Bzzńw platformy OpenShift z wykorzystaniem IBM Cloud · Bzzńw platformy OpenShift z wykorzystaniem IBM Cloud ... Service Catalog, Container Registry and Vulnerability Advisor ...

IBM Cloud / DOC ID / Month XX, 2018 / © 2018 IBM Corporation

Bezpieczeństwo platformy OpenShiftz wykorzystaniem IBM Cloud—Marcin SpychałaClient Technical Professional

2

3IBM Cloud / DOC ID / Month XX, 2018 / © 2018 IBM Corporation

Znalezienie jasnych zaleceń nie jest łatwe …

Dostępne materiały

FISMA (NIST) & FISMA Moderate (Coalfire)ISO 27001PCI-DSSPCI-DSS Reference Architecture

OpenShift Hardening Guide for 3.10 & 3.11

Warte rozważenia:docker-benchkube-bench

4

Zalecenia

https://nvd.nist.gov/ncp/checklist/866

https://www.redhat.com/en/resources/openshift-container-platform-guide-fisma-moderate

https://www.redhat.com/cms/managed-files/cl-openshift-applicability-guide-iso-iec-27001-analyst-paper-f15231bf-201811-en.pdf

https://www.redhat.com/en/resources/openshift-pci-product-applicability-guide-datasheet

https://www.redhat.com/cms/managed-files/Red_Hat_OpenShift_Reference_Architecture_for_PCI_DSS_3.2.1_v1.0.pdf

https://access.redhat.com/documentation/en-us/openshift_container_platform/3.11/pdf/container_security_guide/OpenShift_Container_Platform-3.11-Container_Security_Guide-en-US.pdf

https://github.com/aquasecurity/docker-bench

https://github.com/aquasecurity/kube-bench

5

Zalecenia

IBM Cloud Security Advisor

Dodatkowe integracje

6

Zalecenia

Problemy i zalecenia

7

Zalecenia

Możliwości platformy

8

Narzędzia

9

Narzędzia

10

Narzędzia

11

Narzędzia

12

Trusted computing - platforma

https://cloud.ibm.com/docs/openshift?topic=openshift-security#threats

13

Trusted computing - architektura

https://www.ibm.com/cloud/architecture/architectures/securityArchitecture

Nie chcę Chmury

https://ibm.box.com/s/mpzwilyna0wnyg5aizf67een93pak044

15

Czego się spodziewać

16

Typowe zagrożenia dla platformy

17

IBM Cloud Security Services - przegląd

18

Czym IBM Cloud zarządza za Ciebie

▸ Automated provisioning and configuration of Infrastructure (compute, network and storage)

▸ Automated installation and configuration of OpenShift, including HA cross zone configuration

▸ Automatic upgrades of all components (operating system, OpenShift components, and in cluster services)

▸ Security patch management for OS and OpenShift

▸ Automatic failure recovery for OpenShift components and worker nodes

▸ Automatic scaling of OpenShift configuration

▸ Automatic backups of core OpenShift ETCD data

▸ Built in integration with cloud platform - monitoring, logging, KeyProtect, IAM, ActivityTracker, Storage, COS,

Security Advisor, Service Catalog, Container Registry and Vulnerability Advisor

▸ Built in Load Balancer, VPN, Proxy, Network edge nodes, Private Clusters and VPC capabilities

▸ Built-in Security including image signing, image deployment enforcement, and hardware trust

▸ 24/7 global SRE team to maintain the health of the environment and help with OpenShift

▸ Global SRE has deep experience and skill in IBM Cloud Infrastructure, Kubernetes and OpenShift,

resulting in much faster problem resolution

▸ Automatic compliance for your OpenShift environment (HIPAA, PCI, SOC2, ISO)

▸ Capacity expansion through a single click

▸ Automatic multi-zone deployment in MZRs, including integration with CIS to do cross zone traffic routing

▸ Automatic Operating System performance tuning and security hardening

19

Porównanie

IBM Cloud / DOC ID / Month XX, 2018 / © 2018 IBM Corporation

To już nie ”początek drogi” – to stare dobre małżeństwo

21

Sprawdź nas!

https://cloud.ibm.com/kubernetes/overview?platformType=openshift

Bzzńw platformy OpenShift z wykorzystaniem IBM Cloud · Bzzńw platformy OpenShift z wykorzystaniem IBM Cloud ... Service Catalog, Container Registry and Vulnerability Advisor ...

Documents