Cloud Native in the US Federal Government

Transcript

1. @jezhumble cloud native london, 27 september 2017 cloud native in

   the us federal government

2. principles for building a paas why we built cloud.gov what

   cloud.gov is implementation agenda

3. Let’s ship it!

4. Or not.

5. Shipping software isn’t rocket science

6. Is the launch checklist working?

7. The U.S. Government's Digital Launch Checklist

8. Records Management Records Schedule Privacy Act Paperwork Reduction Act Section

   508 and Accessibility Standards Federal Acquisition Regulation Anti-deficiency Act Economy Act E-Government Act Computer Matching Act National Cyber Protection System Guidance for Agency Use of Third-Party Websites and Applications Social Media and Web-Based Interactive Technologies Office of Management Budget Circular A-130 Appendix 3 Federal Information Security and Management Act Federal Information Processing Standard (FIPS) 199 Federal Information Processing Standard (FIPS) 200 Federal Information Processing Standard (FIPS) 140-2 Special Publication 800-37 Special Publication 800-53 Revision 4 Special Publication 800-60 Volume 1 Special Publication 800-60 Volume 2

9. Special Publication 800-18 Special Publication 800-137 Special Publication 800-171 Special

   Publication 800-133 Special Publication 800-95 EINSTEIN Compliance FedRAMP OMB Guidance on third party websites and applications OMB Memo M-14-04 OMB Memo M-15-01 Trusted Internet Connection 2.o Reference Architecture Pages in total: 4006

10. My friend, you can clearly see the intention of FIPS

    140-2 Annex A was to deprecate SHA-1 on the lunar new year...

11. http://dx.doi.org/10.6028/NIST.SP.800-53r4

12. http://dx.doi.org/10.6028/NIST.SP.800-53r4

13. http://dx.doi.org/10.6028/NIST.SP.800-53r4

14. http://dx.doi.org/10.6028/NIST.SP.800-53r4

15. None

16. How long is this going to take?

17. 6 - 14 months to ship

18. None

19. Speed is the new security.

20. None

21. Ops Dev

22. IaaS Ops Dev PaaS

23. None
24. None
25. None

26. compliance https://18f.gsa.gov/2017/02/02/cloud-gov-is-now-fedramp-authorized/

27. push-button deployments teams can deploy into a production-like environment from

    day 1 architectural paradigm designed for distributed systems templates for all your compliance documentation most of the controls taken care of at the platform level what this gets you

28. everything must be self-service principles for building a paas

29. what is a cloud? NIST SP 800-145, “The NIST Definition

    of Cloud Computing”

30. everything must be self-service design your platform for multi-tenancy principles

    for building a paas

31. multi-tenancy

32. IaaS “one account to rule them all” trade-offs • Hard

    to deal with multi-tenancy & provide a real cloud • Significantly higher ongoing maintenance costs • Hard to manage sprawl • One-size-fits-all platform solution

33. IaaS multiple accounts trade-offs • Can give teams direct control

    over each account • Potentially need to instantiate shared services in each account • Still some issues with multi-tenancy

34. PaaS trade-offs • You only need to ATO once •

    RBAC built-in - deals with multi-tenancy • Good practices baked in • Lower maintenance & operational costs • One-size-fits-all solution

35. use native cloud primitives everything must be self-service design your

    platform for multi-tenancy everything must be reproducible from version control principles for building a paas

36. download the source: https://github.com/18f/cg-provision

37. use native cloud primitives everything must be self-service design your

    platform for multi-tenancy take care of compliance at the platform layer everything must be reproducible from version control principles for building a paas

38. © 2017 DevOps Research and Assessment LLC

39. © 2017 DevOps Research and Assessment LLC

40. thank you! © 2016-7 DevOps Research and Assessment LLC https://devops-research.com/

    To receive the following: • 30% off my new video course: creating high performance organizations • 50% off my CD video training, interviews with Eric Ries, and more • A copy of this presentation • A 100 page excerpt from Lean Enterprise • An excerpt from The DevOps Handbook • A 20m preview of my Continuous Delivery video workshop Just pick up your phone and send an email To: [email protected] Subject: devops