The Changing Security Requirements Landscape

In the wake of watershed cybersecurity events like the SolarWinds breach and the Log4J vulnerability, federal agencies face urgent demands to secure their software supply chains. Along with emerging Congressional action and forthcoming CISA regulations, the Biden-Harris Administration’s Executive Order on Improving the Nation’s Cybersecurity (14028)1 is a direct response to these crises, imposing rigorous new standards for software security. The reality is clear: securing software supply chains is no longer optional; it’s a national imperative.

In a landscape cluttered with cybersecurity solutions, Rancher Government Solutions (RGS) distinguishes itself through a triad of differentiators: our adherence to Defense Information Security Agency (DISA)-approved Security Technical Implementation Guides (STIGs), our commitment to Federal Information Processing Standards (FIPS) 140 Encryption standards, and our “Secure by Default” ethos.

Recently the NeuVector team released NeuVector version 5.2. This new feature added some much-needed features for our Government customers. This post will walk through those features and how to implement them.

In this deployment guide, we will be effortlessly installing the core Rancher Stack, including Rancher Kubernetes, Rancher Multi-Cluster Manger, Longhorn, and NeuVector. In about 15 minutes, we will have a three-node Kubernetes Cluster (RKE2), with lifecycle management (Rancher Manager), persistent storage (Longhorn), and cluster security (NeuVector).

 

Data security is becoming increasingly important to our customers. One of the great features of Longhorn is the ability to encrypt the volumes at rest. This blog is all about how to do that. Encrypting data volumes at rest means the data on the nodes is encrypted. For added security, we will want at least three nodes for high availability.

In this repo, we're going to cover the creation of a RKE2 cluster into Harvester using an airgapped process (aka Bootstrap!). We'll follow that up by installing Rancher on top of RKE2. We're going to do all of this using Terraform. Terraform allows us to declaratively define our environment in code and then create that environment in a straight-forward (and sustainable) way.

Over the last few years, Kubernetes has revolutionized the world of infrastructure and application distribution. From bare-metal servers to virtual machines to containers, Kubernetes has compelled teams to re-evaluate their entire technology stack – in the very best way possible. However, for many teams, Kubernetes is seen as a tall mountain to climb. But it doesn’t have to be.

You can perform no-code deployments of Rancher Kubernetes on the AWS GovCloud!

While the federal government and U.S. military are innovative in many ways, they don’t like to live on the edge when it comes to information technology. Stable, reliable, and secure are the name of the game. But in order to support the most advanced technology, such as next-gen warfare and highly complex supply chains, agencies need the power of edge computing with more choices that go beyond proprietary vertical stacks and standard Amazon Web Services (AWS). Edge computing eliminates the dependencies of on-premise infrastructure and decouples devices in any form from the data center, providing powerful, always available computing wherever the user is—from our communities to our borders to the battlefield.

Congratulations! You’ve successfully implemented your containerization strategy and automated your application deployment with Kubernetes. Whether you have a private or public cloud, you are still at risk for threats to your virtualized environment, including: