Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cloud Native in the US Federal Government

Jez Humble
September 27, 2017
Technology
1
580

Cloud Native in the US Federal Government

Going cloud native in a highly regulated context presents challenges of its own. In this talk, Jez Humble will share with you the platform created by the cloud.gov team at 18F, and the benefits it brought to federal agencies seeking to use the cloud.

Video here: https://skillsmatter.com/skillscasts/10688-looking-forward-to-jez-humble-talk

Jez Humble

September 27, 2017
Tweet

More Decks by Jez Humble

See All by Jez Humble
Is DevOps still relevant in a cloud native world (enterprise edition)?
jezhumble
7
1.2k
Building and Scaling High Performing Technology Organizations
jezhumble
20
500
What I Learned From 5 Years Sciencing the Crap Out Of Devops
jezhumble
10
290
DevOps Leadership Workshop
jezhumble
10
310
DORA overview
jezhumble
6
18k
"Well Actually..." Answers to Diversity and Inclusion FAQ Based on Data and Research
jezhumble
7
1.7k
If You Don’t Know Where You’re Going, It Doesn’t Matter How Fast You Get There
jezhumble
9
1.5k
Leading a DevOps Transformation
jezhumble
6
1.3k
Growing a Culture of Experimentation
jezhumble
3
1.2k

Other Decks in Technology

See All in Technology
Androidアプリの良いユニットテストを考える / Thinking about good unit tests for Android apps
tkmnzm
3
1.7k
Jetpack Glanceではじめる Material 3のColor
mochico
1
600
フロントエンドの開発生産性とは
yosuke_furukawa
PRO
14
6k
Amazon SES のバウンス率が急上昇 〜Amazon SES を止めてしまった日〜
tomuro
3
2.2k
承認コネクタについて
miyakemito
1
130
JPOUG Tech Talk Night #7 ASAHI
asahihidehiko
0
200
DevOpsDays Taipei 2023 行前攻略
devopstaiwan
0
260
データベーススペシャリストというキャリアと生存戦略 ~10年後も変わらないこと、変わること / career-spiral
soudai
16
4.5k
Building smarter apps with machine learning, from magic to reality
picardparis
4
3.6k
【新卒研修資料】基礎統計学 / Basic of statistics
brainpadpr
70
47k
DDD e Team Topologies como estes conceitos podem te dar pistas de como montar seus times de engenharia!!!
claudioed
2
280
Microsoft Azure Well-Architected Framework でセキュアに
masakamayama
1
180

Featured

See All Featured
Adopting Sorbet at Scale
ufuk
66
8.1k
What's in a price? How to price your products and services
michaelherold
236
10k
Build your cross-platform service in a week with App Engine
jlugia
223
17k
Building Effective Engineering Teams - LeadDev
addyosmani
20
940
Optimizing for Happiness
mojombo
368
67k
What's new in Ruby 2.0
geeforr
336
30k
Typedesign – Prime Four
hannesfritz
35
1.8k
Scaling GitHub
holman
455
140k
Statistics for Hackers
jakevdp
787
210k
10 Git Anti Patterns You Should be Aware of
lemiorhan
644
56k
Making Projects Easy
brettharned
104
5.1k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
152
14k

Transcript

  1. @jezhumble
    cloud native london, 27 september 2017
    cloud native in the us federal government

    View Slide

  2. principles for building a paas
    why we built cloud.gov
    what cloud.gov is
    implementation
    agenda

    View Slide

  3. Let’s ship it!

    View Slide

  4. Or not.

    View Slide

  5. Shipping software isn’t
    rocket science

    View Slide

  6. Is the launch checklist working?

    View Slide

  7. The U.S. Government's
    Digital Launch Checklist

    View Slide

  8. Records Management
    Records Schedule
    Privacy Act
    Paperwork Reduction Act
    Section 508 and Accessibility Standards
    Federal Acquisition Regulation
    Anti-deficiency Act
    Economy Act
    E-Government Act
    Computer Matching Act
    National Cyber Protection System
    Guidance for Agency Use of Third-Party Websites and Applications
    Social Media and Web-Based Interactive Technologies
    Office of Management Budget Circular A-130 Appendix 3
    Federal Information Security and Management Act
    Federal Information Processing Standard (FIPS) 199
    Federal Information Processing Standard (FIPS) 200
    Federal Information Processing Standard (FIPS) 140-2
    Special Publication 800-37
    Special Publication 800-53 Revision 4
    Special Publication 800-60 Volume 1
    Special Publication 800-60 Volume 2

    View Slide

  9. Special Publication 800-18
    Special Publication 800-137
    Special Publication 800-171
    Special Publication 800-133
    Special Publication 800-95
    EINSTEIN Compliance
    FedRAMP
    OMB Guidance on third party websites and applications
    OMB Memo M-14-04
    OMB Memo M-15-01
    Trusted Internet Connection 2.o Reference Architecture
    Pages in total:
    4006

    View Slide

  10. My friend, you can clearly see the
    intention of FIPS 140-2 Annex A was to
    deprecate SHA-1 on the lunar new
    year...

    View Slide

  11. http://dx.doi.org/10.6028/NIST.SP.800-53r4

    View Slide

  12. http://dx.doi.org/10.6028/NIST.SP.800-53r4

    View Slide

  13. http://dx.doi.org/10.6028/NIST.SP.800-53r4

    View Slide

  14. http://dx.doi.org/10.6028/NIST.SP.800-53r4

    View Slide

  15. View Slide

  16. How long is this going to take?

    View Slide

  17. 6 - 14 months to ship

    View Slide

  18. View Slide

  19. Speed is the new security.

    View Slide

  20. View Slide

  21. Ops
    Dev

    View Slide

  22. IaaS
    Ops
    Dev
    PaaS

    View Slide

  23. View Slide

  24. View Slide

  25. View Slide

  26. compliance
    https://18f.gsa.gov/2017/02/02/cloud-gov-is-now-fedramp-authorized/

    View Slide

  27. push-button deployments
    teams can deploy into a production-like environment from day 1
    architectural paradigm designed for distributed systems
    templates for all your compliance documentation
    most of the controls taken care of at the platform level
    what this gets you

    View Slide

  28. everything must be self-service
    principles for building a paas

    View Slide

  29. what is a cloud?
    NIST SP 800-145, “The NIST Definition of Cloud Computing”

    View Slide

  30. everything must be self-service
    design your platform for multi-tenancy
    principles for building a paas

    View Slide

  31. multi-tenancy

    View Slide

  32. IaaS “one account to rule them all” trade-offs
    • Hard to deal with multi-tenancy & provide a real cloud
    • Significantly higher ongoing maintenance costs
    • Hard to manage sprawl
    • One-size-fits-all platform solution

    View Slide

  33. IaaS multiple accounts trade-offs
    • Can give teams direct control over each account
    • Potentially need to instantiate shared services in each account
    • Still some issues with multi-tenancy

    View Slide

  34. PaaS trade-offs
    • You only need to ATO once
    • RBAC built-in - deals with multi-tenancy
    • Good practices baked in
    • Lower maintenance & operational costs
    • One-size-fits-all solution

    View Slide

  35. use native cloud primitives
    everything must be self-service
    design your platform for multi-tenancy
    everything must be reproducible from version control
    principles for building a paas

    View Slide

  36. download the source: https://github.com/18f/cg-provision

    View Slide

  37. use native cloud primitives
    everything must be self-service
    design your platform for multi-tenancy
    take care of compliance at the platform layer
    everything must be reproducible from version control
    principles for building a paas

    View Slide

  38. © 2017 DevOps Research and Assessment LLC

    View Slide

  39. © 2017 DevOps Research and Assessment LLC

    View Slide

  40. thank you!
    © 2016-7 DevOps Research and Assessment LLC
    https://devops-research.com/
    To receive the following:
    • 30% off my new video course: creating high performance
    organizations
    • 50% off my CD video training, interviews with Eric Ries, and more
    • A copy of this presentation
    • A 100 page excerpt from Lean Enterprise
    • An excerpt from The DevOps Handbook
    • A 20m preview of my Continuous Delivery video workshop
    Just pick up your phone and send an email
    To: [email protected]
    Subject: devops

    View Slide