Episode 3: Geek Out with Brian Durden - Part 1: Secure Computing at the Tactical Edge

Hey, this is Pete Tseronis and I'm super excited to be here with Brian Durden, Staff Solutions Architect at Rancher government in addition to being at University of South Alabama, Jaguar, right, Brian?

Brian Durden:

I love it. I love it. You have a B.S. in Computer Engineering. Well, you are well positioned to educate and inform and enlighten this audience, and it's great to see you, pal. And I really want to jump right in because we're going to quote unquote geek out a little bit on terms like Kubernetes and containers. We might hit on things like edge computing and hyperconverged infrastructure. But for our audience, we really hope that there are some light bulb moments in terms of the application of this to the federal government and the mission of our country. I am 100% certain. Brian, you're going to do an eloquent job of that crystallization. So without further ado, Brian, what do you say when people go, how do I make sense of Kubernetes and containers? 

Brian Durden:

Well, the problem is in the industry, the name, the word Kubernetes itself comes across as buzzword bingo, right? So we talked to different business leaders and they use the word, but a lot of times not everyone really knows the connotations of what it is. So if we take a step back to what Kubernetes means to the industry itself, and not just the defense contracting industry, but the commercial industry as a whole, when we made the step into containers, and I'm going to assume the audience that's listening understands what a container is. A container is a way of kind of wrapping up an application and all of its binary dependencies into a small portable chunk that can be run, like with Docker for instance. The problem is when you scale out containers and run containers in production, you start running into problems that something that can control the lifecycle management of those containers would solve. Things like scheduling the containers, where they're going to run, when they're going to run, how many of them are going to run, managing storage, managing security, and things like that.

So that's where Kubernetes comes into play. Kubernetes is a container orchestrator, and here at RGS, we use the Rancher Stack as an application platform and also as a software factory, which are two distinct patterns.

Pete Tseronis:

I love it. And the word orchestrator really resonates with me being kind of a techie myself. I joke that I could probably say, now I can go teach about Kubernetes in a month from now. I might be having to re-explain it, but yes, thank you. I think of orchestration and containers, a place where applications can be decoupled and be managed in the right environment so that information's at the ready. Thank you for that. So Brian, I want to delve into the topic: This podcast is focused on the tactical edge and the scalability and the need for in today's day and age, particularly with our defense industrial base, the military, that these are folks that are not working at a desk generally, they're at the edge, they're at a tactical edge and edge computing and zero trust and things like this all come into play and most importantly, protecting that data. So why don't we break a little bit of that down and talk about the tactical edge and the correlation to edge computing. Can you share some of your perspective on why those two are tightly coupled?

Yes, absolutely. And that's a great question. The thing is, with tactical edge and the word edge in general is it can mean a lot of different things to people, and it completely depends on your perspective and what you care about or what your mission is. So when we classically talk about the tactical edge, usually it's going to involve something small like a backpack, for instance, a man portable unit or maybe something that fits in a briefcase. And that's been the case for a long time. And because of the form factor and the size and the weight and maybe battery power and that kind of thing like power consumption, that kind of keeps you in the smaller footprint range.

So you can't bring in this gigantic Dell server and kind of slap it to your back and just sling it around. It is just not going to work. And then that doesn't even solve the power problem. And that kind of limits what we can actually run typically. And typically you're going to run on what we call bare metal nodes. You're going to maybe run an operating system of some sort with your applications on it. You might run one of our Kubernetes clusters like K three s, which is classically made for the edge. It's very small and lightweight, but beyond that, there's not a whole lot of wiggle room or that hasn't been up to this point. So one of our other products called Harvester is built based on Kubernetes, or it is Kubernetes. It uses RKE2 on a canned SLE micro operating system along with Longhorn and some of our other products kind of tied together in a particular configuration.

And because it's Kubernetes, it's very flexible and adaptable to a lot of different footprints. And it's also open source, which means in its own self-interest, it's made to run on as many things as possible. So we can run it on smaller footprint devices as well as servers. Now, classically, it's made for the data center. It's made for managing VMs and containers adjacent in a hyper-converged infrastructure. But we found over the course of the last year and working in our labs and things like that, that it runs very well on smaller footprint devices as well. So if you've ever seen me at some of these conferences, I like to run them on nooks or nook footprints. So they're like four and a half by four and a half inches. They're pretty small. They're like this size, and those can run Harvester. All they need is the memory, and they already have the compute because they have these crazy eight and 16 core CPUs that fit in these little, tiny things, and they're able to run Harvester nodes.

And when you join them together like three, four or five of them, you have a lot of capability. And because they're so small, you can fit them into a very small case. They just consume like a 19 volt DC adapter. There's nothing super advanced about them at all, and they're very affordable. So we found if we can run it on a nut, then that means that you can run it on just about anything that'll fit inside of a case. And so this is kind of exploded in a way to where, hey, if we can run hyperconverged infrastructure out of the edge, that means we can take the exact same workloads that we're running in the cloud, say AWS, or maybe in an on-prem data center like vSphere or Harvester in the data center, we can take those workloads and leverage Kubernetes for the reason it was made and run those things out on the edge with very minor, if not any changes at all.

Well, Brian, let me go there. Let me dig a little deeper and appreciate you bring it up and introducing some other terms that I think if you really think about them, it makes sense. Hyper-converged infrastructure, infrastructure that's everywhere and anywhere but has to work together. So for our audience, again, tailored to the unique demands of the tactical edge, I was hearing you reference purpose built for edge computing environments in so many words. I'm just paraphrasing a few things that I heard. And obviously the scalability, all of that sounds great, but there is definitely a uniqueness to what Rancher Government's doing, and obviously Harvester is a term that I encourage everybody to check out. It's definitely, I would say secret sauce or something that's a value proposition and differentiator.

Brian, when I think about though this edge, and let's bring it back to reality. You mentioned backpacks. You mentioned what our soldiers and our warriors are carrying with them. I mean, to be able to communicate, right? There's things now about communications and bandwidth and latency and more importantly, security of protecting the data. What do you say when folks talk about that's great that you're going to have access to information with these folks out in theater, for example, and what are we doing to make sure that it's easily to deploy, it's securing the data and the transmission, and most importantly, it's giving that information that's trusted to those that need it in battle?

Well, there's a lot of different components that can add up to that solution, and that kind of ties into the rancher mission of us providing a lot of capability and you picking and choosing what you want for your mission.

But if we look at the of being able to deploy these onto devices, one of the things that we lose when we go from the data center out to the edge is the ability to easily automate and easily create software constructs. So in the data center and on the internet in general, you can pull from docker hub, you can pull these images and you're not quite sure where they came from. But when you want to move into the secure aspect where you want to have secure containers or hardwood containers, maybe containers with SBOMs and CDE scans already baked in, that becomes much harder. So going out to build those things on your own becomes its own engineering effort and then just adds to the complexity. So what happens is when we actually go to the edge and we're trying to build an engineer solutions for the edge, sometimes those steps get skipped over or they get simplified to a point to where what I like to call is you've architected yourself into a hole, which means you've made design decisions that affect you later that when you want to come back out of it and maybe go from a single cloud to multi-cloud as an example or a single edge solution to a heterogeneous solution, it becomes much more difficult.

And the tech debt incurred is something that you can't really justify the cost to get back out of, if that makes sense.

A hundred percent. A hundred percent. Let me just jump in. I want to just remind our audience that a lot of what's Brian's addressing are not capabilities that are nice to haves. These are capabilities that are spelled out in Memorandum 24-04, which is modernizing our systems and our collective defense around Zero Trust folks, Memorandum 2318, where it speaks to asset identification in the deployment of capabilities out there at the edge, not just for our defense industrial base, but I just needed to say, Brian, a lot of what you're talking about is a requirement and a need for the federal government to look into, and it's clear that Rancher Governments ahead of their not getting ahead of their skis, as I should say, in meeting those requirements.

Brian Durden:

Oh, completely agreed. So our CTO, Brandon Gulla has been an awesome champion for us in that regard, especially with SBOMs or software billing materials. Being able to address the supply chain security problems with the, not just Kubernetes, but edge platforms and cloud platforms in general is still a very new thing, and the capabilities are out there, but there's not really been a decision made like a collective decision on the universal standard on say, how to consume an SBOM and then do a recursive trace to determine vulnerabilities and things like that. The industry is still kind of figuring that out, but we know it's important to have that data ready and available. So with our carbide product or carbide support that comes with the actual Rancher support itself, we're able to tie that in and it has SBOMs attached to all of our container images. And when I say container images, I'm talking like 100 to 120 gigabytes of container images that are not just within the Rancher SLA, but also all of our certified integrations.

So if you've ever used the console before and you go through the app catalog and look at all those applications that are there, every one of them is baked into our carbide secure registry to where you can actually replicate those and pull those down into your air gap. And our hauler product just coming up on release very soon is able to reach out and grab everything in kind of a declarative manifest kind of way and bring it into a tar ball, so you can put it on your Blu-ray or USB drive, and they copy that over to the physical edge device itself.

I think about what you're saying and the technical side of implementation and integration, no doubt you have that figured out.

That was Part 1 of my conversation with Brian Durden. In part two, we tackle tactics and implementation, including with AI and machine learning ops, as Brian explains what it takes to implement Kubernetes at the tactical edge. For more on Rancher Government’s secure and certified open source and cloud native software, go to rancher government.com.