Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Isobar, AIS, Mitre, Akamai
23 May 2018
Montgomery IT Summit Common Computing Environment (CCE) - Common Services, Automation Panel
2CCE
Why CCE?
• Common Computing Environment: we provide the guardrails to the cloud in a standard manner so you can focus on your mission
• Fully Automated: All environmental stand-up is managed by automation scripts drastically speeding up deployment, reducing manual work and human error
• Single, federated, MFA Security Tier: there is one login across all logins with one user that all management applications leverage, no secondary logins, non elevated machine accounts. Fully audited for all management activities
• SecDevOps Focused: secure, mission driven deployments are built into the framework to ensure self-service and seamless deployments
• Proactive Scaling and System Monitoring: Mission Owners can see all operational metrics and provide rules and alerts to manager each mission their way
• Accreditation Inheritance and real time compliance monitoring: Using Xacta we have loaded the CCE level packages for the CSP, USAF and DoD, as well as CCE. All that’s left for the mission is the controls that are unique to them
CCE 3
CCE Access: Compliant, Federated Access Control for All Management Systems
CAC User
GCDSCAP / VDSS
GCDS
Management Active Directory
Common Gateway Services
BastionHost
CCE Resource(CSP Portal, Jenkins,
Artifactory, etc.)
“One Identify to rule them all, no secondary logins, no elevated machine accounts”
Single Identity – Secure MFA Login – Federated to ALL Systems
CCE
4CCE
CCE Access: Video Demo
5CCE
CCE Access: Landing Page
6CCE
CCE Access: Redirect to Federation & CAC Prompt
7CCE
CCE Access: Role-Based Access to Resources
8CCE
CCE Access: Federated Bastion Host Access
9CCE
CCE Access: Consent Agreement
10CCE
CCE Access: Federated AWS Access
11CCE
CCE Access: Federated AWS Dashboard
CCE 12
CCE Release Process: A Single, Secure Code Promotion Pipeline
Developers
Source Code
INTEGRATION APPLICATION ACCOUNT
Incoming Artifacts
Scanning
Instances
CCE COMMON SERVICESINTEGRATION
Build tool
CCE COMMON SERVICESTEST
TEST APPLICATION ACCT
Instances
Instances
PROD APPLICATION ACCT
Instances
Instances
CCE COMMON SERVICESPROD
Deployable to ProdApproved for Test Deployable to Test Approved for Prod
Deployable to Integration
Instances
CCE
DEPLOYMENTTOOL
DEPLOYMENTTOOL
DEPLOYMENTTOOL
13CCE
CCE Release Process: CCE Deployments in Azure
CCE 14
APPLICATION HOSTING
CCE Leverages AWS and Azure provided, fully managed platforms for application hosting.
DATABASE PAAS
CCE Leverages AWS and Azure provided, fully managed database platforms.
CLOUD MONITORING & ALERTING
Logging, Monitoring, Alerting, and Audit all leverage AWS and Azure provided capabilities.
Auto-Scaling, Self Healing CCE Environments
15CCE
CCE Demo: Auto-Scaling & Monitoring in Azure
16CCE
CCE Demo: Environment Self-Healing in AWS
CCE
CCE – Real-Time Compliance
Continuous Monitoring of controls
allows for “perpetual ATOs” and
real-time compliance status.
No more Periodic paper-drills!
The “common” in “Common Computing Environment” supports significant inheritance
App
CCE
DoD & USAF Policy
AWS / Azure
CCE 17
18CCE
Automating RMF with Xacta 360
19CCE
Continuous Monitoring and “real time” Compliance