Aarno Aukia, profile picture
Uploaded byAarno Aukia
1,833 views

SecDevOps 2017

The document outlines a presentation by Aarno Aukia from VSHN AG, focusing on the principles of securing DevOps through agile practices in software engineering, infrastructure, and security. It discusses the importance of collaboration between development and operations, automating processes, and ensuring security throughout the software delivery lifecycle, including authentication and authorization mechanisms. VSHN AG, established in 2014, provides cloud-native solutions and consulting services to enhance software application delivery and operations.

Software
Related topics:
Information Security

Embed presentation

Downloaded 32 times
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch SIGS Technology Conference 16.05.2017 SecDevOps Securing DevOps Aarno Aukia VSHN AG – The DevOps Company
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Agenda ● About Aarno / VSHN ● Agile Software Engineering ● Agile Infrastructure Engineering ● Agile Security Engineering ● Securing the software delivery process ● Example: authentication & authorization ● Q & A
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Who Aarno Aukia, CTO & co-founder ETH → Google → Atrila → VSHN @aarnoaukia or aarno.aukia@vshn.ch VSHN AG - the DevOps Company Since 2014, 20 people in Zürich Running web applications on-premises and in the clouds making both visitors and developers happy https://vshn.ch @vshn_ch
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Software Engineering 1/2 Require- ments Design Implemen- tation Validation Maintenance
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Software Engineering 2/2 Require- ments Design Validation Maintenance Implemen- tation
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Agile Software Engineering Requirements Design Implemen- tation TestingRelease
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Agile Infrastructure Engineering? How do operations cope with the continuous changes by the developers? How do you change the operations process from reactive (fire brigade) to proactive (fire detector, sprinkler, building regulations)? How do operations change from infrastructure provider to service provider?
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Ops: fire brigade as a Service
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Agile Infrastructure Engineering 1/2 ● Close collaboration between Dev & Ops = DevOps ● Proactive consulting, adding value to the development process ● Automating processes ● Accelerate the time-to-market up until self-service by PL/PO/Dev ● Eliminate manual errors and achieve higher robustness ● Standardize deployment, monitoring, logging, access control, scaling
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Agile Infrastructure Engineering 2/2 ● Automation = infrastructure as code ● Quality assurance like in a software-project ● Testing the automation process ● Versioning, changelog, rollback ● Repeatability, reproducability, traceability ● By default and from the beginning with security
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch How to prevent cleaning up a mess?
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Agile Security Engineering 1/3 ● Also known as AppSec ● Contributes to success like UX Design, usability, performance, operations ● A quality aspect of applications ● Proactively involved in application engineering ● Security Requirements ● Security Design/Architecture ● Security best practices in development ● Security testing ● Security Operations (SecOps) ● Use same language, development cycle and goal as developers
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Agile Security Engineering 2/3
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Agile Security Engineering 3/3 ● Safe software development process = integrity of the application ● Separation of applications on process level (container, virtual machine) ● Separation on network level ● Reproducibility of configuration (dev/test/stage- Environments, Disaster Recovery) ● Authentication & Authorization ● Controlling the access to applications ● RBAC on control plane ● Logging
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch SecDevOps
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Securing the Software Delivery Process 1/2
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Securing the Software Delivery Process 2/2
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Authentication & Authorization
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch AAI = Keycloak ● Identity & Access Management ● Single sign in/out ● Identity brokering: OpenID Connect (OAuth2 social login, FB/Twitter/Github etc.), SAML2.0, Kerberos ● User federation: LDAP, ActiveDirectory, custom RDBMS ● Multi-Factor-Authentication: TOTP/HOTP ● Managing the Authorization groups
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Audit Log = ElasticSearch, Logstash, Kibana ● Logging all access and changes through the control plane ● Logging all access to the application and correlate with application logs ● Index, view, filter, aggregate KPI → monitoring ● Store outside of application scope
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch APPUiO.ch ● Container Platform as a Service ● Based on Docker, Kubernetes, OpenShift ● On-premises, private or public cloud in Switzerland ● Run on any infrastructure ● Turnkey platform with proactive support ● Consulting services to become cloud native and integration ● From YoloOps to RelaxOps
VSHN AG I Neugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Thank you Questions? VSHN AG Aarno Aukia Neugasse 10 8005 Zürich https://vshn.ch @vshn_ch

More Related Content

PDF
DevOps for E-Commerce
byAarno Aukia
 
PDF
Docker Containers in Azure
byAarno Aukia
 
PDF
Scalable Web Applications with 100% open source
byAarno Aukia
 
PDF
Cloud Native Computing Meetup Zürich
byAarno Aukia
 
PDF
Swiss magento meetup: APPUiO
byAarno Aukia
 
PDF
From 0 to cloud in 60 seconds
bySafe Swiss Cloud
 
PDF
Architecting the Future: Abstractions and Metadata - GlueCon
byDaniel Barker
 
PDF
The printing press of 2021 - using GitLab to publish the VSHN Handbook
byAarno Aukia
 
DevOps for E-Commerce
byAarno Aukia
 
Docker Containers in Azure
byAarno Aukia
 
Scalable Web Applications with 100% open source
byAarno Aukia
 
Cloud Native Computing Meetup Zürich
byAarno Aukia
 
Swiss magento meetup: APPUiO
byAarno Aukia
 
From 0 to cloud in 60 seconds
bySafe Swiss Cloud
 
Architecting the Future: Abstractions and Metadata - GlueCon
byDaniel Barker
 
The printing press of 2021 - using GitLab to publish the VSHN Handbook
byAarno Aukia
 

What's hot

PDF
Policy & Governance für Kubernetes
byNico Meisenzahl
 
PDF
SW360 Update Tooling Telco
byShane Coughlan
 
PPTX
Monitoring large scale Docker production environments
byAlois Reitbauer
 
PDF
Hijack a Kubernetes Cluster - a Walkthrough
byNico Meisenzahl
 
PPTX
北科大 劉承諺 & 余康正 Processing案例分享
byOo Kang Zheng
 
PPTX
Open the Stack: How to easily plan and install your OpenStack deployment
byEric D. Schabell
 
PDF
Votre infrastructure est élastique, et votre monitoring ?
byBleemeo
 
PDF
Synergy 2015 Session Slides: SYN234 Delivering Lync & Other Audio-Video Appli...
byCitrix
 
PDF
Upstate DevOps - What's New With DevOps
byAllen Vailliencourt
 
PPTX
TechEvent From Zero to DevOps Hero through the Agile Cloud
byTrivadis
 
PPTX
Coding with-fiware-quick tour - cloud
byFernando Lopez Aguilar
 
PDF
Scaling UI5 Projects via Standardized Project & Infrastructure Setup (Ui5Con ...
byNabi Zamani
 
PPTX
Microservice, Micro Deployments and DevOps
byAlois Reitbauer
 
PDF
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
byNico Meisenzahl
 
PDF
My first .net project on Azure
byParis Polyzos
 
PPTX
12th Meeting OpenChain Reference Tooling Work Group - 25th March - Slides
byShane Coughlan
 
PDF
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
byNico Meisenzahl
 
PDF
Die Evolution von Container Image Builds
byNico Meisenzahl
 
PDF
azdevcom - Hijack a Kubernetes Cluster
byNico Meisenzahl
 
PDF
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
byNico Meisenzahl
 
Policy & Governance für Kubernetes
byNico Meisenzahl
 
SW360 Update Tooling Telco
byShane Coughlan
 
Monitoring large scale Docker production environments
byAlois Reitbauer
 
Hijack a Kubernetes Cluster - a Walkthrough
byNico Meisenzahl
 
北科大 劉承諺 & 余康正 Processing案例分享
byOo Kang Zheng
 
Open the Stack: How to easily plan and install your OpenStack deployment
byEric D. Schabell
 
Votre infrastructure est élastique, et votre monitoring ?
byBleemeo
 
Synergy 2015 Session Slides: SYN234 Delivering Lync & Other Audio-Video Appli...
byCitrix
 
Upstate DevOps - What's New With DevOps
byAllen Vailliencourt
 
TechEvent From Zero to DevOps Hero through the Agile Cloud
byTrivadis
 
Coding with-fiware-quick tour - cloud
byFernando Lopez Aguilar
 
Scaling UI5 Projects via Standardized Project & Infrastructure Setup (Ui5Con ...
byNabi Zamani
 
Microservice, Micro Deployments and DevOps
byAlois Reitbauer
 
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
byNico Meisenzahl
 
My first .net project on Azure
byParis Polyzos
 
12th Meeting OpenChain Reference Tooling Work Group - 25th March - Slides
byShane Coughlan
 
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
byNico Meisenzahl
 
Die Evolution von Container Image Builds
byNico Meisenzahl
 
azdevcom - Hijack a Kubernetes Cluster
byNico Meisenzahl
 
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
byNico Meisenzahl
 

Similar to SecDevOps 2017

PDF
Scalable Python with Docker, Kubernetes, OpenShift
byAarno Aukia
 
PDF
DevSecOps: Bringing security to the DevOps pipeline
byAarno Aukia
 
PDF
DevOps & DevSecOps in Swiss Banking
byAarno Aukia
 
PDF
Securing DevOps
byAarno Aukia
 
PDF
DevSecOps: Bringing security to the DevOps pipeline
byAarno Aukia
 
PPTX
New NSX Pitch Deck 2023 030302020202.pptx
bycontaworldigital
 
PDF
Security in the DevOps pipeline of containerized core application: Case Study...
byAarno Aukia
 
PDF
From 0 to cloud in 60 seconds
byAarno Aukia
 
PDF
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
byAarno Aukia
 
PDF
Continuous security improvements in the DevOps process
byAarno Aukia
 
PDF
DevSecOps: Bringing security to the DevOps pipeline
byAarno Aukia
 
PDF
DevOps on AWS
byAarno Aukia
 
PDF
What is this DevOps thing and why do I need it?
bySafe Swiss Cloud
 
PDF
Next gen software operations models in the cloud
byAarno Aukia
 
PDF
DevSecOps - Security in DevOps
byAarno Aukia
 
PDF
Wie macht man aus Software einen Online-Service in der Cloud
byAarno Aukia
 
PDF
A guide to modern software development 2018
byPeter Bittner
 
PDF
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
byVMworld
 
PDF
VMworld 2013: Virtualized Network Services Model with VMware NSX
byVMworld
 
PPTX
IaaS with Software Defined Networking
byPrasenjit Sarkar
 
Scalable Python with Docker, Kubernetes, OpenShift
byAarno Aukia
 
DevSecOps: Bringing security to the DevOps pipeline
byAarno Aukia
 
DevOps & DevSecOps in Swiss Banking
byAarno Aukia
 
Securing DevOps
byAarno Aukia
 
DevSecOps: Bringing security to the DevOps pipeline
byAarno Aukia
 
New NSX Pitch Deck 2023 030302020202.pptx
bycontaworldigital
 
Security in the DevOps pipeline of containerized core application: Case Study...
byAarno Aukia
 
From 0 to cloud in 60 seconds
byAarno Aukia
 
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
byAarno Aukia
 
Continuous security improvements in the DevOps process
byAarno Aukia
 
DevSecOps: Bringing security to the DevOps pipeline
byAarno Aukia
 
DevOps on AWS
byAarno Aukia
 
What is this DevOps thing and why do I need it?
bySafe Swiss Cloud
 
Next gen software operations models in the cloud
byAarno Aukia
 
DevSecOps - Security in DevOps
byAarno Aukia
 
Wie macht man aus Software einen Online-Service in der Cloud
byAarno Aukia
 
A guide to modern software development 2018
byPeter Bittner
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
byVMworld
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
byVMworld
 
IaaS with Software Defined Networking
byPrasenjit Sarkar
 

More from Aarno Aukia

PDF
DevOps for AI: running LLMs in production with Kubernetes and KubeFlow
byAarno Aukia
 
PDF
IPv6 on Container Plattforms
byAarno Aukia
 
PDF
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
byAarno Aukia
 
PDF
Wie nutzen wir Cloud-Infrastruktur @ VSHN.ch
byAarno Aukia
 
PDF
Cloud Native Computing
byAarno Aukia
 
PDF
Cloud Native Computing Meetup Zürich Jan 11 2018
byAarno Aukia
 
PDF
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
byAarno Aukia
 
PDF
Application Portability using Cloud Native Technology: Docker, Kubernetes
byAarno Aukia
 
PDF
Cloud Native Computing & DevOps
byAarno Aukia
 
PDF
Applikationsmodernisierung: Der Weg von Legacy in die Cloud
byAarno Aukia
 
PDF
Moving Applications to the cloud
byAarno Aukia
 
PDF
Automated Server Administration for DevSecOps
byAarno Aukia
 
PDF
Kubecon 2019 Recap
byAarno Aukia
 
PDF
Migration von Applikationen in die Cloud
byAarno Aukia
 
PDF
My broken container is gone - how to debug containers on container platforms
byAarno Aukia
 
DevOps for AI: running LLMs in production with Kubernetes and KubeFlow
byAarno Aukia
 
IPv6 on Container Plattforms
byAarno Aukia
 
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
byAarno Aukia
 
Wie nutzen wir Cloud-Infrastruktur @ VSHN.ch
byAarno Aukia
 
Cloud Native Computing
byAarno Aukia
 
Cloud Native Computing Meetup Zürich Jan 11 2018
byAarno Aukia
 
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
byAarno Aukia
 
Application Portability using Cloud Native Technology: Docker, Kubernetes
byAarno Aukia
 
Cloud Native Computing & DevOps
byAarno Aukia
 
Applikationsmodernisierung: Der Weg von Legacy in die Cloud
byAarno Aukia
 
Moving Applications to the cloud
byAarno Aukia
 
Automated Server Administration for DevSecOps
byAarno Aukia
 
Kubecon 2019 Recap
byAarno Aukia
 
Migration von Applikationen in die Cloud
byAarno Aukia
 
My broken container is gone - how to debug containers on container platforms
byAarno Aukia
 

Recently uploaded

PDF
CodeFulcrum Company Profile - Engineering Scalable Software for High-Growth E...
byCodeFulcrum
 
PDF
Shaping Your 2026 Testing Strategy | Applitools Product Pulse - January 2026
byApplitools
 
PDF
CatoCoin (CATO) – Smart Contract Security Audit Report by EtherAuthority
byEtherAuthority
 
PPTX
Project System Presentation details process presentation
bytejpratappandey4
 
PDF
our environment ppt made by many people name rarang yadav
byrarang180
 
PPTX
Introduction to Software Development and Modern Practices
byM Munim
 
PPTX
Orion Context Broker introduction 20260114
byFermin Galan
 
PDF
Incident Management Roles & Responsibilities.pdf
byTaskCall
 
PDF
Building Strong IT Systems Using the Site Reliability Engineering
byAvekshaa Technologies
 
PPTX
Architectural Styles in Software Engineering
byM Munim
 
PPTX
How MathCo Solved Enterprise AI Validation Challenges
byIT IDOL Technologies
 
PDF
Transferring Ideas to Impact -Driving Innovation and Demand with OnePlan
byOnePlan Solutions
 
PPTX
UAE-Based Insurer Transforms Operations with InsureEdge
byInsurance Tech Services
 
PPTX
Dreamforce ‘25 Tour: Boost Productivity with AI-Assisted API Development
byPriya Shaw
 
PDF
Driving Finance Growth with Business Central ERP
byNavision India
 
PDF
Problem Solving_20241203_220045_0000.pdf
bythakurayush00991
 
PPTX
Lect 1 Number systems and base conversions. [Autosaved].pptx
byzainiman8511
 
PPTX
Google Trips Data Scraping for Tourism & Demand Analysis.pptx
byWeb Data Crawler
 
PPTX
1-introduction-to-databases notes start .pptx
byBeatrice1625
 
PDF
Cybernetic Global Intelligence Securing Businesses in a Digital-First World.pdf
byCybernetic Global Intelligence
 
CodeFulcrum Company Profile - Engineering Scalable Software for High-Growth E...
byCodeFulcrum
 
Shaping Your 2026 Testing Strategy | Applitools Product Pulse - January 2026
byApplitools
 
CatoCoin (CATO) – Smart Contract Security Audit Report by EtherAuthority
byEtherAuthority
 
Project System Presentation details process presentation
bytejpratappandey4
 
our environment ppt made by many people name rarang yadav
byrarang180
 
Introduction to Software Development and Modern Practices
byM Munim
 
Orion Context Broker introduction 20260114
byFermin Galan
 
Incident Management Roles & Responsibilities.pdf
byTaskCall
 
Building Strong IT Systems Using the Site Reliability Engineering
byAvekshaa Technologies
 
Architectural Styles in Software Engineering
byM Munim
 
How MathCo Solved Enterprise AI Validation Challenges
byIT IDOL Technologies
 
Transferring Ideas to Impact -Driving Innovation and Demand with OnePlan
byOnePlan Solutions
 
UAE-Based Insurer Transforms Operations with InsureEdge
byInsurance Tech Services
 
Dreamforce ‘25 Tour: Boost Productivity with AI-Assisted API Development
byPriya Shaw
 
Driving Finance Growth with Business Central ERP
byNavision India
 
Problem Solving_20241203_220045_0000.pdf
bythakurayush00991
 
Lect 1 Number systems and base conversions. [Autosaved].pptx
byzainiman8511
 
Google Trips Data Scraping for Tourism & Demand Analysis.pptx
byWeb Data Crawler
 
1-introduction-to-databases notes start .pptx
byBeatrice1625
 
Cybernetic Global Intelligence Securing Businesses in a Digital-First World.pdf
byCybernetic Global Intelligence
 

SecDevOps 2017

  • 1.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch SIGS Technology Conference 16.05.2017 SecDevOps Securing DevOps Aarno Aukia VSHN AG – The DevOps Company
  • 2.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Agenda ● About Aarno / VSHN ● Agile Software Engineering ● Agile Infrastructure Engineering ● Agile Security Engineering ● Securing the software delivery process ● Example: authentication & authorization ● Q & A
  • 3.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Who Aarno Aukia, CTO & co-founder ETH → Google → Atrila → VSHN @aarnoaukia or aarno.aukia@vshn.ch VSHN AG - the DevOps Company Since 2014, 20 people in Zürich Running web applications on-premises and in the clouds making both visitors and developers happy https://vshn.ch @vshn_ch
  • 4.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Software Engineering 1/2 Require- ments Design Implemen- tation Validation Maintenance
  • 5.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Software Engineering 2/2 Require- ments Design Validation Maintenance Implemen- tation
  • 6.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Agile Software Engineering Requirements Design Implemen- tation TestingRelease
  • 7.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Agile Infrastructure Engineering? How do operations cope with the continuous changes by the developers? How do you change the operations process from reactive (fire brigade) to proactive (fire detector, sprinkler, building regulations)? How do operations change from infrastructure provider to service provider?
  • 8.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Ops: fire brigade as a Service
  • 9.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Agile Infrastructure Engineering 1/2 ● Close collaboration between Dev & Ops = DevOps ● Proactive consulting, adding value to the development process ● Automating processes ● Accelerate the time-to-market up until self-service by PL/PO/Dev ● Eliminate manual errors and achieve higher robustness ● Standardize deployment, monitoring, logging, access control, scaling
  • 10.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch
  • 11.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Agile Infrastructure Engineering 2/2 ● Automation = infrastructure as code ● Quality assurance like in a software-project ● Testing the automation process ● Versioning, changelog, rollback ● Repeatability, reproducability, traceability ● By default and from the beginning with security
  • 12.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch How to prevent cleaning up a mess?
  • 13.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Agile Security Engineering 1/3 ● Also known as AppSec ● Contributes to success like UX Design, usability, performance, operations ● A quality aspect of applications ● Proactively involved in application engineering ● Security Requirements ● Security Design/Architecture ● Security best practices in development ● Security testing ● Security Operations (SecOps) ● Use same language, development cycle and goal as developers
  • 14.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Agile Security Engineering 2/3
  • 15.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Agile Security Engineering 3/3 ● Safe software development process = integrity of the application ● Separation of applications on process level (container, virtual machine) ● Separation on network level ● Reproducibility of configuration (dev/test/stage- Environments, Disaster Recovery) ● Authentication & Authorization ● Controlling the access to applications ● RBAC on control plane ● Logging
  • 16.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch SecDevOps
  • 17.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Securing the Software Delivery Process 1/2
  • 18.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Securing the Software Delivery Process 2/2
  • 19.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Authentication & Authorization
  • 20.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch AAI = Keycloak ● Identity & Access Management ● Single sign in/out ● Identity brokering: OpenID Connect (OAuth2 social login, FB/Twitter/Github etc.), SAML2.0, Kerberos ● User federation: LDAP, ActiveDirectory, custom RDBMS ● Multi-Factor-Authentication: TOTP/HOTP ● Managing the Authorization groups
  • 21.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Audit Log = ElasticSearch, Logstash, Kibana ● Logging all access and changes through the control plane ● Logging all access to the application and correlate with application logs ● Index, view, filter, aggregate KPI → monitoring ● Store outside of application scope
  • 22.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch APPUiO.ch ● Container Platform as a Service ● Based on Docker, Kubernetes, OpenShift ● On-premises, private or public cloud in Switzerland ● Run on any infrastructure ● Turnkey platform with proactive support ● Consulting services to become cloud native and integration ● From YoloOps to RelaxOps
  • 23.
    VSHN AG INeugasse 10 I 8005 Zürich I T 044 545 53 00 www.vshn.ch Thank you Questions? VSHN AG Aarno Aukia Neugasse 10 8005 Zürich https://vshn.ch @vshn_ch