Business Challenge
Our client was using on premises infrastructure primarily to run their products and needed to be able to run in cloud in order to provide more reliable and flexible solutions. In addition, achieving business velocity requires deployment automation as well, for which Google Cloud Platform (GCP) is a solid choice.
However, to be ready to run business application in GCP cloud, our client had to maintain compliance with internal security policies based on NIST SP 800-53 recommendations.
Specific challenges overcome during this project include:
- Estab lishing a PAM solution based on Onion ID
- Integration with corporate AD
- Provisioning Secure VPC
- Provisioning Self-Managed Kubernetes Cluster
- Selecting and Demonstrating Container Security Solution
- Integration with other security controls
Project Description
As a cloud enablement project in collaboration with Google, SoftServe needed to deploy the client’s environment in the GCP with all security policies met and all deployment processes fully automated.
SoftServe created and demonstrated tools and ready to use scripts, host images, and documentation. The entire deployment process was based on best DevOps practices and tools in order to be fully automated, scalable and transferable. The templates, build images and deployed infrastructure included all required security software and is fully compliant with the customer’s security requirements.
SoftServe’s experts leveraged a range of innovative cloud practices and technologies including container platforms like Kubernetes, automation and deployment tools, GCP specific services and flexible API. These were a key part of every deployment stage in tandem with Google’s cloud security recommendations and services.
One of the primary challenges faced during this project was that some of the client’s required security software was not thin integrated with GCP services. But through the collaborative efforts of SoftServe’s highly qualified engineers, Google support and comprehensive communications with customers and software vendors this issue was addressed and the project held on schedule.
Business Value
Today our client’s applications deployed in GCP are compliant with the requisite security policies. The company can run its applications in GCP with the advantages of a rapidly growing cloud service provider.
The implementation of a fully automated deployment process has enhanced productivity as infrastructure and applications are now more controllable and flexible. By implementing these deployment, automation and configuration tools, our client can increase the frequency and quality of product releases, giving them a strong basis to extend their business.
As result of the 8-week engagement, SoftServe team delivered the following:
- Provisioned and demonstrated OnionID PAM solution
- Project provisioning scripts
- Fully automated solution to provision secure VPC with public and private subnets and secure reference images
- Bastion Host with PAM Integration
- Fully automated solution to provision self-managed Kubernetes cluster
- Delivered end to end Container security solution with help twistlock
- Architecture Vision Document with best practices how to manage GCP for Enterprise Organization
This solution reduced onboarding of new projects from multiple weeks to one day and established a reliable security process for containers deployed to Kubernetes clusters as well as proper policy from build to production environments, without needing to scale the security team.