Building secure environments and ensuring adherence to FedRAMP authorization requirements can be complex and cumbersome. Red Hat’s OpenShift Container Platform provides a secure, government-ready platform for containers and DevOps.
In GovLoop’s Gov Security in a Digital World Virtual Summit, Harold Wong, Cloud Architect at Microsoft and Shawn Wells, Chief Security Strategist in Red Hat’s Public Sector, teamed up to provide architectural guidance on deploying Red Hat OpenShift Container Platform in Azure Government, which is a hybrid cloud solution.
First, what are containers and what are the benefits of hybrid cloud, open source and DevOps for government?
“Containers are both an infrastructure and packaging format,” Wells said. “They provide a consistent environment and tools for both developers and IT ops to package, deliver and manage the applications regardless of what the apps look like in development or the framework you’re using. They provide a common set of building blocks for everybody.”
Increasingly, the open source community is easing the government’s shift to containers. “Open source” refers to code or technology that can be modified and shared by anyone because its design is publicly accessible. Instead of just a few agency staff working on a solution, developers all over the country are able to make improvements collectively, which leads to innovation, improved code and better products.
Open source technology and cloud have a long and solid relationship. Most of the largest cloud provider companies are built on open source technologies. What Red Hat does is make this consumable for government users, enabling agencies to take that technology that they’ve been using as public cloud consumers and bring it to their own data centers. This offers end users plenty of benefits as well as open source platforms improve cloud technology and maximize efficiency.
Open source lends itself to a culture ripe for DevOps. DevOps is a process of tying daily operations and IT teams more closely to developers and the production cycles they leverage. This can help government agencies embrace open source and digital channels to better engage citizens, increase reach, become more transparent and improve efficiency.
Accrediting OpenShift on Azure
What can complicate the shift to open source and hybrid cloud are government’s need to adhere to the highest levels of security as well as complex compliance regulations. Microsoft Azure Government delivers a cloud platform built upon the foundational principles of security, privacy and control, compliance and transparency. Public Sector entities receive a physically isolated instance of Microsoft Azure that employs high security and compliance services critical to U.S. government for all systems and applications built on its architecture.
Microsoft Azure helps government achieve hybrid flexibility and consistency across public, private and hosted clouds. Additionally, Azure government offers comprehensive compliance tailored to federal, state and local government compliance standards, including FedRAMP.
In May, 2017, Microsoft and Red Hat partnered to provide reference architecture for agencies seeking to use OpenShift and Azure in government. This reference architecture describes how to deploy and manage Red Hat OpenShift Container Platform on Azure. The Red Hat OpenShift Container Platform allows for specific configuration parameters to be set to take full advantage of cloud-specific features. The document explains both the Azure and OpenShift components used for a successful installation and deployment.
“OpenShift is that secret sauce on top that provides collaboration and self-service as well as ease of use for developers,” Wong said.
“We also wanted to provide security packages and make that publicly available,” Wells said. “Not only do we help automate deployment under Azure, but we also have security to back your platform up and get products to production quickly.”
OpenShift on Azure Security Blueprint
As government agencies increasingly look to adopt DevOps, cloud computing and containers, building the underlying infrastructure on a trusted and secure foundation is critical. Red Hat, in collaboration with Microsoft, released a partner Azure Blueprint for deploying Red Hat OpenShift Container Platform on Microsoft Azure Government. The Azure Blueprint for Red Hat OpenShift Container Platform provides a template for customers looking to more quickly and easily deploy Red Hat OpenShift Container Platform on Microsoft Azure Government.
Using the FedRAMP-provided System Security Plan template, this partner Azure Blueprint releases documents for using Azure Government and Red Hat OpenShift Container Platform components. Joint Azure and Red Hat OpenShift Container Platform users can take this documentation as the basis of their certification paperwork, which can help to reduce the security accreditation effort required to deploy Platform-as-a-Service capabilities.
This initiative has been open sourced through the OpenControl project and released on GitHub. By releasing in the OpenControl format, government users can edit the underlying security documentation as code, and generate end-products as Microsoft Word documents, PDFs or even their own system security plan templates. These Red Hat OpenShift Container Platform on Azure templates are available on GitHub.
While security and compliance can get pretty complicated in government – especially when it comes to hybrid cloud – Red Hat and Microsoft are here to help simplify the process. With additional guidance from industry blueprints, agencies can use open source and DevOps to deploy hybrid cloud platforms that increase productivity and help government to better serve citizens. Best of all, agencies can ensure their security requirements are met.
This blog post is a recap of a session from GovLoop’s recent Gov Security in the Digital World Virtual Summit. For more coverage, head here. To watch the Gov Security in the Digital World Virtual Summit on demand, head here.