DockerCon SF 2015: How to Build a Secure DevOps Environment for the Government

4 likes4,078 views

The document discusses how Booz Allen is helping the General Services Administration (GSA) Integrated Award Environment (IAE) transition to a secure DevOps environment using Docker. Specifically: - The IAE currently has 10 separate monolithic applications that are difficult to manage, so Booz Allen is helping them build a common service platform abstracted from business applications using Docker. - This will provide foundational capabilities like identity and access management for future IAE applications to be developed upon, replacing the current siloed environment. - Booz Allen is using tools like Docker, Jenkins, Chef, AWS, and Consul to automate the build and deployment of containers, improve security, and allow

Technology

How to Build a Secure DevOps
Environment for the Government
@Normalfaults
#Dockercon

• The current application development cycle is very
long and cumbersome due to large monolithic
application stacks
• The new IAE Common Service Platform (CSP)
focuses on building business specific applications
that is abstracted from the platform
• Booz Allen is using docker to drive abstraction
between business specific applications and the
platform
• Specific numbers of repeated VMs in each current
application
• The solution eliminates configuration drift, and
reduces attack surface area from developers
Using Docker to
Drive Transformation
for
General Services
Administration
(GSA) - Integrated
Award Environment
(IAE)

https://flic.kr/p/dERZT6 - m01

Current State –
Monolithic, Stand
alone application
The current IAE environment has 10
Free-standing web-based systems
Running in silos and different
environments
IAM
RDMS
API
Analytic
s
App-
Business
Logic
LB
IAM
RDMS
API
Report
IAM
RDMS
API
Search
IAM
RDMS
API
Analytic
s
Application 1 Application 2 Application 3 Application 4
BusinessLogic
App-
Business
Logic
LB
App-
Business
Logic
LB
App-
Business
Logic
LB
Services

Target State –
Business focused
abstracted from the
common platform
The CSP will provide the foundational
capability upon which the future IAE
Core Applications will be developed
IAM
API
Analytics
Data Services
Search/Reports
Security
Cloud Infrastructure
Business
Logic
Platform
Application 1
BusinessLogicServices
Business
Logic
Application 2
Business
Logic
Application 3
Business
Logic
Application 4

Partners and
Technologies
Together driving innovation forward

Demo Flow
Github
Enterprise
Jenkins
Project
Jellyfish/
Portal
Chef
AWS/EC2
RHEL 7.1
SWARM
Interlock
HAPROXY
Container(s
)
Consul
Git Push
Docker
Trusted
Registry
Docker
Trusted
Registry

Benefits
• Improved customer-centric
services
• Increased time-to-market
• Reduced cost
• Creates opportunities for new
business
• Target state of 2 week production
sprints for platform and new
applications
• Decrease time for security review

Lessons Learned
• Docker Bench CIS to ensure secure
dockerhost baseline
• Keep environment simple and
build up with ingredients (Swarm,
Machine, Compose)
• Simplifying Security Process by
focus on building small base
images
• Automated Certificate
management for TLS is still a
challenge (machine)
• Rolling container updates on hosts

Open Source
http://gsa.github.io/
openIAE/

Next Steps
• Image Governance through
provenance
• Inserting secrets in containers
with Keywhiz - https://
square.github.io/keywhiz/
• Check out DIOGO MÓNICA and
NATHAN MCCAULEY Dockercon
talks
• Container Networking

Links
• GSA IAE http://gsa.github.io/openIAE/
• Interlock - https://github.com/ehazlett/
interlock
• Conduit - https://github.com/ehazlett/
conduit
• Consul.io - https://www.consul.io/
• Project Jellyfish – https://
projectjellyfish.org
• Umbrella API – http://apiumbrella.io
• Bot.io – Booz Allen Open Tech

Thanks! 
 
Nirmal Mehta 
mehta_nirmal@bah.com 
Github/Twitter: @normalfaults 
projectjellyfish.org 
bot.io 
#Dockercon

More Related Content

What's hot (20)

PDF

How to build your containerization strategyDocker, Inc.

PDF

DCSF19 Docker Containers & Java: What I Wish I Had Been ToldDocker, Inc.

PPTX

An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...VMware Tanzu

PDF

Automation CI CD with Gitlab, Java, docker on Hidora - JelasticHidora

PDF

DCSF 19 Developing Apps with Containers, Functions and Cloud ServicesDocker, Inc.

PDF

Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelDocker, Inc.

PDF

DCSF19 Adding a Modern API Layer to ‘Dockerized’ Legacy Apps Docker, Inc.

PDF

DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...Docker, Inc.

ODP

DevOps @ OpenShift OnlineOpenShift Origin

PDF

Modernizing Java Apps with DockerDocker, Inc.

PDF

DCSF 19 How Entergy is Mitigating Legacy Windows Operating System Vulnerabili...Docker, Inc.

PDF

DCEU 18: 5 Patterns for Success in Application TransformationDocker, Inc.

PDF

Automating CICD Pipeline with GitLab and Docker Containers for Java ApplicationsJelastic Multi-Cloud PaaS

PPTX

Top 5 benefits of dockerJohn Zaccone

PPTX

CI CD using Docker and JenkinsSukant Kumar

PDF

Docker Meetup at Docker HQ: Docker CloudDocker, Inc.

PDF

DockerCon 18 Cool Hacks: Cloud Native ML with Docker Enterprise EditionDocker, Inc.

PDF

DockerCon EU 2015: Official Repos and Project NautilusDocker, Inc.

PDF

DCEU 18: How To Build Your Containerization StrategyDocker, Inc.

PDF

Docker ee an architecture and operations overviewDocker, Inc.

How to build your containerization strategyDocker, Inc.

DCSF19 Docker Containers & Java: What I Wish I Had Been ToldDocker, Inc.

An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...VMware Tanzu

Automation CI CD with Gitlab, Java, docker on Hidora - JelasticHidora

DCSF 19 Developing Apps with Containers, Functions and Cloud ServicesDocker, Inc.

Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelDocker, Inc.

DCSF19 Adding a Modern API Layer to ‘Dockerized’ Legacy Apps Docker, Inc.

DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...Docker, Inc.

DevOps @ OpenShift OnlineOpenShift Origin

Modernizing Java Apps with DockerDocker, Inc.

DCSF 19 How Entergy is Mitigating Legacy Windows Operating System Vulnerabili...Docker, Inc.

DCEU 18: 5 Patterns for Success in Application TransformationDocker, Inc.

Automating CICD Pipeline with GitLab and Docker Containers for Java ApplicationsJelastic Multi-Cloud PaaS

Top 5 benefits of dockerJohn Zaccone

CI CD using Docker and JenkinsSukant Kumar

Docker Meetup at Docker HQ: Docker CloudDocker, Inc.

DockerCon 18 Cool Hacks: Cloud Native ML with Docker Enterprise EditionDocker, Inc.

DockerCon EU 2015: Official Repos and Project NautilusDocker, Inc.

DCEU 18: How To Build Your Containerization StrategyDocker, Inc.

Docker ee an architecture and operations overviewDocker, Inc.

Viewers also liked (20)

PDF

DockerCon SF 2015: Maintaining the Official Node.js Docker ImageDocker, Inc.

PPTX

The Future of Hardware-Backed KeysDocker, Inc.

PPTX

DockerCon SF 2015: Panel Discussion Birds of a Different Feather Soar TogetherDocker, Inc.

PDF

On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad AfanahDocker, Inc.

PDF

Victor Vieux at Docker Paris Meetup #1Docker, Inc.

PDF

Distributed, Real-time Web AppsDocker, Inc.

PDF

DockerCon14 Contributing to Docker by TianonDocker, Inc.

PDF

DockerCon Recap - Online Meetup by Ben FirshmanDocker, Inc.

PDF

Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ Docker, Inc.

PDF

Docker LinksDocker, Inc.

PPTX

The Mushroom Cloud Effect or What Happens When Containers Fail? by Alois Mayr...Docker, Inc.

PDF

Docker Online Meetup #3: Docker in ProductionDocker, Inc.

PPTX

Open source is good for both business and humanityDocker, Inc.

PDF

WOT Cloud Computing Architect SummitDocker, Inc.

PPTX

DockerCon SF 2015: How to talk to humansDocker, Inc.

PPTX

DockerCon 16 - Moby's Cool Hack SessionDocker, Inc.

PPTX

Dockerfile Basics Workshop #1Docker, Inc.

PDF

Understanding Containers through Gaming by Brendan Fosberry Docker, Inc.

PPTX

Dockerizing WordPressDocker, Inc.

PDF

Securing your Containers (Meetup at Docker HQ 4/7)Docker, Inc.

DockerCon SF 2015: Maintaining the Official Node.js Docker ImageDocker, Inc.

The Future of Hardware-Backed KeysDocker, Inc.

DockerCon SF 2015: Panel Discussion Birds of a Different Feather Soar TogetherDocker, Inc.

On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad AfanahDocker, Inc.

Victor Vieux at Docker Paris Meetup #1Docker, Inc.

Distributed, Real-time Web AppsDocker, Inc.

DockerCon14 Contributing to Docker by TianonDocker, Inc.

DockerCon Recap - Online Meetup by Ben FirshmanDocker, Inc.

Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ Docker, Inc.

Docker LinksDocker, Inc.

The Mushroom Cloud Effect or What Happens When Containers Fail? by Alois Mayr...Docker, Inc.

Docker Online Meetup #3: Docker in ProductionDocker, Inc.

Open source is good for both business and humanityDocker, Inc.

WOT Cloud Computing Architect SummitDocker, Inc.

DockerCon SF 2015: How to talk to humansDocker, Inc.

DockerCon 16 - Moby's Cool Hack SessionDocker, Inc.

Dockerfile Basics Workshop #1Docker, Inc.

Understanding Containers through Gaming by Brendan Fosberry Docker, Inc.

Dockerizing WordPressDocker, Inc.

Securing your Containers (Meetup at Docker HQ 4/7)Docker, Inc.

Similar to DockerCon SF 2015: How to Build a Secure DevOps Environment for the Government (20)

PDF

Monoliths to microservices workshopJudy Breedlove

PDF

VMworld 2013: Best Practices for Application Lifecycle Management with vCloud...VMworld

PDF

VMworld Europe 2014: A DevOps Story - Unlocking the Power of Docker with the ...VMworld

PDF

Adopting PCF At An Automobile ManufacturerGregor Zurowski

PDF

Adopting PCF At An Automobile ManufacturerVMware Tanzu

PPTX

VMworld 2015: Container Orchestration with the SDDCVMworld

PDF

Smarter z/OS Software Delivery using Rational Enterprise Cloud SolutionsJean-Yves Rigolet

PDF

7 flavours of devops implementationAspire Systems

PDF

Datasheet weblogic midvisionextensionforibmrafMidVision

PDF

[WSO2Con EU 2017] How a Large Organization Weighted on a WSO2 Integration Pla...WSO2

PDF

Implementing DevOps – How it came to the fore, its key elements and example d...Barton George

PDF

Windows Server 2003 EOS : l'opportunité de repenser votre IT et mettre en pla...Microsoft Décideurs IT

PDF

Windows Server 2003 EOS : l'opportunité de repenser votre IT et mettre en pla...Microsoft Technet France

PDF

Windows Server 2003 EOS : l'opportunité de repenser votre IT et mettre en pla...Microsoft Décideurs IT

PDF

Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...Matt Ray

PDF

Developer want change Ops want control - devopsVenkat Janardhanam, MS, MBA

PPTX

Edge 2016 Session 1886 Building your own docker container cloud on ibm power...Yong Feng

PPTX

Java, app servers and oracle application gridAlicja Sieminska

PDF

Whats new in Enterprise 5.0 Product SuiteMicro Focus

PPTX

Moving existing apps to the cloudTiera Fann, MBA

Monoliths to microservices workshopJudy Breedlove

VMworld 2013: Best Practices for Application Lifecycle Management with vCloud...VMworld

VMworld Europe 2014: A DevOps Story - Unlocking the Power of Docker with the ...VMworld

Adopting PCF At An Automobile ManufacturerGregor Zurowski

Adopting PCF At An Automobile ManufacturerVMware Tanzu

VMworld 2015: Container Orchestration with the SDDCVMworld

Smarter z/OS Software Delivery using Rational Enterprise Cloud SolutionsJean-Yves Rigolet

7 flavours of devops implementationAspire Systems

Datasheet weblogic midvisionextensionforibmrafMidVision

[WSO2Con EU 2017] How a Large Organization Weighted on a WSO2 Integration Pla...WSO2

Implementing DevOps – How it came to the fore, its key elements and example d...Barton George

Windows Server 2003 EOS : l'opportunité de repenser votre IT et mettre en pla...Microsoft Décideurs IT

Windows Server 2003 EOS : l'opportunité de repenser votre IT et mettre en pla...Microsoft Technet France

Windows Server 2003 EOS : l'opportunité de repenser votre IT et mettre en pla...Microsoft Décideurs IT

Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...Matt Ray

Developer want change Ops want control - devopsVenkat Janardhanam, MS, MBA

Edge 2016 Session 1886 Building your own docker container cloud on ibm power...Yong Feng

Java, app servers and oracle application gridAlicja Sieminska

Whats new in Enterprise 5.0 Product SuiteMicro Focus

Moving existing apps to the cloudTiera Fann, MBA

More from Docker, Inc. (20)

PDF

Containerize Your Game Server for the Best Multiplayer Experience Docker, Inc.

PDF

How to Improve Your Image Builds Using Advance Docker BuildDocker, Inc.

PDF

Build & Deploy Multi-Container Applications to AWSDocker, Inc.

PDF

Securing Your Containerized Applications with NGINXDocker, Inc.

PDF

How To Build and Run Node Apps with Docker and ComposeDocker, Inc.

PDF

Hands-on Helm Docker, Inc.

PDF

Distributed Deep Learning with Docker at SalesforceDocker, Inc.

PDF

The First 10M Pulls: Building The Official Curl Image for Docker HubDocker, Inc.

PDF

Monitoring in a Microservices WorldDocker, Inc.

PDF

COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...Docker, Inc.

PDF

Predicting Space Weather with DockerDocker, Inc.

PDF

Become a Docker Power User With Microsoft Visual Studio CodeDocker, Inc.

PDF

How to Use Mirroring and Caching to Optimize your Container RegistryDocker, Inc.

PDF

Monolithic to Microservices + Docker = SDLC on Steroids!Docker, Inc.

PDF

Kubernetes at Datadog ScaleDocker, Inc.

PDF

Labels, Labels, Labels Docker, Inc.

PDF

Build & Deploy Multi-Container Applications to AWSDocker, Inc.

PDF

From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...Docker, Inc.

PDF

Developing with Docker for the Arm ArchitectureDocker, Inc.

PDF

Sharing is Caring: How to Begin Speaking at ConferencesDocker, Inc.

Containerize Your Game Server for the Best Multiplayer Experience Docker, Inc.

How to Improve Your Image Builds Using Advance Docker BuildDocker, Inc.

Build & Deploy Multi-Container Applications to AWSDocker, Inc.

Securing Your Containerized Applications with NGINXDocker, Inc.

How To Build and Run Node Apps with Docker and ComposeDocker, Inc.

Hands-on Helm Docker, Inc.

Distributed Deep Learning with Docker at SalesforceDocker, Inc.

The First 10M Pulls: Building The Official Curl Image for Docker HubDocker, Inc.

Monitoring in a Microservices WorldDocker, Inc.

COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...Docker, Inc.

Predicting Space Weather with DockerDocker, Inc.

Become a Docker Power User With Microsoft Visual Studio CodeDocker, Inc.

How to Use Mirroring and Caching to Optimize your Container RegistryDocker, Inc.

Monolithic to Microservices + Docker = SDLC on Steroids!Docker, Inc.

Kubernetes at Datadog ScaleDocker, Inc.

Labels, Labels, Labels Docker, Inc.

Build & Deploy Multi-Container Applications to AWSDocker, Inc.

From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...Docker, Inc.

Developing with Docker for the Arm ArchitectureDocker, Inc.

Sharing is Caring: How to Begin Speaking at ConferencesDocker, Inc.

Recently uploaded (20)

PDF

SWEBOK Guide and Software Services Engineering EducationHironori Washizaki

PDF

Empower Inclusion Through Accessible Java ApplicationsAna-Maria Mihalceanu

PDF

Bitcoin for Millennials podcast with Bram, Power Laws of BitcoinStephen Perrenod

PDF

"AI Transformation: Directions and Challenges", Pavlo ShaternikFwdays

PDF

Building Real-Time Digital Twins with IBM Maximo & ArcGIS IndoorsSafe Software

PPTX

Webinar: Introduction to LF Energy EVerestDanBrown980551

PPTX

Q2 FY26 Tableau User Group Leader Quarterly Calllward7

PDF

Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdfdarshakparmar

PDF

Agentic AI lifecycle for Enterprise Hyper-AutomationDebmalya Biswas

PPTX

AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptxsameeraaabegumm

PDF

How Startups Are Growing Faster with App Developers in Australia.pdfIndia App Developer

PPTX

AI Penetration Testing Essentials: A Cybersecurity Guide for 2025defencerabbit Team

PDF

Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025faizk77g

PDF

New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025BookNet Canada

PDF

Chris Elwell Woburn, MA - Passionate About IT InnovationChris Elwell Woburn, MA

PDF

HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...mcastillo49

PDF

Timothy Rottach - Ramp up on AI Use Cases, from Vector Search to AI Agents wi...AWS Chicago

PDF

"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...Fwdays

PDF

From Code to Challenge: Crafting Skill-Based Games That Engage and Rewardaiyshauae

PPTX

WooCommerce Workshop: Bring Your LaptopLaura Hartwig