From Bare Metal to Private Cloud: Introducing DevSecOps and Cloud Technologies to Naval Systems

Abstract

Virtualizing computing resources provides a myriad of benefits ranging from increased hardware utilization, better disaster recovery, and isolation between the applications and the underlying hardware. Isolation of applications through virtualization presents a significant security increase from the traditional bare metal deployment model and allows for infected machines to be easily deleted, recovered, and reprovisioned to maintain high uptime of mission critical systems. For military and government entities, these abilities are too promising to ignore and motivate many to make the transition to utilize virtual machines in their daily operations. However, handling virtual machines at scale requires much more than hypervisor technology. To fully reap the benefits of virtualization, it is necessary for companies to transition to a scalable virtual infrastructure. This makes cloud technologies and the private cloud deployment model a highly attractive solution because of its provisioning capabilities and allows consumers to maintain tight control over their physical and data security. Incorporating this infrastructure presents a daunting task and the complexity around these technologies creates confusion that act as a stumbling block to potential adopters. To make an informed transition requires careful research into state of the art virtualization technologies, processes that put security to the forefront such as DevSecOps style methodologies, and monitoring systems for enhanced observation capabilities. When brought to life, these technologies present a roadway to reliable and secure virtualization. To prove this, research was performed with a defense contractor that desired to make a transition from bare metal deployment to a more secure and scalable solution. We then developed a virtualization plan, provided a sophisticated monitoring solution, created our own DevSecOps plan to govern their virtual infrastructure, and demonstrated a proof of concept private cloud to serve as a model for their own operations.