Weitere ähnliche Inhalte Ähnlich wie Achieving DevSecOps Outcomes with Tanzu Advanced - Spanish (20) Mehr von VMware Tanzu (20) Kürzlich hochgeladen (20) Achieving DevSecOps Outcomes with Tanzu Advanced - Spanish1. Confidential │ ©2020 VMware, Inc.
Achieving
DevSecOps
Outcomes with Tanzu
Advanced
Raymundo Escobar
specialist Solutions Engineer Tanzu
MAPBU rcastaneda@vmware.com
@elnemesisdivina
2. Confidential │ ©2020 VMware, Inc. 2
Build or Acquire Software and the Hardware Required to Run It
The Traditional Role of IT
Applications
Infrastructure
3. Confidential │ ©2020 VMware, Inc. 3
Deliver better software to production, faster
Structured Around Critical Capabilities
Applications
Infrastructure
DEVELOPER EXPERIENCE
OPERATOR EXPERIENCE
Code and containerize
custom applications
Reduce risk with curated
build packs and services
Automate deployment of
apps into production
Enable developer self-
service with K8s across
clouds, clusters and teams
Apply enterprise
observability to drive
decisions and reduce risk
Ensure secure and reliable
communication between
services
Multi-cloud
4. Confidential │ ©2020 VMware, Inc. 4
Deliver better software to production faster with less risk
Modern Application Demands Change The Conversation
Applications
Infrastructure
LOW TOIL, LOW RISK PATH TO PRODUCTION
LOW TOIL, LOW RISK SERVICE DELIVERY
Multi-cloud
5. Confidential │ ©2020 VMware, Inc. 5
VMware Tanzu Advanced Capabilities Stack
Container Build and Deploy
Spring Runtime
VMware Tanzu Application Catalog
VMware Tanzu Build Service
VMware Tanzu SQL
Harbor
Global Control Plane
VMware Tanzu Mission Control
VMware Tanzu Observability by Wavefront
VMware Tanzu Service Mesh
Compute Runtime
Tanzu Kubernetes Grid
Fluent Bit, Fluentd
Velero
Sonobuoy
Networking and Connectivity
VMware NSX Advanced Load Balancer (LB, Ingress)
VMware Container Networking with Antrea
6. Confidential │ ©2020 VMware, Inc.
Creation (coding, sourcing, unit testing, dev local workspace)
Build/Verify (CI, build, integration testing, registry, security scanning, etc)
Deploy/Operate (CD, configuration, automation, load/stress testing)
Connect (Networking, load balancing, ingress/egress, etc.)
Observe (K8S, compute, network, storage, self-service)
Five areas of focus for DevSecOps
7. Confidential │ ©2020 VMware, Inc. 7
Observability
• Visibility across
applications, clusters based
on open standards
Connect and protect
applications
• Encrypted traffic,
security policies,
firewall
CD
Development
environment
• Tools
• Databases
• Services
• Kubernetes
CODE
CUSTOMER
Automated container
packaging
• Validated
• Reproducible builds
• Security and patching
CI
Open source aligned
Kubernetes
• Certified, conformant Kubernetes
runtime
• Cluster-API-driven lifecycle
management
Centralized management for
multiple clusters across
clouds
• Policy management, enforcement
• Identity and access management
• Backup and restore
Validated catalog of
runtimes and images
• Curated, secure, validated
OSS images
Container image registry
• Secure artifacts with policies and
role-based access
• Image scanning and
signing
DevSecOps Flow
Version
Control
9. Confidential │ ©2020 VMware, Inc. 9
DevSecOps Capabilities – Build, Run, Manage
The Right Tools, The Right Parts
Modern
businesses
operate in a
regulated world; it
is only when
internal policy,
governance and
audit teams
partner with
developers that
they can fully meet
these regulations.
10. Confidential │ ©2020 VMware, Inc. 10
DevSecOps Capabilities – Create
The Right Tools, The Right Parts
Developers should
focus on building
great software, not
achieving basic
security for well-
known
architectures.
11. Confidential │ ©2020 VMware, Inc. 11
Development
environment
• Tools
• Databases
• Services
• Kubernetes
CODE
DevSecOps Flow – Create
Version
Control Includes:
• Developer’s local development environment
• IDEs and editors
• Debugging tools
• Docker/containerd
• Application Stack
• Frameworks
• Libraries
• Middleware/Runtime
• Required shared services
• Databases and file stores
• Message/event queues
• Cloud services
• Version Control
12. Confidential │ ©2020 VMware, Inc. 12
DevSecOps Capabilities – Build/Verify
The Right Tools, The Right Parts
Bulding, testing,
and packaging
distributed
applications
requires a
trusted supply-
chain,
verification of
build integrity,
and ensuring the
immutability of
delivered
containers.
13. Confidential │ ©2020 VMware, Inc. 13
Automated container
packaging
• Validated
• Reproducible builds
• Security and patching
CI
Container image registry
• Secure artifacts with policies and
role-based access
• Image scanning and
signing
DevSecOps Flow – Build/Verify
Version
Control Includes:
• Cloud Native Build Packs
• Curated/Validated
• CVE and Bug Mitigations
• Upstream
• Automated Builds
14. Confidential │ ©2020 VMware, Inc. 14
DevSecOps Capabilities – Deploy/Operate
The Right Tools, The Right Parts
Running custom
software securely
is not the act of a
single
organization or a
single toolset.
Intrinsic security
is only achieved
by an intentional
coordination of
security concerns,
both between
dependencies and
up and down the
stack.
15. Confidential │ ©2020 VMware, Inc. 15
Container image registry
• Secure artifacts with policies and
role-based access
• Image scanning and
signing
CD
CUSTOMER
Validated catalog of
runtimes and images
• Curated, secure, validated
OSS images
DevSecOps Flow – Deploy/Operate
Open source aligned
Kubernetes
• Certified, conformant Kubernetes
runtime
• Cluster-API-driven lifecycle
management
Centralized management for
multiple clusters across
clouds
• Policy management, enforcement
• Identity and access management
• Backup and restore
16. Confidential │ ©2020 VMware, Inc. 16
DevSecOps Capabilities – Connect
The Right Tools, The Right Parts
Developers do not
want to know the
network is there.
They simply want
to declare a
connection
between
components, and
the policies to
apply to that
connection (if
specific to the
application).
17. Confidential │ ©2020 VMware, Inc. 17
DevSecOps Capabilities – Connect/Observe
The Right Tools, The Right Parts
Managing (and
securing) a
complex systems
portfolio requires
being able to see
the system and
both its intended
and emergent
behaviors.
18. Confidential │ ©2020 VMware, Inc. 18
CUSTOMER
DevSecOps Flow – Connect
Open source aligned
Kubernetes
• Certified, conformant Kubernetes
runtime
• Cluster-API-driven lifecycle
management
Centralized management for
multiple clusters across
clouds
• Policy management, enforcement
• Identity and access management
• Backup and restore
Connect and protect
applications
• Encrypted traffic,
security policies,
firewall
19. Confidential │ ©2020 VMware, Inc. 19
CUSTOMER
DevSecOps Flow – Observe
Open source aligned
Kubernetes
• Certified, conformant Kubernetes
runtime
• Cluster-API-driven lifecycle
management
Centralized management for
multiple clusters across
clouds
• Policy management, enforcement
• Identity and access management
• Backup and restore
Observability
• Visibility across
applications, clusters based
on open standards
Connect and protect
applications
• Encrypted traffic,
security policies,
firewall
20. Confidential │ ©2020 VMware, Inc. 20
Container image registry
• Secure artifacts with policies and
role-based access
• Image scanning and
signing
Observability
• Visibility across
applications, clusters based
on open standards
Connect and protect
applications
• Encrypted traffic,
security policies,
firewall
CD
Development
environment
• Tools
• Databases
• Services
• Kubernetes
CODE
CUSTOMER
Automated container
packaging
• Validated
• Reproducible builds
• Security and patching
CI
Open source aligned
Kubernetes
• Certified, conformant Kubernetes
runtime
• Cluster-API-driven lifecycle
management
Centralized management for
multiple clusters across
clouds
• Policy management, enforcement
• Identity and access management
• Backup and restore
Validated catalog of
runtimes and images
• Curated, secure, validated
OSS images
DevSecOps Flow
Version
Control
21. Confidential │ ©2020 VMware, Inc. 21
VMware Tanzu Advanced Benefits
New K8s, same UI
Adopt Kubernetes with no additional
code or training required
Multi-cloud simplified
Operate VMs and containers side-by-
side with a global control plane
Platform Development
Drive cloud native architecture
Consistent policy
Access, back up, controls etc. across
all clusters for DevSecOps
Cloud native constructs
Drive adoption of microservices,
containers, and data models
App Navigator
Drive cloud native patterns
Intrinsic security for apps
App security part of software
development lifecycle
Accelerate developer velocity
Enable self-service and automate
the path to production
Application
Modernization
Catalyst for customer outcomes
OPS: Embrace move to containers and K8s
Simplify operation across multi-cloud
SEC: Secure containers and open source
Reduce risk across app portfolio
DEV: Deliver apps and updates faster
Re-platform or re-factor app-by-app
Architect: Enable agile business through software
Eliminate friction of Dev, Sec, and Ops
Hinweis der Redaktion So what? So what? So what? Here’s the full capabilities stack that shows the ingredients of this extensive collection of software — if you remember the Gartner wheel earlier that talked about, all the components needed for a container ecosystem, you’ll find them here in Advanced.
As you can see, we’ve thought through what it takes to build a successful platform for your developers.
Let’s start at the base. Tanzu Advanced subsumes the capabilities of Tanzu Standard, which includes Tanzu Kubernetes Grid and its open source attachments
Tanzu Advanced adds full connectivity, through VMware’s leading networking tech.
Then, we’ve included a comprehensive developer experience with Spring, Build Service, Application Catalog and SQL.
And it’s all managed through a Global Control plane with advanced policy management, platform observability and service mesh.
Tanzu Advanced includes all these modular components that enable you to build the Kubernetes platform that works for YOUR organization.
Now it’s time to recap the benefits of Tanzu Advanced for your organization.
From the operations side, you can benefit from that consistency of Kubernetes distribution and management. You can simplify your multi-cloud and hybrid cloud operation and manage policy centrally and effectively.
From an application development side, developers can use the frameworks and tools that they prefer and plug into an automated, secure software supply chain to deliver their application to production. Self service vs. friction. Tanzu Advanced enables that shift-left of security so that containers are secure by design and continuously maintained.
You can see how Tanzu Advanced brings these teams together to speed the delivery of modern apps securely and at scale.
And Tanzu Labs can help you pull all of this together to help you build the platform that’s right for your organization and modernize your applications. And along the way, they can help you adopt a DevSecOps approach to software development and delivery.