IBM Cloud / DOC ID / Month XX, 2018 / © 2018 IBM Corporation

Bezpieczeństwo platformy OpenShiftz wykorzystaniem IBM Cloud—Marcin SpychałaClient Technical Professional

2

3IBM Cloud / DOC ID / Month XX, 2018 / © 2018 IBM Corporation

Znalezienie jasnych zaleceń nie jest łatwe …

Dostępne materiały

FISMA (NIST) & FISMA Moderate (Coalfire)ISO 27001PCI-DSSPCI-DSS Reference Architecture

OpenShift Hardening Guide for 3.10 & 3.11

Warte rozważenia:docker-benchkube-bench

4

Zalecenia

5

Zalecenia

IBM Cloud Security Advisor

Dodatkowe integracje

6

Zalecenia

Problemy i zalecenia

7

Zalecenia

Możliwości platformy

8

Narzędzia

9

Narzędzia

10

Narzędzia

11

Narzędzia

12

Trusted computing - platforma

https://cloud.ibm.com/docs/openshift?topic=openshift-security#threats

13

Trusted computing - architektura

https://www.ibm.com/cloud/architecture/architectures/securityArchitecture

Nie chcę Chmury

https://ibm.box.com/s/mpzwilyna0wnyg5aizf67een93pak044

15

Czego się spodziewać

16

Typowe zagrożenia dla platformy

17

IBM Cloud Security Services - przegląd

18

Czym IBM Cloud zarządza za Ciebie

▸ Automated provisioning and configuration of Infrastructure (compute, network and storage)

▸ Automated installation and configuration of OpenShift, including HA cross zone configuration

▸ Automatic upgrades of all components (operating system, OpenShift components, and in cluster services)

▸ Security patch management for OS and OpenShift

▸ Automatic failure recovery for OpenShift components and worker nodes

▸ Automatic scaling of OpenShift configuration

▸ Automatic backups of core OpenShift ETCD data

▸ Built in integration with cloud platform - monitoring, logging, KeyProtect, IAM, ActivityTracker, Storage, COS,

Security Advisor, Service Catalog, Container Registry and Vulnerability Advisor

▸ Built in Load Balancer, VPN, Proxy, Network edge nodes, Private Clusters and VPC capabilities

▸ Built-in Security including image signing, image deployment enforcement, and hardware trust

▸ 24/7 global SRE team to maintain the health of the environment and help with OpenShift

▸ Global SRE has deep experience and skill in IBM Cloud Infrastructure, Kubernetes and OpenShift,

resulting in much faster problem resolution

▸ Automatic compliance for your OpenShift environment (HIPAA, PCI, SOC2, ISO)

▸ Capacity expansion through a single click

▸ Automatic multi-zone deployment in MZRs, including integration with CIS to do cross zone traffic routing

▸ Automatic Operating System performance tuning and security hardening

19

Porównanie

IBM Cloud / DOC ID / Month XX, 2018 / © 2018 IBM Corporation

To już nie ”początek drogi” – to stare dobre małżeństwo

21

Sprawdź nas!

https://cloud.ibm.com/kubernetes/overview?platformType=openshift