Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

2017-10-10 AUSA 2017: Repeatable DCO Platforms

113 vues

Publié le

Presented at AUSA 2017

  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

2017-10-10 AUSA 2017: Repeatable DCO Platforms

  1. 1. REPEATABLE DCO PLATFORMS Built in partnership with ARCYBER Shawn Wells Chief Security Strategist U.S. Public Sector shawn@redhat.com || 443-534-0130
  2. 2. NDA REQUIRED | JIM TYRRELL
  3. 3. 1/day RELEASES PER YEAR 1/hour
  4. 4. DCO Challenge: ARCYBER requires dozens of applications for DCO mission. Applications require complicated collaboration during installation and integration every time they are deployed. 10
  5. 5. DCO Challenge: Many CPTs have different requirements. They also use different languages, databases, and tools. 11
  6. 6. DCO Challenge: To deploy, manage, configure DCO tools takes: - People, - Expertise, - and the right systems, infrastructure, and architecture. This costs time. 12
  7. 7. DCO Challenge: Waterfall and Silos 13
  8. 8. Goals 14
  9. 9. A Solution Adopting a container strategy allows applications to be easily shared and deployed. 15
  10. 10. 16 WHAT ARE CONTAINERS? It Depends Who You Ask ● Sandboxed application processes on a shared Linux OS kernel ● Simpler, lighter, and denser than virtual machines ● Portable across different environments ● Package my application and all of its dependencies ● Deploy to any environment in seconds and enable CI/CD ● Easily access and share containerized components INFRASTRUCTURE APPLICATIONS
  11. 11. 17 LOAD APPLICATIONS AT THE FACTORY, NOT THE DOCK
  12. 12. A SOLUTION Hardware Virtual Machine Operating System Container App Controlled by Developers Controlled by IT Operations 18
  13. 13. Everything as code Automate everything Application is always “releaseable” Continuous Integration/Delivery Application monitoring Rapid feedback Delivery pipeline Rebuild vs. Repair 19
  14. 14. $ docker build -t app:v1 . 20
  15. 15. $ docker build -t app:v1 . $ docker run app:v1 21
  16. 16. physical virtual private cloud public cloud 22
  17. 17. 23 TOOL FACTORY WITH CONTAINERS source repository CI/CD engine dev container physical virtual private cloud public cloud
  18. 18. ? 24
  19. 19. ? 25
  20. 20. Scheduling Decide where to deploy containers 26 WE NEED MORE THAN JUST CONTAINERS Lifecycle and health Keep containers running despite failures Discovery Find other containers on the network Monitoring Visibility into running containers Security Control who can do what Scaling Scale containers up and down Persistence Survive data beyond container lifecycle Aggregation Compose apps from multiple containers
  21. 21. Kubernetes is an open-source system for automating deployment, operations, and scaling of containerized applications across multiple hosts kubernetes 27
  22. 22. kubernetes 28
  23. 23. INDUSTRY CONVERGING ON KUBERNETES 29
  24. 24. DCO PLATFORM WITH CONTAINERS AND KUBERNETES NETWORK Not enough! Need networking 30
  25. 25. DCO PLATFORM WITH CONTAINERS AND KUBERNETES IMAGE REGISTRY NETWORK Not enough! Need an image registry 31
  26. 26. DCO PLATFORM WITH CONTAINERS AND KUBERNETES IMAGE REGISTRY METRICS AND LOGGING NETWORK heapster Not enough! Need metrics and logging 32
  27. 27. DCO PLATFORM WITH CONTAINERS AND KUBERNETES IMAGE REGISTRY Not enough! Need application lifecycle management APP LIFECYCLE MGMT METRICS AND LOGGING NETWORK 33
  28. 28. DCO PLATFORM WITH CONTAINERS AND KUBERNETES IMAGE REGISTRY Not enough! Need application services e.g. database and messaging APP SERVICES APP LIFECYCLE MGMT METRICS AND LOGGING NETWORK 34
  29. 29. DCO PLATFORM WITH CONTAINERS AND KUBERNETES IMAGE REGISTRY Not enough! Need self-service portal SELF-SERVICE APP SERVICES APP LIFECYCLE MGMT METRICS AND LOGGING NETWORK 35
  30. 30. Container application platform based on Docker and Kubernetes for building, distributing and running containers at scale 36
  31. 31. 37 Security policy, process & procedures DESIGN BUILD RUN MANAGE ADAPT SECURITY CHECKLIST REMEMBER THIS?
  32. 32. 38 OpenShift for Government Accreditations & Standards RHEL7 COMMON CRITERIA - EAL4+ - Container Framework - Secure Multi-tenancy RHEL7 FIPS 140-2 CERTIFIED - Data at Rest - Data in Transport OPENSHIFT BLUEPRINT FOR AZURE (FedRAMP MODERATE) OCTOBER 2016 DECEMBER 2016 JUNE 2017 INDUSTRY FIRST: NIST CERTIFIED CONFIGURATION AND VULNERABILITY SCANNER FOR CONTAINER MARCH 2017
  33. 33. WHY OPEN SOURCE?
  34. 34. OPEN SOURCE DEVELOPMENT DRIVES RAPID INNOVATION
  35. 35. OPEN SOURCE ADOPTION...SOARING 78% 65% of enterprises run open source. of companies are contributing to open software. [1] Black Duck Software, 9th Annual Future of Open Source survey, 2015. www.blackducksoftware.com/2015-future-of-open-source [2] Black Duck Software, 10th Annual Future of Open Source survey, 2016. www.blackducksoftware.com/2016-future-of-open-source [2] [1]
  36. 36. 42 OPEN SOURCE CULTURE Collaboration Transparency (both access and the ability to act) Shared problems are solved faster Working together creates standardization *
  37. 37. plus.google.com/+RedHat linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHatNews THANK YOU
  38. 38. Contact Info LinkedIn: https://www.linkedin.com/in/shawndwells/ EMail: shawn@redhat.com Cell: 443-534-0130 (US EST) Blog: https://shawnwells.io

×