Enabling Security Across Enterprise-Grade PaaS Environment for an Airliner Manufacturer

Description

A leading aerospace manufacturer turned to Altoros to achieve established security standards during Cloud Foundry adoption.

Brief results of the collaboration:

• The company migrated its security software to the cloud platform with little change, preserving a host of existing technologies and processes.
• With the delivered centralized logging system, it is possible to automatically detect security-related vulnerabilities and generate comprehensive reports.
• The platform adoption helped to cut development time from 1–3 years to 3–5 months and enable 100x faster infrastructure service delivery.

The customer

The company is a multinational producer of commercial jetliners, as well as defense, space, and security systems. With around 150,000 employees in 65 countries, the customer proves to be one of the largest aerospace organizations in the world. The company has 3,400+ internal processes with 4,100 apps on 5,100 servers using 14,000 integrations.

The need

Facing competition from other aerospace companies, the customer understood it had to digitally transform to keep its leading position. Considering thousands of apps, servers, and amount of airliner data, the company aimed at ensuring faster delivery of infrastructure and software.

The customer decided to adopt a range of emerging technologies to drive business transformation. Pivotal CF was chosen as a PaaS to constitute the technology core of transformation. Partnering with Pivotal, the company wanted to integrate the platform into its IT ecosystem, while Altoros was engaged in procuring enterprise-grade level of security.

The challenges

Under the project, the team at Altoros had to address the following issues:

• On the customer’s side, any technology must be certified to comply with the established security standards before adoption. Accordingly, our engineers needed to ensure the platform’s compliance across several layers (such as infrastructure, apps, etc.).
• The platform’s implementation within the customer’s environment needed to preserve existing processes, an array of technologies in use, and point-to-point integrations.
• While the PaaS adoption implied using open-source technologies mainly tailored for Linux and Ubuntu, it was vital to retain Windows and the .NET stack the customer heavily relied on.

The solution

To meet security certification requirements, Altoros delivered a number of BOSH add-ons that ensured the existing technologies seamlessly integrate with Pivotal CF. To minimize risks of attacks, the team configured firewall rules on each host, thus allowing authorized access from Windows jump boxes only, where multi-factor authentication is enforced.

The company also had custom security software that needed to be ported to Ubuntu. By performing 100+ security checks, our team was able to evaluate software’s functionality, pick up 30+ critical modules, and migrate them. In addition, developers at Altoros improved the module responsible for detecting, fixing, and reporting vulnerabilities found under security checks.

To automate vulnerability reporting, engineers at Altoros built a centralized logging system using VMware vRealize Log Insight. With it, the customer’s security team could also generate custom reports for review.

During migration to Pivotal CF, experts at Altoros found out the means to preserve Windows- and .NET-based technologies in use and processes in force. To enable the customer’s existing security software to run on Pivotal CF, team at Altoros implemented a custom API client. Then, McAfee AntiVirus—already used by the customer—did not behave properly on Pivotal CF, failing to update and hanging virtual machines. Working closely with McAfee, our engineers designed a custom installer and tuned configuration to resolve the observed issues.

Our consultants also conducted a training session for the customer’s in-house team on continuous integration and delivery with Concourse.

The outcome

Collaborating with Pivotal, the customer successfully adopted Cloud Foundry, while Altoros helped to achieve the desired level of security that complies with the organization’s standards. With the delivered centralized logging system, the customer was also able to automate vulnerability reporting, as well as had got an efficient tool to generate custom reports for security reviews.

The platform adoption allowed for cutting time on app development from 1–3 years to 3–5 months and application deployment from weeks to minutes. Now, the company has 80 projects qualified and being migrated to Pivotal CF with hundreds more waiting in the pipeline globally.