'Belgian e-government's journey to PaaS': InfoSecurity.be presentation by Smals on 15/06/2016 in Brussels Expo. Jef Verelst of Smals is sharing lessons learned about the use of Platform-as-a-Service based on RedHat OpenShift v3 and Docker for e-government services in Belgium, including a community cloud of G-Cloud. For more information also see: www.gcloud.belgium.be
Hinjewadi * VIP Call Girls Pune | Whatsapp No 8005736733 VIP Escorts Service ...
Jef Verelst - Smals Open to a shift - Infosecurity.be
1. SMALS : Open to a Shift
Belgian e-government’s journey to PaaS
15/06/2016
1
2. About Smals – “ICT for society”
In-house ICT for the Belgian government
Shared services for public institutions
• software development
• infrastructure & 24x7 operations
• staffing
Cost-sharing not-for-profit model
• technical standards
• economies of scale
• code re-use
• flexible provisioning
• develop & retain expertise
2
3. About Smals – Our history
Focus on social security services & health care
• birth & child allowance
• unemployment allowance
• mutual health insurance
• income guarantee
• paid vacation leave
• pension
• …
Founded in 1939
Over 75 years of shared services
3
4. About Smals – Today
Strong pressure on government budgets !!
Very mission-critical applications
Strong privacy requirements
Increased collaboration
ICT synergy program: Community Cloud (G-Cloud)
- IaaS / PaaS / SaaS
- PaaS includes full Open Source stack
4
5. PaaS – Business challenge
In 2014 we had a traditional infrastructure based on
WebLogic 10
Need to migrate for technical reasons
So first we looked at our business
5
6. 6
In-house shared services for several institutions
Different steps needed to
get to the result
By a specialist
Performed in sequence
7. We are flexible
7
“Any customer can have a car painted any colour that
he wants as long as it is black” (Henry Ford)
8. 8
Our solution is best in class
in 1910...
Today’s customer wants fancy features :
• windscreens
• airbags
• safety belts
So we optimized the process via
custom automation
12. The need for PaaS – Conclusion
Replacing the application server was not enough
We needed a solution that is ...
– ready for change
– reliable
– cost-efficient
– on premise
... and modify our processes to use it
So we chose Openshift Enterprise v2
12
14. A mindset-shift was needed
Before After
Machine oriented Application oriented
Different environments in DEV, ACC,
PRD
Same environment + INT
Process & # tools Self contained, 100% automated
installation
Manual interventions Zero-touch deployment
1 enterprise-wide solution standard solution with room for
extension
Development team & Middleware
team & DB team & Servers team & ...
1 team to deliver the service to the
customer
15. PaaS – Core concepts
Self-contained applications
– put all information into the application
• even database changes !
– use that information during deployment
Automate as much as possible
– 95% : some security and network related stuff remained manual
work
Set up the solution with all teams involved
15
16. PaaS – Core concepts
Full traceability
– personal accounts
– not for fingerpointing !
– access to the logs based on the same security model
Standard solution with room for extension
Make it multi-tenant, even when you do it internally
16
20. Lessons learned : the tools
• Openshift v2 is a classic linux box on steroids
– fixed IPs
– clear user groups
– uses DNS for containers
• Openshift v3 is docker on steroids
– Openshift & Kubernetes compensate Docker’s lack of security
– SDN adds flexibility, but makes network isolation hard !
– routing layer instead of DNS
20
21. Lessons learned : the tools
Auto idling helps increasing your efficiency
Throw-away setups allow complex tests to be executed
earlier in the workflow
Scaled deployments simplify your life
Multiple technologies offer the same interface
Standardization is key
21
22. Lessons learned : the model
Be prepared to modify your way of working
Being a shared services provider requires more/other
features than just “being on-premise”
Security model is key
Pricing aspects become important
New product : participation between customer and vendor
– we launch requests for enhancements
– the vendor lets us review proposals
22
23. PaaS – The road ahead
We’re grouping all initiatives into a
Belgian government cloud (G-Cloud)
– complete solution : housing, bare-metal,
storage, backup, VMaaS, PaaS and SaaS
offerings
Our infra team is setting up a cloud with
Openstack
– line between IaaS and PaaS is blurring
23