Slide 1

Slide 1 text

@jezhumble cloud native london, 27 september 2017 cloud native in the us federal government

Slide 2

Slide 2 text

principles for building a paas why we built cloud.gov what cloud.gov is implementation agenda

Slide 3

Slide 3 text

Let’s ship it!

Slide 4

Slide 4 text

Or not.

Slide 5

Slide 5 text

Shipping software isn’t rocket science

Slide 6

Slide 6 text

Is the launch checklist working?

Slide 7

Slide 7 text

The U.S. Government's Digital Launch Checklist

Slide 8

Slide 8 text

Records Management Records Schedule Privacy Act Paperwork Reduction Act Section 508 and Accessibility Standards Federal Acquisition Regulation Anti-deficiency Act Economy Act E-Government Act Computer Matching Act National Cyber Protection System Guidance for Agency Use of Third-Party Websites and Applications Social Media and Web-Based Interactive Technologies Office of Management Budget Circular A-130 Appendix 3 Federal Information Security and Management Act Federal Information Processing Standard (FIPS) 199 Federal Information Processing Standard (FIPS) 200 Federal Information Processing Standard (FIPS) 140-2 Special Publication 800-37 Special Publication 800-53 Revision 4 Special Publication 800-60 Volume 1 Special Publication 800-60 Volume 2

Slide 9

Slide 9 text

Special Publication 800-18 Special Publication 800-137 Special Publication 800-171 Special Publication 800-133 Special Publication 800-95 EINSTEIN Compliance FedRAMP OMB Guidance on third party websites and applications OMB Memo M-14-04 OMB Memo M-15-01 Trusted Internet Connection 2.o Reference Architecture Pages in total: 4006

Slide 10

Slide 10 text

My friend, you can clearly see the intention of FIPS 140-2 Annex A was to deprecate SHA-1 on the lunar new year...

Slide 11

Slide 11 text

http://dx.doi.org/10.6028/NIST.SP.800-53r4

Slide 12

Slide 12 text

http://dx.doi.org/10.6028/NIST.SP.800-53r4

Slide 13

Slide 13 text

http://dx.doi.org/10.6028/NIST.SP.800-53r4

Slide 14

Slide 14 text

http://dx.doi.org/10.6028/NIST.SP.800-53r4

Slide 15

Slide 15 text

No content

Slide 16

Slide 16 text

How long is this going to take?

Slide 17

Slide 17 text

6 - 14 months to ship

Slide 18

Slide 18 text

No content

Slide 19

Slide 19 text

Speed is the new security.

Slide 20

Slide 20 text

No content

Slide 21

Slide 21 text

Ops Dev

Slide 22

Slide 22 text

IaaS Ops Dev PaaS

Slide 23

Slide 23 text

No content

Slide 24

Slide 24 text

No content

Slide 25

Slide 25 text

No content

Slide 26

Slide 26 text

compliance https://18f.gsa.gov/2017/02/02/cloud-gov-is-now-fedramp-authorized/

Slide 27

Slide 27 text

push-button deployments teams can deploy into a production-like environment from day 1 architectural paradigm designed for distributed systems templates for all your compliance documentation most of the controls taken care of at the platform level what this gets you

Slide 28

Slide 28 text

everything must be self-service principles for building a paas

Slide 29

Slide 29 text

what is a cloud? NIST SP 800-145, “The NIST Definition of Cloud Computing”

Slide 30

Slide 30 text

everything must be self-service design your platform for multi-tenancy principles for building a paas

Slide 31

Slide 31 text

multi-tenancy

Slide 32

Slide 32 text

IaaS “one account to rule them all” trade-offs • Hard to deal with multi-tenancy & provide a real cloud • Significantly higher ongoing maintenance costs • Hard to manage sprawl • One-size-fits-all platform solution

Slide 33

Slide 33 text

IaaS multiple accounts trade-offs • Can give teams direct control over each account • Potentially need to instantiate shared services in each account • Still some issues with multi-tenancy

Slide 34

Slide 34 text

PaaS trade-offs • You only need to ATO once • RBAC built-in - deals with multi-tenancy • Good practices baked in • Lower maintenance & operational costs • One-size-fits-all solution

Slide 35

Slide 35 text

use native cloud primitives everything must be self-service design your platform for multi-tenancy everything must be reproducible from version control principles for building a paas

Slide 36

Slide 36 text

download the source: https://github.com/18f/cg-provision

Slide 37

Slide 37 text

use native cloud primitives everything must be self-service design your platform for multi-tenancy take care of compliance at the platform layer everything must be reproducible from version control principles for building a paas

Slide 38

Slide 38 text

© 2017 DevOps Research and Assessment LLC

Slide 39

Slide 39 text

© 2017 DevOps Research and Assessment LLC

Slide 40

Slide 40 text

thank you! © 2016-7 DevOps Research and Assessment LLC https://devops-research.com/ To receive the following: • 30% off my new video course: creating high performance organizations • 50% off my CD video training, interviews with Eric Ries, and more • A copy of this presentation • A 100 page excerpt from Lean Enterprise • An excerpt from The DevOps Handbook • A 20m preview of my Continuous Delivery video workshop Just pick up your phone and send an email To: [email protected] Subject: devops