Secure DevOps with Zero Trust Networking
AUTOMATION, AGILITY, SIMPLICITY & SECURITY WITH NETFOUNDRY
Ansible Security Cloud: no open inbound SSH ports
Ansible does a fantastic job of security on the software side. Meanwhile, Ansible users are responsible for the secure networking side, and this is where it gets complicated. Managing bastion hosts, routing and firewall rules is cumbersome and defeats the purpose of why we use Ansible to begin with.
In comes “Ansible Security Cloud” zero trust, open source based Ansible networking. It is a service you control and can be spun up and down in minutes – via Ansible.
Read how we implemented OpenZiti zero trust networking endpoints… inside Ansible.
SaltStack meets OpenZiti – configuration management with zero trust
The vulnerability exploit (CVE-2020-11651 and CVE-2020-11652) of May 2020 brought to focus/attention the need to secure SaltStack from the network. With OpenZiti, we now use SaltStack without exposing any SaltStack masters to the internet. Read how we did it, here.
Jenkins is a high-value target as it tends to store sensitive data, powerful credentials needed to deploy cloud infrastructure and applications automatically moreover a compromised Jenkins server is also an opportunity to introduce malicious code into a build.
Here is our solution for existing Jenkins users to continue using Jenkins after switching off the internet visibility of the server(limit access to the server). Also explained the configuration in GitHub and Jenkins for two jobs that are both triggered by a GitHub event.
A New Art of the possible for CI/CD
Imagine the levels of automation and security you would achieve if you could make it so that every asset touched by your CI/CD pipeline was unreachable by the networks, other than when your pipeline needed access. You can now have a secure devops experience with secure networking, controlled by your devops pipeline, as code.
This quick video demo shows how simple this new art of the possible can be.
Private Kubernetes APIs Made Simple
This is how we did it for Kubernetes platform Platform9.Check out the video to see how simple it can be to make Kubernetes clusters unreachable from the networks with a pure security as code approach.