Mirantis acquires amazee.io, the only ZeroOps Application Delivery Hub.   Read Blog Post  |  View Press Release  |  Visit amazee.io

CASE STUDY:

Defense Agency Cybersecurity Office Charts a New Course with Mirantis

After headaches and expensive security failures with other solutions, a Defense Agency Cybersecurity Office frees up critical resources with Mirantis—the only managed container service on the market that can meet their security guidelines.

When your applications are mission critical, you need all hands on deck—and few organizations’ apps are as mission critical as this Defense Agency Cybersecurity Office. But when development teams have to fight their infrastructure, efficient and continuous delivery becomes more difficult and expensive.

The office’s dev teams encountered these choppy waters as they embarked on containerization projects—and especially as they tried to leverage Kubernetes on OpenShift. Managing container orchestration became a Herculean project all by itself, eating up resources that were better spent on innovation and delivery. As OpenShift 3.11 approached end-of-life, it was clear that they needed another solution.

With a managed container platform from Mirantis, the office is standing up a cutting-edge foundation for containerized services that meets the most rigorous security standards—freeing up the team to focus on innovation and delivery.

“It really comes down to this,” says an assistant program manager in the office. “Can the tool do what is necessary to prove safety, security, and operational effectiveness?”

Security headaches with virtualization layers

“I don’t have to worry about infrastructure during the day-to-day grind. That allows us to focus on value.”

The office faces strict requirements when it comes to hosting its applications, and that can make building containerized services a challenge. But to keep up with the rapid pace of innovation and the demands of mission-critical apps, the organization’s developers need to be able to leverage the capabilities of containers. So how can they deploy containerized services to production on highly regulated infrastructure?

The assistant program manager’s team first turned to virtualization. Using OpenShift, they created a virtualized Kubernetes environment—essentially a virtualized datacenter—for each containerized application. But it quickly became clear that this was easier in theory than in practice…and rather than simplifying life for developers, managing bespoke OpenShift environments was becoming a full-time job.

Worse, this architecture was a security headache. Bespoke virtualization layers introduced another level of complexity for authorization to operate. Moreover, OpenShift was simply unable to address all security and compliance requirements. Once the horizon for OpenShift 3.11’s end-of-life began to approach, it became obvious the team would have to make a decision about the way forward.

“Either moving to OpenShift 4.0 or de-containerizing our applications would be roughly the same level of effort to complete,” says the assistant program manager. Since OpenShift couldn’t meet security requirements, de-containerizing seemed like it would make applications more secure—but at the expense of containerization’s potential for rapid development and delivery. The team didn’t want to turn the clock back by fifteen years. They needed another path forward, and they saw an opportunity with Mirantis.

The only secure, managed containers-as-a-service platform

Instead of using bespoke virtualized environments, the team worked with Mirantis to create a secure managed container platform, providing Containers-as-a-Service built on the foundation of Mirantis Kubernetes Engine. The Mirantis Containers-as-a-Service for Government platform (CAAS-G) provides the only secure and fully managed container platform in the industry, enabling government entities to scale across multiple on-premise and cloud environments—all with security and compliance certifications.

Dual-orchestrator support in Mirantis Kubernetes Engine means the Cybersecurity Office team has the option to use Swarm or Kubernetes, depending on their requirements. Because the container layer underneath applications is now consistent, the complexity of validating apps for authorization to operate is reduced. Perhaps most importantly, because Mirantis manages the infrastructure, the office’s team is freed to focus on applications.

With this new approach, the assistant program manager estimates that Mirantis returns 80% of his team’s time to focus on application development rather than managing infrastructure. “This gets us out of the weeds to focus on what our job is supposed to be,” he says. “It’s increased security. No change to the applications. And now that 80% can be wholly focused on improving the application, which is what we need.” Working together, Mirantis and the Defense Agency Cybersecurity Office were able to shape a secure, managed container platform for their containerized applications, setting them up for faster and more efficient deployment and delivery. “Having a managed platform,” says the assistant program manager, “I don’t have to worry about infrastructure during the day-to-day grind. That allows us to focus on value.”

CHALLENGES

  • Needed a managed container service that could meet the most demanding security requirements

SOLUTION

  • Containers-as-a-Service on the foundation of Mirantis Kubernetes Engine, with dual-orchestrator support for Swarm and Kubernetes

RESULTS

  • 80% of the team’s time is returned to focus on application development rather than managing infrastructure

Additional Case Studies