Securing IaaS in the cloud

Slides:

Advertisements

Similar presentations

Lower costs and improve predictability Automation Enable service owners to focus on work that adds business value Reduce error-prone manual activities.

Advertisements

Integrate into existing systems with PowerShell integration modules Extend by building PS modules to enable integrating into other systems Optimize.

Deployment and Configuration Management Solution

Monitor Linux OS health & performance Monitor log files Monitor JEE app servers Monitor line-of-business applications Monitor databases and web.

Worker Role Web Role Web Role VM Role Control Abstraction (i.e. Less IT & Less Plumbing Code) Admin Web / Worker Role VM Role Web / Worker Role.

Automate Microsoft Azure Ross Sponholtz Mark Ghazai.

STIG Compliance and Remediation with Ansible April 2015.

Windows Azure Conference 2014 Running Docker on Windows Azure.

Cloud as a Service Chetan Shinde Column Software Technologies Pvt. Ltd.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

Automating Operational and Management Tasks in Microsoft Operations Management Suite and Azure

1 PUPPET AND DSC. INTRODUCTION AND USAGE IN CONTINUOUS DELIVERY PROCESS. VIKTAR VEDMICH PAVEL PESETSKIY AUGUST 1, 2015.

Microsoft Management Seminar Series SMS 2003 Change Management.

20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.

Infrastructure as code. “Enable the reconstruction of the business from nothing but a source code repository, an application data backup, and bare metal.

BladeLogic Demo. 03/10/09 BladeLogic Demo BladeLogic Who? Automation taking my job? What? No, it’s making it easier. Started by entrepreneurs who understood.

Copyright © New Signature Who we are: Focused on consistently delivering great customer experiences. What we do: We help you transform your business.

Ansible and Ansible Tower 1 A simple IT automation platform November 2015 Leandro Fernandez and Blaž Zupanc.

Cloud Installation & Configuration Management. Outline  Definitions  Tools, “Comparison”  References.

UFIT Infrastructure Self-Service. Service Offerings And Changes Virtual Machine Hosting Self service portal Virtual Machine Backups Virtual Machine Snapshots.

TAKING THE OPENSTACK JOURNEY WITH CONFIDENCE

Configuration Management, Continuous Integration, Continuous Delivery Revealed.

Prof. Jong-Moon Chung’s Lecture Notes at Yonsei University

Windows 2012R2 Hyper-V and System Center 2012

1/27/2018 5:13 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Chapter 6: Securing the Cloud

MICROSOFT AZURE ISV PROFILE: BMC SOFTWARE

@ Bucharest DevOps Hacker Meetup

HP Operations Orchestration

Modernize Your Operations

Tivoli Storage Manager Product Family

Ed OMS Team 5/29/2018 1:05 PM PowerShell as a Service Managing clouds, Windows, Linux, on-premises or public with Microsoft Operations.

Infrastructure Orchestration to Optimize Testing

Cisco Data Virtualization

IBM Tivoli Provisioning Manager Red Hat 5 patch management

4th Forum How to easily offer your application as a self-service template by using OpenShift and GitLab-CI 4th Forum Alberto.

IT Atoumation / Conf. Mgmt...

Configuration Management with Azure Automation DSC

Drupal VM and Docker4Drupal For Drupal Development Platform

Veeam Backup Repository

SmartHOTEL Solutions Powered by Microsoft Azure Provide Hoteliers with Comprehensive, One-Stop Automated Management of All Booking Channels MICROSOFT AZURE.

Azure Primed Randy Pagels Sr. Developer Technology Specialist

OpenNebula Offers an Enterprise-Ready, Fully Open Management Solution for Private and Public Clouds – Try It Easily with an Azure Marketplace Sandbox MICROSOFT.

Drupal VM and Docker4Drupal as Consistent Drupal Development Platform

Get Microsoft Exam PDF Braindumps With Verified Question Answers By Realexamdumps.com

Ansible and Zabbix Rushikesh Prabhune (Software Technical Consultant)

LoboCloud.unm.edu June 9 – 10, 2016 Presented by

Microsoft Ignite NZ October 2016 SKYCITY, Auckland.

20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.

Data Security for Microsoft Azure

Simplified Development Toolkit

Introduction to Ansible

Sherpany’s Boardroom App for Windows: It’s a Perfect Tool for Managing Top-Level Meetings, Optimized for Use on Microsoft Surface Devices WINDOWS APP BUILDER.

Microsoft Virtual Academy

Microsoft Virtual Academy

Presented By - Avinash Pawar

Module 01 ETICS Overview ETICS Online Tutorials

In this session… Introduce what we’re talking about

Managing Services with VMM and App Controller

Course: Module: Lesson # & Name Instructional Material 1 of 32 Lesson Delivery Mode: Lesson Duration: Document Name: 1. Professional Diploma in ERP Systems.

Technical Capabilities

Single Cell’s Progenitor Powered by Microsoft Azure Improves Organisational Efficiency with Strategic Procurement, Contract Management, and Analytics MICROSOFT.

Increase and Improve your PC management with Windows Intune

MDC-B203 Deploying Applications in Microsoft System Center Virtual Machine Manager Using Services John Messec Program Manager Microsoft.

Traditional Virtualized Infrastructure

BMC Automation Portal Update

OpenStack Summit Berlin – November 14, 2018

Features Overview.

PerformanceBridge Application Suite and Practice 2.0 IT Specifications

Productive + Hybrid + Intelligent + Trusted

Presentation transcript:

Securing IaaS in the cloud Ansible Alliance Securing IaaS in the cloud Lake Laberge, Yukon Territory, Canada. Shutterstock Greg Cormier, Kevin Dutton, Alex Imray-Papineau

Background DFO started their cloud journey in 2017 By volume of data, mostly unclassified data related to science A number of systems at the Protected B level DFO’s cloud strategy is multi-cloud DFO chose Azure as their first cloud service provider to focus efforts, and AWS is the second rolling out in 2019

The Problem Cloud requires skills in various domains which are generally maintained by other teams (SSC) Some of these areas are well known to Cloud Service Providers As a result, they offer tailored solutions specific to their cloud offering Infrastructure as a Service (IaaS) has the biggest burden of responsibility for the customer How do we handle IaaS management? - Networking, Storage, Backups, Patching, automation

Our first attempt at a solution… Provider specific tools Azure Update Management Azure Automation DSC (Desired State Config) Fairly good integration into the Azure ecosystem Portal integration was good

Were we ready to do this all over again in AWS? … reality sets in We had to deal with powered-off VM’s Failed updates often caused issues and broke things The solution didn’t feel production ready All of the efforts, and any of the attempted problem solving or customization would take more work Were we ready to do this all over again in AWS?

Problem Redefined How do we handle IaaS management, in a cloud service provider agnostic manner? How do we get, at a glance, the status of all our infrastructure in the cloud?

“Ansible is an open-source software provisioning, configuration management, and application-deployment tool.”

Ansible Lets us maintain the state of a VM Ansible is agent-less – it talks directly to an operating system (whether it is on the cloud or not) Linux - SSH to talk to the target Windows - WinRM (SSH under development) Playbooks are a YAML file that describes what to do Ansible handles multiple executions of the same playbook against hosts for most modules Ansible provides a simple way to enforce common software installations, or common settings, across multiple hosts

Example Windows Playbooks - name: Install all security, critical, and rollup updates win_updates: category_names: - SecurityUpdates - CriticalUpdates - UpdateRollups - name: Restart a service win_service: name: spooler state: restarted

Example Linux Playbooks - name: Upgrade all Linux packages to the latest version apt: name: "*" state: latest - name: Ensure the httpd service is running service: name: httpd state: started become: true

Example Execution - name: This is a hello-world example hosts: 127.0.0.1 tasks: - name: Create a file called '/tmp/testfile.txt' with the content 'hello world'. copy: content: hello world dest: /tmp/testfile.txt

AWX adds a web-based user interface, job scheduling, inventory management, reporting, workflow automation, credential sharing, and tooling to enable delegation. AWX is the open source project behind Red Hat Ansible Tower.

AWX AWX lets us take simple Ansible playbooks, and apply the management at a much larger scale It supports various sources for the inventory, including Azure, AWS, GCP, VMWare vCenter It can use code repositories as the source for the playbooks, to allow simple updates and deployments We can define schedules to run different playbooks as required - Best of all, it’s the GUI!

AWX at DFO Hourly compliance playbooks based on the ULL profile Nightly patching playbooks, with Azure Automation integration for powering on shutdown VM’s We can apply this to any VM, whether it’s on Azure or on AWS, and have a single pane to view the status of our security and patching tasks.

Back to Security Ansible let’s us easily define the blueprints on what configurations or changes an OS needs We decided to use this to define our security blueprint Using an existing list of settings from TBS, we converted these to Ansible Playbooks

Ansible Alliance https://github.com/dfocloud/ansible-alliance We’re looking for departments to help contribute towards a PBMM hardening profile We can change the implementation of various controls over time as the OS matures For security, the more eyes, the better! Combine our IT expertise for various aspects of hardening

Demo and Questions Greg.Cormier@dfo-mpo.gc.ca Alex.ImrayPapineau@dfo-mpo.gc.ca Kevin.Dutton@dfo-mpo.gc.ca