Ensuring Platform Security with Windows Bosh Add-ons and Runtime-Config at Boeing
Ensuring Platform Security with Windows Bosh Add-ons and Runtime-Config at Boeing - James Coppock & Sheryl Maris, Boeing We did it! InfoSec said “Not a chance you’re deploying Ubuntu and Windows on Pivotal Cloud Foundry unless you meet our highly stringent requirements!”. We were told – “You must implement virus protection and reporting; you must monitor about 100ish security controls, check them daily, and report anomalies daily; you must force multi-factor authentication for the opsman UI and SSH connections to opsman, and you must not allow direct access to any servers – all access must come from only the load balancers and go-routers”. What? Really? Um, okay, I see we have no choice. Under immense time pressure, we found a way. We added some fairly simple Bosh Add-ons to the runtime config and applied via Concourse to all of our foundations. How easy was that? Maybe your InfoSec team is as hard as ours (pretty likely). If you’re an operations/infradev person focused on security and want to learn an eloquent and technically simple way to meet their requirements, please come by and hear from our off-the-wall team. Cooperating daily with our InfoSec lead E.J., our stressed out Service Manager Brad was, well, stressed out. Our tech leads, James and Sheryl saved the day (with the help of our Pivots of course). You’ll walk away learning some simple custom Bosh Add-ons applied via Runtime Config that met InfoSec’s tough requirements. Probably similar requirements at almost any company I would hazard a guess. We would love to talk to you anytime about our journey. We have implemented Windows on PCF quite successfully (how did we do this with the MS licensing restrictions?) and are hosting .NET Framework applications and .NET Core on Linux, we plan to implement Windows 2016 Core this year, Developers use SteelToe for the .NET Core and Framework applications to take advantage of Spring framework, we use SAML federation via PingFed to our Active Directory, Multi-Factor Authentication via smart card for Opsman, and probably a hundred other interesting topics. Attend this talk to learn some simple, custom BOSH add-ons applied via Runtime Config saved the day, using Concourse to deploy to all foundations. About Sheryl Maris "Before starting with Boeing, Sheryl was in the customer service industry, never finding the challenges she thrived for. A single mother of 2, she went back to college in 2006 earning three degrees. Sheryl now thrives for the challenges she encounters as a core member of the PCF Core Team at Boeing. She has learned and implemented technologies such as Concourse pipelines and Fly CLI , Bosh, CF CLI, Operations and Application manager, vSphere, Minio S3 blob store, GIT, just to name a few. She created the first Concourse Installation pipeline used at Boeing, which fully automates the installation of a base foundation. She teamed with the PCF Core Team and Security to implement security requirements within the Runtime config. Sheryl truly enjoys developing new IT skills, enhancing leadership attributes, and increasing her responsibilities by taking on the most difficult assignments and focuses on making her Boeing customers successful. I truly encourage other women (and men) to get involved in PCF. It’s really not that hard. I have nothing but good things to say about how Pivotal helped us deploy CF, how my team and our Pivots helped me learn through pairing, how it was so easy to pick this up. This technology is truly transformative for any company. Maybe that’s the secret to CF; it’s pretty easy to learn and implement, but so powerful once in place. I truly enjoy spending time with my family, hiking with my dog Spenser, and anything spicy!"