Identity Management and Compliance in OpenShift

Similar documents
TEN LAYERS OF CONTAINER SECURITY

TRAINING AND CERTIFICATION UPDATE

Backup strategies for Stateful Containers in OpenShift Using Gluster based Container-Native Storage

TEN LAYERS OF CONTAINER SECURITY. Kirsten Newcomer Security Strategist

Red Hat Roadmap for Containers and DevOps

ACCELERATE APPLICATION DELIVERY WITH OPENSHIFT. Siamak Sadeghianfar Sr Technical Marketing Manager, April 2016

CoreOS and Red Hat. Reza Shafii Joe Fernandes Brandon Philips Clayton Coleman May 2018

AGILE RELIABILITY WITH RED HAT IN THE CLOUDS YOUR SOFTWARE LIFECYCLE SPEEDUP RECIPE. Lutz Lange - Senior Solution Architect Red Hat

Accelerate at DevOps Speed With Openshift v3. Alessandro Vozza & Samuel Terburg Red Hat

MOBILIZING AND SECURING RED HAT JBOSS BPM SUITE & BRMS

FISMA COMPLIANCE FOR CONTAINERIZED APPS

OPENSTACK Building Block for Cloud. Ng Hwee Ming Principal Technologist (Telco) APAC Office of Technology

S Automating security compliance for physical, virtual, cloud, and container environments

Red Hat Cloud Platforms with Dell EMC. Quentin Geldenhuys Emerging Technology Lead

Container Deployment and Security Best Practices

Identity Management In Red Hat Enterprise Linux. Dave Sirrine Solutions Architect

Red Hat Quay 2.9 Deploy Red Hat Quay - Basic

Red Hat Quay 2.9 Deploy Red Hat Quay on OpenShift

Go Faster: Containers, Platforms and the Path to Better Software Development (Including Live Demo)

Learn. Connect. Explore.

TEN LAYERS OF CONTAINER SECURITY

THE STATE OF CONTAINERS

The Road to Digital Transformation: Increase Agility Building and Managing Cloud Infrastructure. Albert Law Solution Architect Manager

K8s(Kubernetes) and SDN for Multi-access Edge Computing deployment

Taming your heterogeneous cloud with Red Hat OpenShift Container Platform.

RED HAT OPENSHIFT A FOUNDATION FOR SUCCESSFUL DIGITAL TRANSFORMATION

PUBLIC AND HYBRID CLOUD: BREAKING DOWN BARRIERS

OpenShift Hyper-Converged Infrastructure Bare Metal Deployment with Containerized Gluster

Microservices with Red Hat. JBoss Fuse

WHITE PAPER. RedHat OpenShift Container Platform. Benefits: Abstract. 1.1 Introduction

RED HAT CLOUDFORMS. Chris Saunders Cloud Solutions

Red Hat Container Catalog Consuming Container Images from Red Hat and its Ecosystem. Dirk Herrmann Product Owner Container Catalog May 2nd 2017

CREATING A CLOUD STRONGHOLD: Strategies and Methods to Manage and Secure Your Cloud

OpenShift on Public & Private Clouds: AWS, Azure, Google, OpenStack

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

Love Containers, Love Devops, Love Openshift, Where's my business case?

IT S COMPLICATED: THE ENTERPRISE OPEN SOURCE VENDOR RELATIONSHIP. Red Hat s POV

WHEN CONTAINERS AND VIRTUALIZATION DO - AND DON T - WORK TOGETHER

CUSTOMIZE & SECURE YOUR ENTERPRISE MOBILE SALESFORCE INTEGRATIONS LIKE RED HAT

RED HAT QUAY. As part of OCP Architecture Workshop. Technical Deck

Red Hat Container Strategy Ahmed El-Rayess

Security oriented OpenShift within regulated environments

K8s(Kubernetes) and SDN for Multi-access Edge Computing deployment

Red Hat JBoss Middleware for OpenShift 3

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Operating and managing an Atomic container-based infrastructure

Managing Protected and Controlled Data with Globus. Vas Vasiliadis

ForeScout CounterACT. (AWS) Plugin. Configuration Guide. Version 1.3

Exam : JN Title : Juniper Networks Certified Internet Assoc(JNCIA-SSL) Exam. Version : Demo

Security & Compliance in the AWS Cloud. Amazon Web Services

IBM Single Sign On for Bluemix Version December Identity Bridge Configuration topics

Good Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy

What s New in Red Hat OpenShift Container Platform 3.4. Torben Jäger Red Hat Solution Architect

Red Hat CloudForms 4.6

Ansible Tower Quick Setup Guide

EASILY DEPLOY AND SCALE KUBERNETES WITH RANCHER

JBoss AMQ 7 Technical Deep Dive

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Container-Native Applications

Kubernetes Integration Guide

The future of data centers

Build an open hybrid cloud and paint it red and blue

Container Security. Marc Skinner Principal Solutions Architect

ArcGIS Online A Security, Privacy, and Compliance Overview. Andrea Rosso Michael Young

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

OPENSTACK AGILITY. RED HAT RELIABILITY.

Red Hat CloudForms 4.1 Managing Providers

VMWARE PKS. What is VMware PKS? VMware PKS Architecture DATASHEET

BOMGAR.COM BOMGAR VS. WEBEX UPDATED: 2/28/2017

Red Hat CloudForms 4.6

RED HAT'S CONTAINER STRATEGY. Lars Herrmann General Manager, RHEL, RHEV and Containers June 24, 2015

Kubernetes made easy with Docker EE. Patrick van der Bleek Sr. Solutions Engineer NEMEA

A Greybeard's Worst Nightmare

70-532: Developing Microsoft Azure Solutions

Cloud Essentials for Architects using OpenStack

INTRODUCING CONTAINER-NATIVE VIRTUALIZATION

Container in Production : Openshift 구축사례로 이해하는 PaaS. Jongjin Lim Specialist Solution Architect, AppDev

Hacking and Hardening Kubernetes

Red Hat Containers Roadmap. Red Hat A panel of product directors

Container Management : First Looks

VMWARE PIVOTAL CONTAINER SERVICE

Table of Contents. Configure and Manage Logging in to the Management Portal Verify and Trust Certificates

Load Balancing Nginx Web Servers with OWASP Top 10 WAF in AWS

Red Hat Cloud Suite 1.1

Kubernetes Performance-Sensitive Application Platform

Container Orchestration on Amazon Web Services. Arun

Leveraging Azure Services for a Scalable Windows Remote Desktop Deployment

AWS Reference Design Document

271 Waverley Oaks Rd. Telephone: Suite 206 Waltham, MA USA

VMWARE ENTERPRISE PKS

Distributed API Management in a Hybrid Cloud Environment

Hitachi & Red Hat collaborate: Container migration guide

Discover SUSE Manager

OnCommand Cloud Manager 3.2 Deploying and Managing ONTAP Cloud Systems

ForeScout Amazon Web Services (AWS) Plugin

Red Hat OpenStack Platform 10 Product Guide

OpenShift 3 Technical Architecture. Clayton Coleman, Dan McPherson Lead Engineers

Liferay Security Features Overview. How Liferay Approaches Security

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

Mobile API Management and Integration

Transcription:

Identity Management and Compliance in OpenShift Or Use DevOps to Make Your Auditors and Suits Happy Marc Boorshtein CTO, Tremolo Security Ellen Newlands Senior Security Product Manager, Cloud Business Unit at Red Hat May 3, 2017

Who Are We? Marc Boorshtein - CTO Tremolo Security, Inc. 15+ years of identity management implementation experience Multiple deployments across large commercial and federal customers Ellen Newlands - Senior Security Product Manager, Cloud Business Unit at Red Hat Red Hat Product Manager for Identity and Access Management Extensive experience in enterprise and WEB identity management and single sign-on

What Will We Be Talking About? Why is identity management and compliance important to you? What is compliance? How does identity management apply to compliance? How does Red Hat and OpenShift manage security? What compliance looks like without and with DevOps How OpenShift manages it s identities Demo!

Why is Compliance Important to You? It s not just for meetings and auditors... DevOps + Identity Management = ( + )

What is Compliance? When someone asks if you re compliant... NIST 800-53 Step 1 - Define Your Policy Step 2 - Follow Your Policy Criminal Justice Information Systems (CJIS) NIST 800-53 Framework CJIS Implementation

Where Does Identity Management Fit? NIST 800-53 AC-2 / Authorizes access to the information system based on: 1. A valid access authorization; Request for access is approved by your manager Criminal Justice Information Systems (CJIS) Section 5.6.2.1.1 - Passwords Identity Management Identity Management

OpenShift Container Platform Security Integrated security features including Role-based Access Controls with LDAP and OAuth integration Privilege access management Automated certificate management Scalable secrets management Private data and logins exchanged with OpenShift are transmitted over SSL Application passwords are filtered from OpenShift log files and encrypted. Pushing and pulling of private data is done over SSH Authenticated with keys, not passwords, This helps prevent brute force cracking Tools are available for users to deploy similar steps for their applications Visit the Security zone in the Red Hat booth for more information on OpenShift & container security

Red Hat Enterprise Linux: Support Compliance for OpenShift Red Hat Enterprise Linux provides the foundation for secure, scalable containers CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER ORCHESTRATION & CLUSTER MANAGEMENT (KUBERNETES) NETWORKING STORAGE REGISTRY LOGS & METRICS SECURITY CONTAINER RUNTIME & PACKAGING (DOCKER) On bare metal, on Red Hat Virtualization Red Hat OpenShift Dedicated available on both AWS & GCP ATOMIC HOST RED HAT ENTERPRISE LINUX In your datacenter or the public cloud Red Hat provides industry-leading responsiveness to security vulnerabilities OpenShift on public cloud inherits the security features of your public cloud provider For example, to know more about the security of Amazon EC2

Identity Management Compliance Without DevOps User needs access to an application User emails project owner asking for access Admin creates access and stores email in special folder Admin tells user they re approved to access the project Auditor asks for approval trail Admin forwards emails Project owner forwards to admin with the word approved :-(

Identity Management Compliance With DevOps User needs access to a project Logs into IDM and requests access IDM system creates access and builds audit trail IDM system notifies user of access Auditor logs into IDM system Auditor pulls reports Project owner clicks Approve :-D

How this applies to OpenShift WHO? WHAT? User Object in EtcD LDAP OpenID Connect Reverse Proxy + Header WHY? External Workflow Subject + Role + Project = RoleBinding Local Objects Management OpenShift Console LDAP Sync oadm Web services

Demo

DEMO

Shameless Self Promotion Booth 145 Mobile Battery Chargers Screen Cleaners Web - http://tremolo.io Twitter - @tremolosecurity / @mlbiam Github - https://www.github.com/tremolosecurity/ Blog this session is based on https://www.tremolosecurity.com/openshift-compliance-and-identity-management/

THANK YOU plus.google.com/+redhat facebook.com/redhatinc linkedin.com/company/red-hat twitter.com/redhatnews youtube.com/user/redhatvideos

How this applies to OpenShift Layer Technology In Demo Cloud OpenStack - Keystone Amazon - IAM etc N/A Operating System 1. 2. 3. LDAP AD SSSD Red Hat Identity Management

How this applies to OpenShift Layer OpenShift Console and CLI Container Technology Authentication LDAP Password File OpenID Connect Header + Reverse Proxy Authorization Internal User and Group objects Web services LDAP Sync 1. 2. External Identity Provider External User System In Demo Authentication Username + Password KeyCloak U2F - Unison Compliance Banner Unison OpenID Connect Authorization Unison self service N/A

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback