates standardization

Slide 43

Slide 43

Slide 44

Slide 44

THANK YOU plus.google.com/+RedHat facebook.com/redhatinc linkedin.com/company/red-hat twitter.com/RedHatNews youtube.com/user/RedHatVideos

Slide 45

Slide 45

Contact Info LinkedIn: https://www.linkedin.com/in/shawndwells/ EMail: shawn@redhat.com Cell: 443-534-0130 (US EST) Blog: https://shawnwells.io