bzzńw platformy openshift z wykorzystaniem ibm cloud · bzzńw platformy openshift z...
TRANSCRIPT
IBM Cloud / DOC ID / Month XX, 2018 / © 2018 IBM Corporation
Bezpieczeństwo platformy OpenShiftz wykorzystaniem IBM Cloud—Marcin SpychałaClient Technical Professional
2
3IBM Cloud / DOC ID / Month XX, 2018 / © 2018 IBM Corporation
Znalezienie jasnych zaleceń nie jest łatwe …
Dostępne materiały
FISMA (NIST) & FISMA Moderate (Coalfire)ISO 27001PCI-DSSPCI-DSS Reference Architecture
OpenShift Hardening Guide for 3.10 & 3.11
Warte rozważenia:docker-benchkube-bench
4
Zalecenia
5
Zalecenia
IBM Cloud Security Advisor
Dodatkowe integracje
6
Zalecenia
Problemy i zalecenia
7
Zalecenia
Możliwości platformy
8
Narzędzia
9
Narzędzia
10
Narzędzia
11
Narzędzia
12
Trusted computing - platforma
https://cloud.ibm.com/docs/openshift?topic=openshift-security#threats
13
Trusted computing - architektura
https://www.ibm.com/cloud/architecture/architectures/securityArchitecture
Nie chcę Chmury
https://ibm.box.com/s/mpzwilyna0wnyg5aizf67een93pak044
15
Czego się spodziewać
16
Typowe zagrożenia dla platformy
17
IBM Cloud Security Services - przegląd
18
Czym IBM Cloud zarządza za Ciebie
▸ Automated provisioning and configuration of Infrastructure (compute, network and storage)
▸ Automated installation and configuration of OpenShift, including HA cross zone configuration
▸ Automatic upgrades of all components (operating system, OpenShift components, and in cluster services)
▸ Security patch management for OS and OpenShift
▸ Automatic failure recovery for OpenShift components and worker nodes
▸ Automatic scaling of OpenShift configuration
▸ Automatic backups of core OpenShift ETCD data
▸ Built in integration with cloud platform - monitoring, logging, KeyProtect, IAM, ActivityTracker, Storage, COS,
Security Advisor, Service Catalog, Container Registry and Vulnerability Advisor
▸ Built in Load Balancer, VPN, Proxy, Network edge nodes, Private Clusters and VPC capabilities
▸ Built-in Security including image signing, image deployment enforcement, and hardware trust
▸ 24/7 global SRE team to maintain the health of the environment and help with OpenShift
▸ Global SRE has deep experience and skill in IBM Cloud Infrastructure, Kubernetes and OpenShift,
resulting in much faster problem resolution
▸ Automatic compliance for your OpenShift environment (HIPAA, PCI, SOC2, ISO)
▸ Capacity expansion through a single click
▸ Automatic multi-zone deployment in MZRs, including integration with CIS to do cross zone traffic routing
▸ Automatic Operating System performance tuning and security hardening
19
Porównanie
IBM Cloud / DOC ID / Month XX, 2018 / © 2018 IBM Corporation
To już nie ”początek drogi” – to stare dobre małżeństwo
21
Sprawdź nas!
https://cloud.ibm.com/kubernetes/overview?platformType=openshift