Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

IT Governance and Security Architecture in Docker, Kubernetes, OpenShift

152 Aufrufe

Veröffentlicht am

Talk at the 3rd Swiss DevSecOps Forum Mar 13th 2019

Veröffentlicht in: Software
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

IT Governance and Security Architecture in Docker, Kubernetes, OpenShift

  1. 1. VSHN - The DevOps Company Docker, Kubernetes, OpenShift: IT Governance and Security Architectures Aarno Aukia, CTO @ VSHN - The DevOps Company DevSecOps Forum 12.3.2019
  2. 2. VSHN - The DevOps Company ● Who is Aarno and VSHN - The DevOps Company ? ● IT governance past and present ● Standardization on the Ops and Infra levels ● Technical controls on Ops level ● Financial controlling on Ops level 22 Agenda
  3. 3. VSHN - The DevOps Company @aarnoaukia http://about.me/aarno aarno.aukia@vshn.ch ETH → Google → Atrila → VSHN VSHN - The DevOps Company Since 2014, currently 35 VSHNeers in Zürich, Switzerland Helping Developers run applications on any infrastructure making both visitors happy with stability and developers happy with agility 33 About Aarno & VSHN.ch
  4. 4. VSHN - The DevOps Company 4 Operations = Firefighting-as-a-Service ? 4
  5. 5. VSHN - The DevOps Company Capability Maturity Model Integration (CMMI) 55 Stand des Applikations- Betriebs 2014 Wie kommen wir auf diese Stufe?
  6. 6. VSHN - The DevOps Company DevOps: CMMI Level 5: People, Processes & Tools 66
  7. 7. VSHN - The DevOps Company DevOps + Security Engineering = DevSecOps 77
  8. 8. VSHN - The DevOps Company ● “Full Stack Audit” ● Review design document ● Every layer was custom built ○ physical hardware ○ handcrafted servers ○ manual application deployment ● Review each layer ● Review each layer again next year... 88 Traditional IT governance
  9. 9. VSHN - The DevOps Company ● Standardized components ○ already audited, some even externally certified ○ re-used, economies of scale, CMMI level 5 ○ tech controls (AAI, RBAC, logs/SIEM) implemented once ○ financial controls implemented once ● Infrastructure: private/public cloud ● Ops: Container orchestration platform ● Review design document & platform configuration 99 Cloud native IT governance
  10. 10. VSHN - The DevOps Company ● Red Hat OpenShift ● Rancher RKE ● Canonical ● Docker Datacenter Enterprise ● IBM cloud private ● EKS, AKS, GKE ● APPUiO.ch See also https://thenewstack.io/find-perfect-kubernetes-distribution/ 1010 Kubernetes Distributions
  11. 11. VSHN - The DevOps Company Docker Kubernetes 1111 Layers of abstraction Hardware Operating System Service discovery & Load balancing Application Server Application Cloud/Onprem
  12. 12. VSHN - The DevOps Company ● Free & open standard ● Adopted by all major vendors (Google, AWS, MS, Redhat, Suse, IBM, etc) ● available as managed service both on-premises and (private) cloud based ● Provides integration in infrastructure (compute, storage, networking) ● Provides optional integration in plattform (e.g. DBaaS, S3) services ● Infrastructure as code, automation, tools for DevOps processes ● Large ecosystem of auxiliary tooling & integration available ● Is being adopted as standard runtime by ISVs (Avaloq, Finnova, Abacus, Adcubum, Ergon, etc) 1212 Benefits of Kubernetes as abstraction
  13. 13. VSHN - The DevOps Company ● prevent configuration drift ○ immutable (application) infrastructure using containers ○ deploy dev/test/stage/prod envs from CI/CD ● prevent manual errors ○ validate configuration in CI/CD before deployment ○ standardization on (minimal, hardened) OS and container orchestrator ○ deployment automation removes need for (most) root prod access ● security by default ○ image scanning, dependency vulnerability management ○ process/storage/network separation of applications/environments ○ volumes & ingresspoints best practice (documentation, monitoring, backup, SSL/TLS/WAF) ○ AAI for admin & application, audit trail logging of CI/CD, control & application planes ○ key & secrets management ● 1313 IT governance controls in container platforms
  14. 14. VSHN - The DevOps Company ● compute resources billable by project ● self-service-onboarding possible ● autoscaling, scale-down dev envs outside office hours ● vendor procurement/due diligence/certification management ● SLA, 24x7, service process, escalation management clearly defined 1414 IT governance financial/compliance controlling
  15. 15. Come visit us for a coffee! VSHN AG - Neugasse 10 - CH-8005 Zürich - +41 44 545 53 00 - https://vshn.ch/ - info@vshn.ch https://vshn.ch/kontakt/ Follow us on Twitter! @vshn_ch 15

×