SlideShare una empresa de Scribd logo

The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Environment #BoomSauce

Descargar como PPTX, PDF
VMware Tanzu
VMware Tanzu

SpringOne Platform 2018 The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Environment #BoomSauce Joshua Kirchmeier & Garrett Klok, Raytheon

Software
1 de 21
Copyright © 2018, Raytheon Company. All rights reserved. #BOOMSAUCE: THE ANATOMY OF BUILDING A COMPLIANT PCF SERVICE IN A LIMITED-CONNECTIVITY ENVIRONMENT Josh Kirchmeier Garrett Klok Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.
First – A Disclaimer  The specifics of what we’re doing are sensitive, so information cannot be shared  Regulatory compliance is NOT a destination, but instead a complex and twisty road full of shear drops and sudden stops – even if we had all of today’s answers, what you need to do will be different tomorrow 10/10/2018 2 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. THERE IS NO COOKBOOK FOR REGULATORY COMPLIANCE — YOUR MILEAGE WILL VARY
3 RAYTHEON COMPANY – A TECHNOLOGY AND INNOVATION LEADER SPECIALIZING IN DEFENSE, CIVIL GOVERNMENT AND CYBERSECURITY SOLUTIONS THROUGHOUT THE WORLD.  2017 NET SALES: $25 BILLION  64,000 EMPLOYEES WORLDWIDE  HEADQUARTERS: WALTHAM, MASSACHUSETTS Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.
4 GLOBAL PRESENCE ALWAYS THERE. DEDICATED TO OUR GLOBAL CUSTOMERS. Raytheon Company is deeply committed to global partnerships, providing solutions and services to valued customers in more than 80 countries and building upon international relationships to best meet the national security and technology needs of nations around the world. Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.
Raytheon Digital Transformation 10/10/2018 5 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.
DevOps at Raytheon 10/10/2018 6 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. Images used from: https://commons.wikimedia.org/wiki/ Collaboration Documentation Requirements Agile Planning Task Mgmt Development Design & Arch Test Mgmt Static Analysis Package Mgmt Artifact Mgmt Automation Solution Delivery Capacity Mgmt Availability App Health Customer Eng/Sat TOOLCHAINS SANDBOX DEV/TEST PRODUCTION
PCF as a Service (PCFaaS) 10/10/2018 7 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. DEFINE SERVICE TENANTS  Achieve Compliance and Security Requirements  Enable Speed and Agility to our Development Teams  Provide High Availability and Resiliency SCOPE SERVICES TO WHAT IS NEEDED AND ALLOWED CONTROL AND ARTICULATE SCOPES Keith Rodwell SpringOne 2017 Presentation AGILE APPROACH TO SERVICE DELIVERY  Establish a roadmap and service guardrails  What is in and out of your service  How to request new capabilities  Share a near and long term roadmap
PCF as a Service (PCFaaS) 10/10/2018 8 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. CONSTRUCT A SERVICE MODEL  Service strategy and responsibilities  How the service will operate (deploy, scale and maintain) the platform  Standard services and capabilities (now and roadmap)  One stop shop for everything in the service DEFER COST MODEL /CHARGEBACK  Wait if you can!  Focus on building adoption  Allow the platform team time to understand the platform  Allow developers and stakeholders to see the value Pivotal Chargeback
Our PCFaaS Service Value Proposition 10/10/2018 9 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. *https://content.pivotal.io/blog/pivotal-cloud-foundry-s-roadmap-for-2016 https://commons.wikimedia.org/wiki/File:Devops-toolchain.svg HIGH AVAILABILITY SECURITY & COMPLIANCEDEVELOPER PRODUCTIVITY OPERATOR EFFICIENCY CUSTOMER here is what i need provide me business value i do not care how - Garrett Klok (Raytheon) COMPLIANCE here are policies go and make me compliant i do not care how - Garrett Klok (Raytheon) DEVELOPMENT here is my source code run it on the cloud for me i do not care how - Onsi Fakhouri (Pivotal)* OPERATIONS here are my servers go make them a cloud foundry i do not care how - Onsi Fakhouri (Pivotal)*
Compliance? 10/10/2018 10 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.
Compliance Because… 10/10/2018 11 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. IDS Headquartered in Tewksbury, Massachusetts, Integrated Defense Systems specializes in air and missile defense, large land- and sea- based radars, and systems for managing command, control, communications, computers, cyber and intelligence. It also produces sonars, torpedoes and electronic systems for ships. FORCEPOINTTM Forcepoint is transforming cybersecurity by focusing on what matters most: understanding people’s intent as they interact with critical data and intellectual property wherever it resides. Forcepoint’s Human Point System enables customers to understand the normal rhythm of user behavior and the flow of data throughout an organization to rapidly identify and eliminate risk. Based in Austin, Texas, Forcepoint protects the human point for thousands of enterprise and government customers in more than 150 countries. IIS Headquartered in Dulles, Virginia, Intelligence, Information and Services designs and delivers solutions and services that leverage its deep expertise in cyber, analytics and automation. Software, systems integration, and the support and sustainment of Raytheon and other companies’ systems for intelligence, military and civil applications are delivered across four domains: space, cyber, mission readiness, and multi-domain battlespace management command and control. RMS Headquartered in Tucson, Arizona, Missile Systems is the premier global effects provider across broad addressable markets. The business designs, integrates, delivers and supports weapons systems for all missions spanning all domains, including interceptors for ballistic missile defense. It operates at the forefront of advanced technology development, including hypersonic weapons programs and directed energy systems. International operations include Raytheon UK, Raytheon ELCAN, and Raytheon Emirates. SAS Headquartered in McKinney, Texas, Space and Airborne Systems is a leading provider of radar and sensor systems on airborne and space- based platforms. The business also provides communications, electronic warfare, high-energy laser solutions and special mission aircraft for the network-centric battlefield. Research advancements range from linguistics to quantum computing. INTEGRATED DEFENSE SYSTEMS INTELLIGENCE, INFORMATION AND SERVICES MISSILE SYSTEMS SPACE AND AIRBORNE SYSTEMS FORCEPOINT POWERED BY RAYTHEON OUR BUSINESSES MAKE THE WORLD A SAFER PLACE
Defense Industry Regulations 10/10/2018 12 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.  International Traffic in Arms Regulations (ITAR) – U.S. government export and import of defense-related articles and services regulations BE FAMILIAR WITH THE REGULATIONS THAT YOU’RE DESIGNING TO MEET ITAR, EAR, CUI and NIST 800-171  Controlled Unclassified Information (CUI) – Data that must be safeguarded and/or dissemination controlled by U.S. government regulation  Export Administration Regulations (EAR) – Commercial import and export regulations  NIST 800-171 – Protecting CUI in nonfederal information systems and organizations
DFARS 10/10/2018 13 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.  A supplement to the FAR that provides DoD-specific acquisition regulations that DoD government acquisition officials – and those contractors doing business with DoD – must follow in the procurement process for goods and services DEFENSE FEDERAL ACQUISITION REGULATION SUPPLEMENT NIST 800-53 / 800-171 FAMILIES OF CONTROLS Access Control Media Protection Awareness and Training Personnel Security Audit and Accountability Physical Protection Configuration Management Risk Assessment Identification and Authentication Security Assessment Incident Response System and Communication Protection Maintenance System and Information Integrity
DFARS: Controls Addressed 10/10/2018 14 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.  Encryption – System and Communications Protection (3.13) – Data at rest/motion/use  Multi-Factor Authentication – Identification and Authentication (3.5) – Something you have/know/are  Vulnerability Scans – Risk Assessment (3.11) – Remediate and mitigate threats
Limited-Connectivity Environment Challenges 10/10/2018 15 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.  Certificates – Unable to copy SSL certificates to Concourse runtime containers  Proxies – Unable to set proxy on Concourse worker VMs  Off-line (i.e. Air-Gapped) Pipelines – Pipelines have assumptions (e.g. internet connectivity, 3 AZs, …)  Security Constraints – Images, source code and binaries pulled only from private registries/repos  Controls on top of GovCloud – Additional rules and practices enforcing compliance
Encryption: Made Easy 10/10/2018 16 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.  BOSH Internal/Ops Man – Encrypt AMI while copying to your AMIs  AWS Console, or  AWS CLI  PAS – Encrypt EBS Volumes  Ops Manager Director AWS Config aws ec2 copy-image --source-image-id ami-xxxxxxxx --source-region us-gov-west-1 --region us-gov-west-1 --name encrypted-ops- manager-ami --encrypted --kms-key-id arn:aws-us-gov:kms:us-gov-west-1:############:key/<custom-kms-key-id>
Encryption: Made Not So Easy 10/10/2018 17 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.  Encrypt stemcells – bosh repack-stemcell  Modify cloud properties – Update cpi.yml - type: replace path: /resource_pools/name=vms/stemcell? value: url: file://~/stemcells/encrypted-light-bosh-stemcell-3468.21-aws-xen-hvm-ubuntu-trusty-go_agent.tgz ... - type: replace path: /resource_pools/name=vms/cloud_properties? value: instance_type: m4.xlarge ephemeral_disk: type: gp2 size: ### encrypted: true kms_key_arn: "arn:aws-us-gov:kms:us-gov-west-1:<userid>:key/<kms-key-id>" availability_zone: ((az)) ... - type: replace path: /disk_pools/name=disks/cloud_properties? value: type: gp2 encrypted: true kms_key_arn: "arn:aws-us-gov:kms:us-gov-west-1:<userid>:key/<kms-key-id>"
Encryption: Gotchas/Tips 10/10/2018 18 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.  Unknown CPI error 'Unknown' with message 'You are not authorized to perform this operation.' in 'create_stemcell' CPI method – Ensure proper CPI version – Update IAM policy  "ec2:RegisterImage",  "ec2:DeregisterImage",  "ec2:CopyImage" – Update KMS Key policy to include user "Sid": "Allow use of the key", "Effect": "Allow", "Principal": { "AWS": […, “user“,…] "Sid": "Allow attachment of persistent resources", "Effect": "Allow", "Principal": { "AWS": [[…, “user“,…]  Replace existing stemcells – bosh upload-stemcell –fix – Change version number  From: bosh-aws-xen-hvm-ubuntu-trusty-go_agent/3541.4  To: encrypted-bosh-aws-xen-hvm-ubuntu-trusty-go_agent/3541.4.1  Write your own routine for checking encryption status
Multi-Factor Authentication 10/10/2018 19 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.  Ops Man – Changing to SAML from internal doesn't allow for SAML configuration updates – If you get locked out, manually modify the installation files  Locate, decrypt and edit the installation.yml and actual-installation.yml  Apps Man/CF – Leverage SAML/Enterprise Identity  Custom Applications – Leverage SAML/Enterprise Identity
Vulnerability Scans: What We Did About It 10/10/2018 20 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.  Process and collaboration around application security  Create and maintain a repository  Continuous improvement through feedback and training  Guideline and template update EMPHASIS ON BECOMING PROACTIVE
In Conclusion 10/10/2018 21 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. #BOOMSAUCE Josh Kirchmeier Josh.Kirchmeier@Raytheon.com @jkirchmeier https://www.linkedin.com/in/joshuakirchmeier Garrett Klok gklok@raytheon.com @gklok https://www.linkedin.com/in/garrett-klok

Recomendados

Implant Sciences (OTCQB:IMSC) Presentation
Implant Sciences (OTCQB:IMSC) Presentation Implant Sciences (OTCQB:IMSC) Presentation
Implant Sciences (OTCQB:IMSC) Presentation Investorideas.com
 
Red Cat - Investor Presentation Mar 2021
Red Cat - Investor Presentation Mar 2021Red Cat - Investor Presentation Mar 2021
Red Cat - Investor Presentation Mar 2021RedChip Companies, Inc.
 
Positive id PositiveID Corporation (OTCBB:PSID) Conference Presentation
Positive id PositiveID Corporation (OTCBB:PSID) Conference PresentationPositive id PositiveID Corporation (OTCBB:PSID) Conference Presentation
Positive id PositiveID Corporation (OTCBB:PSID) Conference PresentationInvestorideas.com
 
EMC SourceOne for SharePoint
EMC SourceOne for SharePointEMC SourceOne for SharePoint
EMC SourceOne for SharePointJ. David Morris
 
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...VMware Tanzu
 
eGRC for Information Export Control
eGRC for Information Export ControleGRC for Information Export Control
eGRC for Information Export ControlNextLabs, Inc.
 
2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deckRichard (Dick) Kaufman
 
Red Cat - Investor Presentation Feb 2021
Red Cat - Investor Presentation Feb 2021Red Cat - Investor Presentation Feb 2021
Red Cat - Investor Presentation Feb 2021RedChip Companies, Inc.
 

Recomendados

Implant Sciences (OTCQB:IMSC) Presentation
Implant Sciences (OTCQB:IMSC) Presentation Implant Sciences (OTCQB:IMSC) Presentation
Implant Sciences (OTCQB:IMSC) Presentation Investorideas.com
 
Red Cat - Investor Presentation Mar 2021
Red Cat - Investor Presentation Mar 2021Red Cat - Investor Presentation Mar 2021
Red Cat - Investor Presentation Mar 2021RedChip Companies, Inc.
 
Positive id PositiveID Corporation (OTCBB:PSID) Conference Presentation
Positive id PositiveID Corporation (OTCBB:PSID) Conference PresentationPositive id PositiveID Corporation (OTCBB:PSID) Conference Presentation
Positive id PositiveID Corporation (OTCBB:PSID) Conference PresentationInvestorideas.com
 
EMC SourceOne for SharePoint
EMC SourceOne for SharePointEMC SourceOne for SharePoint
EMC SourceOne for SharePointJ. David Morris
 
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...VMware Tanzu
 
eGRC for Information Export Control
eGRC for Information Export ControleGRC for Information Export Control
eGRC for Information Export ControlNextLabs, Inc.
 
2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deckRichard (Dick) Kaufman
 
Red Cat - Investor Presentation Feb 2021
Red Cat - Investor Presentation Feb 2021Red Cat - Investor Presentation Feb 2021
Red Cat - Investor Presentation Feb 2021RedChip Companies, Inc.
 
Red Cat-Investor-Deck-Benchmark
Red Cat-Investor-Deck-BenchmarkRed Cat-Investor-Deck-Benchmark
Red Cat-Investor-Deck-BenchmarkRedChip Companies, Inc.
 
Red Cat-Investor-Deck-Benchmark
Red Cat-Investor-Deck-BenchmarkRed Cat-Investor-Deck-Benchmark
Red Cat-Investor-Deck-BenchmarkRedChip Companies, Inc.
 
Rick-Garcia (1)
Rick-Garcia (1)Rick-Garcia (1)
Rick-Garcia (1)Rick Garcia
 
2017 highlights q4 v9 draft print
2017 highlights q4 v9 draft print2017 highlights q4 v9 draft print
2017 highlights q4 v9 draft printaristanetworks2017
 
NIST 800-125 a DRAFT (HyperVisor Security)
NIST 800-125 a DRAFT (HyperVisor Security)NIST 800-125 a DRAFT (HyperVisor Security)
NIST 800-125 a DRAFT (HyperVisor Security)David Sweigert
 
Powering the Intelligent Edge: HPE's Strategy and Direction for IoT & Big Data
Powering the Intelligent Edge: HPE's Strategy and Direction for IoT & Big DataPowering the Intelligent Edge: HPE's Strategy and Direction for IoT & Big Data
Powering the Intelligent Edge: HPE's Strategy and Direction for IoT & Big DataDataWorks Summit
 
DevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps.com
 
Techyy
TechyyTechyy
TechyyLucas Alexandre
 
MatterPoint Overview
MatterPoint OverviewMatterPoint Overview
MatterPoint OverviewBob Rivas
 
Maris Deck Dec 2021
Maris Deck Dec 2021Maris Deck Dec 2021
Maris Deck Dec 2021RedChip Companies, Inc.
 
eGestalt Named a 2012 'Emerging Vendor' by CRN and UBM Channel
eGestalt Named a 2012 'Emerging Vendor' by CRN and UBM ChanneleGestalt Named a 2012 'Emerging Vendor' by CRN and UBM Channel
eGestalt Named a 2012 'Emerging Vendor' by CRN and UBM Channelflashnewsrelease
 
February 15-17, 2011 - ITAR Boot Camp Brochure
February 15-17, 2011 - ITAR Boot Camp BrochureFebruary 15-17, 2011 - ITAR Boot Camp Brochure
February 15-17, 2011 - ITAR Boot Camp BrochureJohn Priecko
 
2018 highlights-q1
2018 highlights-q12018 highlights-q1
2018 highlights-q1aristanetworks2017
 
dynaCERT 2016 December 09 Press Release
dynaCERT 2016 December 09 Press ReleasedynaCERT 2016 December 09 Press Release
dynaCERT 2016 December 09 Press ReleasedynaCERT Inc.
 
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChanneleGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChannelAegify Inc.
 
System z Mainframe Data with Amazon S3 and Amazon Glacier (ENT107) | AWS re:I...
System z Mainframe Data with Amazon S3 and Amazon Glacier (ENT107) | AWS re:I...System z Mainframe Data with Amazon S3 and Amazon Glacier (ENT107) | AWS re:I...
System z Mainframe Data with Amazon S3 and Amazon Glacier (ENT107) | AWS re:I...Amazon Web Services
 
Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.360factors
 
2018 highlights-q1
2018 highlights-q12018 highlights-q1
2018 highlights-q1aristanetworks2017
 
2018 highlights q1
2018 highlights q12018 highlights q1
2018 highlights q1aristanetworks2017
 
Nutanix .Next 2017 - Choosing The Right Nutanix Platform
Nutanix .Next 2017 - Choosing The Right Nutanix PlatformNutanix .Next 2017 - Choosing The Right Nutanix Platform
Nutanix .Next 2017 - Choosing The Right Nutanix PlatformMarc Trouard-Riolle
 
What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItVMware Tanzu
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023VMware Tanzu
 

Más contenido relacionado

Similar a The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Environment #BoomSauce

2017 highlights q4 v9 draft print
2017 highlights q4 v9 draft print2017 highlights q4 v9 draft print
2017 highlights q4 v9 draft printaristanetworks2017
 
NIST 800-125 a DRAFT (HyperVisor Security)
NIST 800-125 a DRAFT (HyperVisor Security)NIST 800-125 a DRAFT (HyperVisor Security)
NIST 800-125 a DRAFT (HyperVisor Security)David Sweigert
 
Powering the Intelligent Edge: HPE's Strategy and Direction for IoT & Big Data
Powering the Intelligent Edge: HPE's Strategy and Direction for IoT & Big DataPowering the Intelligent Edge: HPE's Strategy and Direction for IoT & Big Data
Powering the Intelligent Edge: HPE's Strategy and Direction for IoT & Big DataDataWorks Summit
 
DevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps.com
 
MatterPoint Overview
MatterPoint OverviewMatterPoint Overview
MatterPoint OverviewBob Rivas
 
eGestalt Named a 2012 'Emerging Vendor' by CRN and UBM Channel
eGestalt Named a 2012 'Emerging Vendor' by CRN and UBM ChanneleGestalt Named a 2012 'Emerging Vendor' by CRN and UBM Channel
eGestalt Named a 2012 'Emerging Vendor' by CRN and UBM Channelflashnewsrelease
 
February 15-17, 2011 - ITAR Boot Camp Brochure
February 15-17, 2011 - ITAR Boot Camp BrochureFebruary 15-17, 2011 - ITAR Boot Camp Brochure
February 15-17, 2011 - ITAR Boot Camp BrochureJohn Priecko
 
dynaCERT 2016 December 09 Press Release
dynaCERT 2016 December 09 Press ReleasedynaCERT 2016 December 09 Press Release
dynaCERT 2016 December 09 Press ReleasedynaCERT Inc.
 
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChanneleGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChannelAegify Inc.
 
System z Mainframe Data with Amazon S3 and Amazon Glacier (ENT107) | AWS re:I...
System z Mainframe Data with Amazon S3 and Amazon Glacier (ENT107) | AWS re:I...System z Mainframe Data with Amazon S3 and Amazon Glacier (ENT107) | AWS re:I...
System z Mainframe Data with Amazon S3 and Amazon Glacier (ENT107) | AWS re:I...Amazon Web Services
 
Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.360factors
 
Nutanix .Next 2017 - Choosing The Right Nutanix Platform
Nutanix .Next 2017 - Choosing The Right Nutanix PlatformNutanix .Next 2017 - Choosing The Right Nutanix Platform
Nutanix .Next 2017 - Choosing The Right Nutanix PlatformMarc Trouard-Riolle
 

Similar a The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Environment #BoomSauce (20)

Red Cat-Investor-Deck-Benchmark
Red Cat-Investor-Deck-BenchmarkRed Cat-Investor-Deck-Benchmark
Red Cat-Investor-Deck-Benchmark
 
Red Cat-Investor-Deck-Benchmark
Red Cat-Investor-Deck-BenchmarkRed Cat-Investor-Deck-Benchmark
Red Cat-Investor-Deck-Benchmark
 
Rick-Garcia (1)
Rick-Garcia (1)Rick-Garcia (1)
Rick-Garcia (1)
 
2017 highlights q4 v9 draft print
2017 highlights q4 v9 draft print2017 highlights q4 v9 draft print
2017 highlights q4 v9 draft print
 
NIST 800-125 a DRAFT (HyperVisor Security)
NIST 800-125 a DRAFT (HyperVisor Security)NIST 800-125 a DRAFT (HyperVisor Security)
NIST 800-125 a DRAFT (HyperVisor Security)
 
Powering the Intelligent Edge: HPE's Strategy and Direction for IoT & Big Data
Powering the Intelligent Edge: HPE's Strategy and Direction for IoT & Big DataPowering the Intelligent Edge: HPE's Strategy and Direction for IoT & Big Data
Powering the Intelligent Edge: HPE's Strategy and Direction for IoT & Big Data
 
DevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps for Highly Regulated Environments
DevOps for Highly Regulated Environments
 
Techyy
TechyyTechyy
Techyy
 
MatterPoint Overview
MatterPoint OverviewMatterPoint Overview
MatterPoint Overview
 
Maris Deck Dec 2021
Maris Deck Dec 2021Maris Deck Dec 2021
Maris Deck Dec 2021
 
eGestalt Named a 2012 'Emerging Vendor' by CRN and UBM Channel
eGestalt Named a 2012 'Emerging Vendor' by CRN and UBM ChanneleGestalt Named a 2012 'Emerging Vendor' by CRN and UBM Channel
eGestalt Named a 2012 'Emerging Vendor' by CRN and UBM Channel
 
February 15-17, 2011 - ITAR Boot Camp Brochure
February 15-17, 2011 - ITAR Boot Camp BrochureFebruary 15-17, 2011 - ITAR Boot Camp Brochure
February 15-17, 2011 - ITAR Boot Camp Brochure
 
2018 highlights-q1
2018 highlights-q12018 highlights-q1
2018 highlights-q1
 
dynaCERT 2016 December 09 Press Release
dynaCERT 2016 December 09 Press ReleasedynaCERT 2016 December 09 Press Release
dynaCERT 2016 December 09 Press Release
 
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChanneleGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
 
System z Mainframe Data with Amazon S3 and Amazon Glacier (ENT107) | AWS re:I...
System z Mainframe Data with Amazon S3 and Amazon Glacier (ENT107) | AWS re:I...System z Mainframe Data with Amazon S3 and Amazon Glacier (ENT107) | AWS re:I...
System z Mainframe Data with Amazon S3 and Amazon Glacier (ENT107) | AWS re:I...
 
Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.
 
2018 highlights-q1
2018 highlights-q12018 highlights-q1
2018 highlights-q1
 
2018 highlights q1
2018 highlights q12018 highlights q1
2018 highlights q1
 
Nutanix .Next 2017 - Choosing The Right Nutanix Platform
Nutanix .Next 2017 - Choosing The Right Nutanix PlatformNutanix .Next 2017 - Choosing The Right Nutanix Platform
Nutanix .Next 2017 - Choosing The Right Nutanix Platform
 

Más de VMware Tanzu

What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItVMware Tanzu
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023VMware Tanzu
 
Enhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleEnhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleVMware Tanzu
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023VMware Tanzu
 
Platforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductPlatforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductVMware Tanzu
 
Building Cloud Ready Apps
Building Cloud Ready AppsBuilding Cloud Ready Apps
Building Cloud Ready AppsVMware Tanzu
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And BeyondVMware Tanzu
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfSpring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023VMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023VMware Tanzu
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptxVMware Tanzu
 
Tanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchTanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchVMware Tanzu
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishVMware Tanzu
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVMware Tanzu
 
Tanzu Developer Connect - French
Tanzu Developer Connect - FrenchTanzu Developer Connect - French
Tanzu Developer Connect - FrenchVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023VMware Tanzu
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootVMware Tanzu
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerVMware Tanzu
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeSpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeVMware Tanzu
 
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsVMware Tanzu
 

Más de VMware Tanzu (20)

What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About It
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023
 
Enhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleEnhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at Scale
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023
 
Platforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductPlatforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a Product
 
Building Cloud Ready Apps
Building Cloud Ready AppsBuilding Cloud Ready Apps
Building Cloud Ready Apps
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And Beyond
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfSpring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptx
 
Tanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchTanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - French
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - English
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - English
 
Tanzu Developer Connect - French
Tanzu Developer Connect - FrenchTanzu Developer Connect - French
Tanzu Developer Connect - French
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software Engineer
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeSpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs Practice
 
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
 

Último

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 

Último (20)

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 

The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Environment #BoomSauce

  • 1. Copyright © 2018, Raytheon Company. All rights reserved. #BOOMSAUCE: THE ANATOMY OF BUILDING A COMPLIANT PCF SERVICE IN A LIMITED-CONNECTIVITY ENVIRONMENT Josh Kirchmeier Garrett Klok Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.
  • 2. First – A Disclaimer  The specifics of what we’re doing are sensitive, so information cannot be shared  Regulatory compliance is NOT a destination, but instead a complex and twisty road full of shear drops and sudden stops – even if we had all of today’s answers, what you need to do will be different tomorrow 10/10/2018 2 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. THERE IS NO COOKBOOK FOR REGULATORY COMPLIANCE — YOUR MILEAGE WILL VARY
  • 3. 3 RAYTHEON COMPANY – A TECHNOLOGY AND INNOVATION LEADER SPECIALIZING IN DEFENSE, CIVIL GOVERNMENT AND CYBERSECURITY SOLUTIONS THROUGHOUT THE WORLD.  2017 NET SALES: $25 BILLION  64,000 EMPLOYEES WORLDWIDE  HEADQUARTERS: WALTHAM, MASSACHUSETTS Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.
  • 4. 4 GLOBAL PRESENCE ALWAYS THERE. DEDICATED TO OUR GLOBAL CUSTOMERS. Raytheon Company is deeply committed to global partnerships, providing solutions and services to valued customers in more than 80 countries and building upon international relationships to best meet the national security and technology needs of nations around the world. Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.
  • 5. Raytheon Digital Transformation 10/10/2018 5 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.
  • 6. DevOps at Raytheon 10/10/2018 6 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. Images used from: https://commons.wikimedia.org/wiki/ Collaboration Documentation Requirements Agile Planning Task Mgmt Development Design & Arch Test Mgmt Static Analysis Package Mgmt Artifact Mgmt Automation Solution Delivery Capacity Mgmt Availability App Health Customer Eng/Sat TOOLCHAINS SANDBOX DEV/TEST PRODUCTION
  • 7. PCF as a Service (PCFaaS) 10/10/2018 7 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. DEFINE SERVICE TENANTS  Achieve Compliance and Security Requirements  Enable Speed and Agility to our Development Teams  Provide High Availability and Resiliency SCOPE SERVICES TO WHAT IS NEEDED AND ALLOWED CONTROL AND ARTICULATE SCOPES Keith Rodwell SpringOne 2017 Presentation AGILE APPROACH TO SERVICE DELIVERY  Establish a roadmap and service guardrails  What is in and out of your service  How to request new capabilities  Share a near and long term roadmap
  • 8. PCF as a Service (PCFaaS) 10/10/2018 8 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. CONSTRUCT A SERVICE MODEL  Service strategy and responsibilities  How the service will operate (deploy, scale and maintain) the platform  Standard services and capabilities (now and roadmap)  One stop shop for everything in the service DEFER COST MODEL /CHARGEBACK  Wait if you can!  Focus on building adoption  Allow the platform team time to understand the platform  Allow developers and stakeholders to see the value Pivotal Chargeback
  • 9. Our PCFaaS Service Value Proposition 10/10/2018 9 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. *https://content.pivotal.io/blog/pivotal-cloud-foundry-s-roadmap-for-2016 https://commons.wikimedia.org/wiki/File:Devops-toolchain.svg HIGH AVAILABILITY SECURITY & COMPLIANCEDEVELOPER PRODUCTIVITY OPERATOR EFFICIENCY CUSTOMER here is what i need provide me business value i do not care how - Garrett Klok (Raytheon) COMPLIANCE here are policies go and make me compliant i do not care how - Garrett Klok (Raytheon) DEVELOPMENT here is my source code run it on the cloud for me i do not care how - Onsi Fakhouri (Pivotal)* OPERATIONS here are my servers go make them a cloud foundry i do not care how - Onsi Fakhouri (Pivotal)*
  • 10. Compliance? 10/10/2018 10 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.
  • 11. Compliance Because… 10/10/2018 11 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. IDS Headquartered in Tewksbury, Massachusetts, Integrated Defense Systems specializes in air and missile defense, large land- and sea- based radars, and systems for managing command, control, communications, computers, cyber and intelligence. It also produces sonars, torpedoes and electronic systems for ships. FORCEPOINTTM Forcepoint is transforming cybersecurity by focusing on what matters most: understanding people’s intent as they interact with critical data and intellectual property wherever it resides. Forcepoint’s Human Point System enables customers to understand the normal rhythm of user behavior and the flow of data throughout an organization to rapidly identify and eliminate risk. Based in Austin, Texas, Forcepoint protects the human point for thousands of enterprise and government customers in more than 150 countries. IIS Headquartered in Dulles, Virginia, Intelligence, Information and Services designs and delivers solutions and services that leverage its deep expertise in cyber, analytics and automation. Software, systems integration, and the support and sustainment of Raytheon and other companies’ systems for intelligence, military and civil applications are delivered across four domains: space, cyber, mission readiness, and multi-domain battlespace management command and control. RMS Headquartered in Tucson, Arizona, Missile Systems is the premier global effects provider across broad addressable markets. The business designs, integrates, delivers and supports weapons systems for all missions spanning all domains, including interceptors for ballistic missile defense. It operates at the forefront of advanced technology development, including hypersonic weapons programs and directed energy systems. International operations include Raytheon UK, Raytheon ELCAN, and Raytheon Emirates. SAS Headquartered in McKinney, Texas, Space and Airborne Systems is a leading provider of radar and sensor systems on airborne and space- based platforms. The business also provides communications, electronic warfare, high-energy laser solutions and special mission aircraft for the network-centric battlefield. Research advancements range from linguistics to quantum computing. INTEGRATED DEFENSE SYSTEMS INTELLIGENCE, INFORMATION AND SERVICES MISSILE SYSTEMS SPACE AND AIRBORNE SYSTEMS FORCEPOINT POWERED BY RAYTHEON OUR BUSINESSES MAKE THE WORLD A SAFER PLACE
  • 12. Defense Industry Regulations 10/10/2018 12 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.  International Traffic in Arms Regulations (ITAR) – U.S. government export and import of defense-related articles and services regulations BE FAMILIAR WITH THE REGULATIONS THAT YOU’RE DESIGNING TO MEET ITAR, EAR, CUI and NIST 800-171  Controlled Unclassified Information (CUI) – Data that must be safeguarded and/or dissemination controlled by U.S. government regulation  Export Administration Regulations (EAR) – Commercial import and export regulations  NIST 800-171 – Protecting CUI in nonfederal information systems and organizations
  • 13. DFARS 10/10/2018 13 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.  A supplement to the FAR that provides DoD-specific acquisition regulations that DoD government acquisition officials – and those contractors doing business with DoD – must follow in the procurement process for goods and services DEFENSE FEDERAL ACQUISITION REGULATION SUPPLEMENT NIST 800-53 / 800-171 FAMILIES OF CONTROLS Access Control Media Protection Awareness and Training Personnel Security Audit and Accountability Physical Protection Configuration Management Risk Assessment Identification and Authentication Security Assessment Incident Response System and Communication Protection Maintenance System and Information Integrity
  • 14. DFARS: Controls Addressed 10/10/2018 14 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.  Encryption – System and Communications Protection (3.13) – Data at rest/motion/use  Multi-Factor Authentication – Identification and Authentication (3.5) – Something you have/know/are  Vulnerability Scans – Risk Assessment (3.11) – Remediate and mitigate threats
  • 15. Limited-Connectivity Environment Challenges 10/10/2018 15 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.  Certificates – Unable to copy SSL certificates to Concourse runtime containers  Proxies – Unable to set proxy on Concourse worker VMs  Off-line (i.e. Air-Gapped) Pipelines – Pipelines have assumptions (e.g. internet connectivity, 3 AZs, …)  Security Constraints – Images, source code and binaries pulled only from private registries/repos  Controls on top of GovCloud – Additional rules and practices enforcing compliance
  • 16. Encryption: Made Easy 10/10/2018 16 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.  BOSH Internal/Ops Man – Encrypt AMI while copying to your AMIs  AWS Console, or  AWS CLI  PAS – Encrypt EBS Volumes  Ops Manager Director AWS Config aws ec2 copy-image --source-image-id ami-xxxxxxxx --source-region us-gov-west-1 --region us-gov-west-1 --name encrypted-ops- manager-ami --encrypted --kms-key-id arn:aws-us-gov:kms:us-gov-west-1:############:key/<custom-kms-key-id>
  • 17. Encryption: Made Not So Easy 10/10/2018 17 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.  Encrypt stemcells – bosh repack-stemcell  Modify cloud properties – Update cpi.yml - type: replace path: /resource_pools/name=vms/stemcell? value: url: file://~/stemcells/encrypted-light-bosh-stemcell-3468.21-aws-xen-hvm-ubuntu-trusty-go_agent.tgz ... - type: replace path: /resource_pools/name=vms/cloud_properties? value: instance_type: m4.xlarge ephemeral_disk: type: gp2 size: ### encrypted: true kms_key_arn: "arn:aws-us-gov:kms:us-gov-west-1:<userid>:key/<kms-key-id>" availability_zone: ((az)) ... - type: replace path: /disk_pools/name=disks/cloud_properties? value: type: gp2 encrypted: true kms_key_arn: "arn:aws-us-gov:kms:us-gov-west-1:<userid>:key/<kms-key-id>"
  • 18. Encryption: Gotchas/Tips 10/10/2018 18 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.  Unknown CPI error 'Unknown' with message 'You are not authorized to perform this operation.' in 'create_stemcell' CPI method – Ensure proper CPI version – Update IAM policy  "ec2:RegisterImage",  "ec2:DeregisterImage",  "ec2:CopyImage" – Update KMS Key policy to include user "Sid": "Allow use of the key", "Effect": "Allow", "Principal": { "AWS": […, “user“,…] "Sid": "Allow attachment of persistent resources", "Effect": "Allow", "Principal": { "AWS": [[…, “user“,…]  Replace existing stemcells – bosh upload-stemcell –fix – Change version number  From: bosh-aws-xen-hvm-ubuntu-trusty-go_agent/3541.4  To: encrypted-bosh-aws-xen-hvm-ubuntu-trusty-go_agent/3541.4.1  Write your own routine for checking encryption status
  • 19. Multi-Factor Authentication 10/10/2018 19 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.  Ops Man – Changing to SAML from internal doesn't allow for SAML configuration updates – If you get locked out, manually modify the installation files  Locate, decrypt and edit the installation.yml and actual-installation.yml  Apps Man/CF – Leverage SAML/Enterprise Identity  Custom Applications – Leverage SAML/Enterprise Identity
  • 20. Vulnerability Scans: What We Did About It 10/10/2018 20 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.  Process and collaboration around application security  Create and maintain a repository  Continuous improvement through feedback and training  Guideline and template update EMPHASIS ON BECOMING PROACTIVE
  • 21. In Conclusion 10/10/2018 21 Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. #BOOMSAUCE Josh Kirchmeier Josh.Kirchmeier@Raytheon.com @jkirchmeier https://www.linkedin.com/in/joshuakirchmeier Garrett Klok gklok@raytheon.com @gklok https://www.linkedin.com/in/garrett-klok