montgomery it summit mits... · cce 3 cce access: compliant, federated access control for all...
TRANSCRIPT
![Page 1: Montgomery IT Summit MITS... · CCE 3 CCE Access: Compliant, Federated Access Control for All Management Systems CAC User GCDS CAP / VDSS GCDS Management Active Directory Common Gateway](https://reader030.vdocuments.net/reader030/viewer/2022040303/5e883a175d80514d2d0c7c3e/html5/thumbnails/1.jpg)
Isobar, AIS, Mitre, Akamai
23 May 2018
Montgomery IT Summit Common Computing Environment (CCE) - Common Services, Automation Panel
![Page 2: Montgomery IT Summit MITS... · CCE 3 CCE Access: Compliant, Federated Access Control for All Management Systems CAC User GCDS CAP / VDSS GCDS Management Active Directory Common Gateway](https://reader030.vdocuments.net/reader030/viewer/2022040303/5e883a175d80514d2d0c7c3e/html5/thumbnails/2.jpg)
2CCE
Why CCE?
• Common Computing Environment: we provide the guardrails to the cloud in a standard manner so you can focus on your mission
• Fully Automated: All environmental stand-up is managed by automation scripts drastically speeding up deployment, reducing manual work and human error
• Single, federated, MFA Security Tier: there is one login across all logins with one user that all management applications leverage, no secondary logins, non elevated machine accounts. Fully audited for all management activities
• SecDevOps Focused: secure, mission driven deployments are built into the framework to ensure self-service and seamless deployments
• Proactive Scaling and System Monitoring: Mission Owners can see all operational metrics and provide rules and alerts to manager each mission their way
• Accreditation Inheritance and real time compliance monitoring: Using Xacta we have loaded the CCE level packages for the CSP, USAF and DoD, as well as CCE. All that’s left for the mission is the controls that are unique to them
![Page 3: Montgomery IT Summit MITS... · CCE 3 CCE Access: Compliant, Federated Access Control for All Management Systems CAC User GCDS CAP / VDSS GCDS Management Active Directory Common Gateway](https://reader030.vdocuments.net/reader030/viewer/2022040303/5e883a175d80514d2d0c7c3e/html5/thumbnails/3.jpg)
CCE 3
CCE Access: Compliant, Federated Access Control for All Management Systems
CAC User
GCDSCAP / VDSS
GCDS
Management Active Directory
Common Gateway Services
BastionHost
CCE Resource(CSP Portal, Jenkins,
Artifactory, etc.)
“One Identify to rule them all, no secondary logins, no elevated machine accounts”
Single Identity – Secure MFA Login – Federated to ALL Systems
CCE
![Page 4: Montgomery IT Summit MITS... · CCE 3 CCE Access: Compliant, Federated Access Control for All Management Systems CAC User GCDS CAP / VDSS GCDS Management Active Directory Common Gateway](https://reader030.vdocuments.net/reader030/viewer/2022040303/5e883a175d80514d2d0c7c3e/html5/thumbnails/4.jpg)
4CCE
CCE Access: Video Demo
![Page 5: Montgomery IT Summit MITS... · CCE 3 CCE Access: Compliant, Federated Access Control for All Management Systems CAC User GCDS CAP / VDSS GCDS Management Active Directory Common Gateway](https://reader030.vdocuments.net/reader030/viewer/2022040303/5e883a175d80514d2d0c7c3e/html5/thumbnails/5.jpg)
5CCE
CCE Access: Landing Page
![Page 6: Montgomery IT Summit MITS... · CCE 3 CCE Access: Compliant, Federated Access Control for All Management Systems CAC User GCDS CAP / VDSS GCDS Management Active Directory Common Gateway](https://reader030.vdocuments.net/reader030/viewer/2022040303/5e883a175d80514d2d0c7c3e/html5/thumbnails/6.jpg)
6CCE
CCE Access: Redirect to Federation & CAC Prompt
![Page 7: Montgomery IT Summit MITS... · CCE 3 CCE Access: Compliant, Federated Access Control for All Management Systems CAC User GCDS CAP / VDSS GCDS Management Active Directory Common Gateway](https://reader030.vdocuments.net/reader030/viewer/2022040303/5e883a175d80514d2d0c7c3e/html5/thumbnails/7.jpg)
7CCE
CCE Access: Role-Based Access to Resources
![Page 8: Montgomery IT Summit MITS... · CCE 3 CCE Access: Compliant, Federated Access Control for All Management Systems CAC User GCDS CAP / VDSS GCDS Management Active Directory Common Gateway](https://reader030.vdocuments.net/reader030/viewer/2022040303/5e883a175d80514d2d0c7c3e/html5/thumbnails/8.jpg)
8CCE
CCE Access: Federated Bastion Host Access
![Page 9: Montgomery IT Summit MITS... · CCE 3 CCE Access: Compliant, Federated Access Control for All Management Systems CAC User GCDS CAP / VDSS GCDS Management Active Directory Common Gateway](https://reader030.vdocuments.net/reader030/viewer/2022040303/5e883a175d80514d2d0c7c3e/html5/thumbnails/9.jpg)
9CCE
CCE Access: Consent Agreement
![Page 10: Montgomery IT Summit MITS... · CCE 3 CCE Access: Compliant, Federated Access Control for All Management Systems CAC User GCDS CAP / VDSS GCDS Management Active Directory Common Gateway](https://reader030.vdocuments.net/reader030/viewer/2022040303/5e883a175d80514d2d0c7c3e/html5/thumbnails/10.jpg)
10CCE
CCE Access: Federated AWS Access
![Page 11: Montgomery IT Summit MITS... · CCE 3 CCE Access: Compliant, Federated Access Control for All Management Systems CAC User GCDS CAP / VDSS GCDS Management Active Directory Common Gateway](https://reader030.vdocuments.net/reader030/viewer/2022040303/5e883a175d80514d2d0c7c3e/html5/thumbnails/11.jpg)
11CCE
CCE Access: Federated AWS Dashboard
![Page 12: Montgomery IT Summit MITS... · CCE 3 CCE Access: Compliant, Federated Access Control for All Management Systems CAC User GCDS CAP / VDSS GCDS Management Active Directory Common Gateway](https://reader030.vdocuments.net/reader030/viewer/2022040303/5e883a175d80514d2d0c7c3e/html5/thumbnails/12.jpg)
CCE 12
CCE Release Process: A Single, Secure Code Promotion Pipeline
Developers
Source Code
INTEGRATION APPLICATION ACCOUNT
Incoming Artifacts
Scanning
Instances
CCE COMMON SERVICESINTEGRATION
Build tool
CCE COMMON SERVICESTEST
TEST APPLICATION ACCT
Instances
Instances
PROD APPLICATION ACCT
Instances
Instances
CCE COMMON SERVICESPROD
Deployable to ProdApproved for Test Deployable to Test Approved for Prod
Deployable to Integration
Instances
CCE
DEPLOYMENTTOOL
DEPLOYMENTTOOL
DEPLOYMENTTOOL
![Page 13: Montgomery IT Summit MITS... · CCE 3 CCE Access: Compliant, Federated Access Control for All Management Systems CAC User GCDS CAP / VDSS GCDS Management Active Directory Common Gateway](https://reader030.vdocuments.net/reader030/viewer/2022040303/5e883a175d80514d2d0c7c3e/html5/thumbnails/13.jpg)
13CCE
CCE Release Process: CCE Deployments in Azure
![Page 14: Montgomery IT Summit MITS... · CCE 3 CCE Access: Compliant, Federated Access Control for All Management Systems CAC User GCDS CAP / VDSS GCDS Management Active Directory Common Gateway](https://reader030.vdocuments.net/reader030/viewer/2022040303/5e883a175d80514d2d0c7c3e/html5/thumbnails/14.jpg)
CCE 14
APPLICATION HOSTING
CCE Leverages AWS and Azure provided, fully managed platforms for application hosting.
DATABASE PAAS
CCE Leverages AWS and Azure provided, fully managed database platforms.
CLOUD MONITORING & ALERTING
Logging, Monitoring, Alerting, and Audit all leverage AWS and Azure provided capabilities.
Auto-Scaling, Self Healing CCE Environments
![Page 15: Montgomery IT Summit MITS... · CCE 3 CCE Access: Compliant, Federated Access Control for All Management Systems CAC User GCDS CAP / VDSS GCDS Management Active Directory Common Gateway](https://reader030.vdocuments.net/reader030/viewer/2022040303/5e883a175d80514d2d0c7c3e/html5/thumbnails/15.jpg)
15CCE
CCE Demo: Auto-Scaling & Monitoring in Azure
![Page 16: Montgomery IT Summit MITS... · CCE 3 CCE Access: Compliant, Federated Access Control for All Management Systems CAC User GCDS CAP / VDSS GCDS Management Active Directory Common Gateway](https://reader030.vdocuments.net/reader030/viewer/2022040303/5e883a175d80514d2d0c7c3e/html5/thumbnails/16.jpg)
16CCE
CCE Demo: Environment Self-Healing in AWS
![Page 17: Montgomery IT Summit MITS... · CCE 3 CCE Access: Compliant, Federated Access Control for All Management Systems CAC User GCDS CAP / VDSS GCDS Management Active Directory Common Gateway](https://reader030.vdocuments.net/reader030/viewer/2022040303/5e883a175d80514d2d0c7c3e/html5/thumbnails/17.jpg)
CCE
CCE – Real-Time Compliance
Continuous Monitoring of controls
allows for “perpetual ATOs” and
real-time compliance status.
No more Periodic paper-drills!
The “common” in “Common Computing Environment” supports significant inheritance
App
CCE
DoD & USAF Policy
AWS / Azure
CCE 17
![Page 18: Montgomery IT Summit MITS... · CCE 3 CCE Access: Compliant, Federated Access Control for All Management Systems CAC User GCDS CAP / VDSS GCDS Management Active Directory Common Gateway](https://reader030.vdocuments.net/reader030/viewer/2022040303/5e883a175d80514d2d0c7c3e/html5/thumbnails/18.jpg)
18CCE
Automating RMF with Xacta 360
![Page 19: Montgomery IT Summit MITS... · CCE 3 CCE Access: Compliant, Federated Access Control for All Management Systems CAC User GCDS CAP / VDSS GCDS Management Active Directory Common Gateway](https://reader030.vdocuments.net/reader030/viewer/2022040303/5e883a175d80514d2d0c7c3e/html5/thumbnails/19.jpg)
19CCE
Continuous Monitoring and “real time” Compliance