%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
1. VSHN - The DevOps Company
Docker, Kubernetes,
OpenShift: IT Governance
and Security Architectures
Aarno Aukia, CTO @ VSHN - The DevOps Company
DevSecOps Forum 12.3.2019
2. VSHN - The DevOps Company
● Who is Aarno and VSHN - The DevOps Company ?
● IT governance past and present
● Standardization on the Ops and Infra levels
● Technical controls on Ops level
● Financial controlling on Ops level
22
Agenda
3. VSHN - The DevOps Company
@aarnoaukia http://about.me/aarno aarno.aukia@vshn.ch
ETH → Google → Atrila → VSHN
VSHN - The DevOps Company
Since 2014, currently 35 VSHNeers in Zürich, Switzerland
Helping Developers run applications on any infrastructure making both visitors
happy with stability and developers happy with agility
33
About Aarno & VSHN.ch
4. VSHN - The DevOps Company 4
Operations = Firefighting-as-a-Service ?
4
5. VSHN - The DevOps Company
Capability Maturity Model Integration (CMMI)
55
Stand des
Applikations-
Betriebs 2014
Wie kommen wir
auf diese Stufe?
6. VSHN - The DevOps Company
DevOps: CMMI Level 5:
People, Processes & Tools
66
7. VSHN - The DevOps Company
DevOps + Security Engineering = DevSecOps
77
8. VSHN - The DevOps Company
● “Full Stack Audit”
● Review design document
● Every layer was custom built
○ physical hardware
○ handcrafted servers
○ manual application deployment
● Review each layer
● Review each layer again next year...
88
Traditional IT governance
9. VSHN - The DevOps Company
● Standardized components
○ already audited, some even externally certified
○ re-used, economies of scale, CMMI level 5
○ tech controls (AAI, RBAC, logs/SIEM) implemented once
○ financial controls implemented once
● Infrastructure: private/public cloud
● Ops: Container orchestration platform
● Review design document & platform
configuration
99
Cloud native IT governance
10. VSHN - The DevOps Company
● Red Hat OpenShift
● Rancher RKE
● Canonical
● Docker Datacenter Enterprise
● IBM cloud private
● EKS, AKS, GKE
● APPUiO.ch
See also https://thenewstack.io/find-perfect-kubernetes-distribution/
1010
Kubernetes Distributions
11. VSHN - The DevOps Company
Docker
Kubernetes
1111
Layers of abstraction
Hardware
Operating System
Service discovery & Load
balancing
Application Server
Application
Cloud/Onprem
12. VSHN - The DevOps Company
● Free & open standard
● Adopted by all major vendors (Google, AWS, MS, Redhat, Suse, IBM, etc)
● available as managed service both on-premises and (private) cloud based
● Provides integration in infrastructure (compute, storage, networking)
● Provides optional integration in plattform (e.g. DBaaS, S3) services
● Infrastructure as code, automation, tools for DevOps processes
● Large ecosystem of auxiliary tooling & integration available
● Is being adopted as standard runtime by ISVs (Avaloq, Finnova, Abacus,
Adcubum, Ergon, etc)
1212
Benefits of Kubernetes as abstraction
13. VSHN - The DevOps Company
● prevent configuration drift
○ immutable (application) infrastructure using containers
○ deploy dev/test/stage/prod envs from CI/CD
● prevent manual errors
○ validate configuration in CI/CD before deployment
○ standardization on (minimal, hardened) OS and container orchestrator
○ deployment automation removes need for (most) root prod access
● security by default
○ image scanning, dependency vulnerability management
○ process/storage/network separation of applications/environments
○ volumes & ingresspoints best practice (documentation, monitoring, backup, SSL/TLS/WAF)
○ AAI for admin & application, audit trail logging of CI/CD, control & application planes
○ key & secrets management
● 1313
IT governance controls in container platforms
14. VSHN - The DevOps Company
● compute resources billable by project
● self-service-onboarding possible
● autoscaling, scale-down dev envs outside office hours
● vendor procurement/due diligence/certification management
● SLA, 24x7, service process, escalation management clearly defined
1414
IT governance financial/compliance controlling
15. Come visit us for a coffee!
VSHN AG - Neugasse 10 - CH-8005 Zürich - +41 44 545 53 00 - https://vshn.ch/ - info@vshn.ch
https://vshn.ch/kontakt/
Follow us on Twitter!
@vshn_ch
15