Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021

Presentation slides from Achieving DevSecOps Outcomes with Tanzu Advanced - March 22, 2021

  • Be the first to comment

  • Be the first to like this

Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021

  1. 1. Confidential │ ©2020 VMware, Inc. Achieving DevSecOps Outcomes with Tanzu Advanced David M. Zendzian (dmz) Global Field CISO, VMware Tanzu James Urquhart Strategic Executive Advisor VMware Tanzu Chris DeLashmutt Principal Solutions Engineer VMware Tanzu
  2. 2. Confidential │ ©2020 VMware, Inc. 2 Build or Acquire Software and the Hardware Required to Run It The Traditional Role of IT Applications Infrastructure
  3. 3. Confidential │ ©2020 VMware, Inc. 3 Deliver better software to production, faster Structured Around Critical Capabilities Applications Infrastructure DEVELOPER EXPERIENCE OPERATOR EXPERIENCE Code and containerize custom applications Reduce risk with curated build packs and services Automate deployment of apps into production Enable developer self- service with K8s across clouds, clusters and teams Apply enterprise observability to drive decisions and reduce risk Ensure secure and reliable communication between services Multi-cloud
  4. 4. Confidential │ ©2020 VMware, Inc. 4 Deliver better software to production faster with less risk Modern Application Demands Change The Conversation Applications Infrastructure LOW TOIL, LOW RISK PATH TO PRODUCTION LOW TOIL, LOW RISK SERVICE DELIVERY Multi-cloud
  5. 5. Confidential │ ©2020 VMware, Inc. Creation (coding, sourcing, unit testing, dev local workspace) Build/Verify (CI, build, integration testing, registry, security scanning, etc) Deploy/Operate (CD, configuration, automation, load/stress testing) Connect (Networking, load balancing, ingress/egress, etc.) Observe (K8S, compute, network, storage, self-service) Five areas of focus for DevSecOps
  6. 6. Confidential │ ©2020 VMware, Inc. 7 DevSecOps Capabilities – Build, Run, Manage The Right Tools, The Right Parts Modern businesses operate in a regulated world; it is only when internal policy, governance and audit teams partner with developers that they can fully meet these regulations.
  7. 7. Confidential │ ©2020 VMware, Inc. 8 DevSecOps Capabilities – Create The Right Tools, The Right Parts Developers should focus on building great software, not achieving basic security for well- known architectures.
  8. 8. Confidential │ ©2020 VMware, Inc. 9 Development environment • Tools • Databases • Services • Kubernetes CODE DevSecOps Flow – Create Version Control Includes: • Developer’s local development environment • IDEs and editors • Debugging tools • Docker/containerd • Application Stack • Frameworks • Libraries • Middleware/Runtime • Required shared services • Databases and file stores • Message/event queues • Cloud services • Version Control
  9. 9. “In order to do all these things that would keep you ahead of the curve, you need to have agility, you need to be able to kind of dream something in the morning and deliver them by evening.” Confidential │ ©2020 VMware, Inc. VIRAJ NAIK Lead Solutions Architect, Travelers Insurance Confidential │ ©2021 VMware, Inc.
  10. 10. Confidential │ ©2020 VMware, Inc. 11 DevSecOps Capabilities – Build/Verify The Right Tools, The Right Parts Bulding, testing, and packaging distributed applications requires a trusted supply- chain, verification of build integrity, and ensuring the immutability of delivered containers.
  11. 11. Confidential │ ©2020 VMware, Inc. 12 Automated container packaging • Validated • Reproducible builds • Security and patching CI Container image registry • Secure artifacts with policies and role-based access • Image scanning and signing DevSecOps Flow – Build/Verify Version Control Includes: • Cloud Native Build Packs • Curated/Validated • CVE and Bug Mitigations • Upstream • Automated Builds
  12. 12. “Scanned and verified ‘golden images’ are the bedrock of your container security.” Confidential │ ©2020 VMware, Inc. FORRESTER RESEARCH "Best Practices For Container Security," July 2020 Confidential │ ©2021 VMware, Inc.
  13. 13. Confidential │ ©2020 VMware, Inc. 14 DevSecOps Capabilities – Deploy/Operate The Right Tools, The Right Parts Running custom software securely is not the act of a single organization or a single toolset. Intrinsic security is only achieved by an intentional coordination of security concerns, both between dependencies and up and down the stack.
  14. 14. Confidential │ ©2020 VMware, Inc. 15 Container image registry • Secure artifacts with policies and role-based access • Image scanning and signing CD CUSTOMER Validated catalog of runtimes and images • Curated, secure, validated OSS images DevSecOps Flow – Deploy/Operate Open source aligned Kubernetes • Certified, conformant Kubernetes runtime • Cluster-API-driven lifecycle management Centralized management for multiple clusters across clouds • Policy management, enforcement • Identity and access management • Backup and restore
  15. 15. Confidential │ ©2020 VMware, Inc. 16 “By 2025, more than 85% of global organizations will be running containerized applications in production, which is a significant increase from fewer than 35% in 2019.” Confidential │ ©2020 VMware, Inc. GARTNER “Best Practices for Running Containers and Kubernetes in Production,” Published 4 August 2020 Confidential │ ©2021 VMware, Inc.
  16. 16. Confidential │ ©2020 VMware, Inc. 18 DevSecOps Capabilities – Connect/Observe The Right Tools, The Right Parts Managing (and securing) a complex systems portfolio requires being able to see the system and both its intended and emergent behaviors.
  17. 17. Confidential │ ©2020 VMware, Inc. 19 CUSTOMER DevSecOps Flow – Connect Open source aligned Kubernetes • Certified, conformant Kubernetes runtime • Cluster-API-driven lifecycle management Centralized management for multiple clusters across clouds • Policy management, enforcement • Identity and access management • Backup and restore Connect and protect applications • Encrypted traffic, security policies, firewall
  18. 18. Confidential │ ©2020 VMware, Inc. 21 CUSTOMER DevSecOps Flow – Observe Open source aligned Kubernetes • Certified, conformant Kubernetes runtime • Cluster-API-driven lifecycle management Centralized management for multiple clusters across clouds • Policy management, enforcement • Identity and access management • Backup and restore Observability • Visibility across applications, clusters based on open standards Connect and protect applications • Encrypted traffic, security policies, firewall
  19. 19. Confidential │ ©2020 VMware, Inc. 23 Container image registry • Secure artifacts with policies and role-based access • Image scanning and signing Observability • Visibility across applications, clusters based on open standards Connect and protect applications • Encrypted traffic, security policies, firewall CD Development environment • Tools • Databases • Services • Kubernetes CODE CUSTOMER Automated container packaging • Validated • Reproducible builds • Security and patching CI Open source aligned Kubernetes • Certified, conformant Kubernetes runtime • Cluster-API-driven lifecycle management Centralized management for multiple clusters across clouds • Policy management, enforcement • Identity and access management • Backup and restore Validated catalog of runtimes and images • Curated, secure, validated OSS images DevSecOps Flow Version Control
  20. 20. Confidential │ ©2020 VMware, Inc. 24 VMware Tanzu Advanced Benefits New K8s, same UI Adopt Kubernetes with no additional code or training required Multi-cloud simplified Operate VMs and containers side-by- side with a global control plane Platform Development Drive cloud native architecture Consistent policy Access, back up, controls etc. across all clusters for DevSecOps Cloud native constructs Drive adoption of microservices, containers, and data models App Navigator Drive cloud native patterns Intrinsic security for apps App security part of software development lifecycle Accelerate developer velocity Enable self-service and automate the path to production Application Modernization Catalyst for customer outcomes OPS: Embrace move to containers and K8s Simplify operation across multi-cloud SEC: Secure containers and open source Reduce risk across app portfolio DEV: Deliver apps and updates faster Re-platform or re-factor app-by-app Architect: Enable agile business through software Eliminate friction of Dev, Sec, and Ops

×