Want More from Kubernetes? A Checklist for Enterprise-Grade Kubernetes-as-a-Service

As discussed in Part 1, until recently, organizations that see the benefits of a Kubernetes development environment have lacked tools to enable consolidation, better automation, innovation and greater management in hybrid and multi-cloud environments. To recap, the ‘missing pieces’ for deploying true enterprise-grade Kubernetes are:

• Reliable, Automated, and Fully Integrated Self-Service
• True Multi-cloud/Hybrid/Multi-Tenancy Support
• Hybrid and Multi-cloud Management
• Multi-cloud Governance, Visibility and Insights
• Security and Compliance

In short, many current Kubernetes environments lack the tools to adequately address enterprise-wide application Software Development Life Cycles (SDLC). (See Figure 1.)

In pre-cloud native environments, many SDLC steps/processes were entirely manual in nature—from design though implementation to analysis. Multiple iterations required interaction and changes at every step in the process before—and especially after—deployment. In cloud-native Kubernetes environments, change management and testing can be built into every step of the SDLC, thereby “automating” many steps by using continuous integration and continuous development CI/CD.

Every DevOps is familiar with CI/CD—but its efficiency, and usefulness is blunted in many hybrid and multi-cloud environments, especially if systems are hosted on disparate systems. Cross-platform self-service is difficult to achieve on your own, but recent tools such as Morpheus, CloudBees and others automate the process considerably…but do they integrate and ease multi-cloud security, compliance, and governance as they do? Similar integration and manual operations are required for multi-cloud/hybrid/multi-tenancy, multi-cloud management integration, multi-cloud governance, visibility, and insights. And even with DevSecOps, security and compliance can be problematic to automate, verify, and implement across multiple clouds.

CloudForte^® Application Services helps you address these key obstacles in transitioning to Enterprise-grade Kubernetes. We deliver continuous improvements through our Advisory, Transformation, Operation, and Optimizations throughout your SDLC. (See Figure 2.) With our integration, tools, and development expertise, we can move your Kubernetes commitment to the next level. Here are some of the highlights:

Integrated Self Service: Unisys CloudForte^® provides a cloud user portal that supports such self-service capacities. Users will be able to launch their cloud resources, manage, schedule, and operate the container resources of their choice.

Unisys CloudForte^® provides the ability to build Blueprints using cloud agnostic and cloud native templates (i.e., ARM, CFT, GDM) that can be used as service catalogs. The blueprints allow the Cloud Architects or Designers to drag and drop the components to canvas to provision resources and link them with pre- and post-provisioning processes.

Unisys CloudForte^® provides the platform to integrate this automation framework using Terraform, Cloud Native templates like ARM (Azure Resource Manager), CFT (Cloud Formation Templates), GDM (Google Deployment Manager) and integrate existing Ansible Playbooks.

Hybrid and Multi-Cloud Support: Unisys CloudForte^® includes the functionality to create users, service accounts, associate the user to the group, the permissions, and assign budget limits. Quotas are assigned at the group level. Financial approval can be enabled and triggered when the developer requests a larger, out-of-budget cluster so that the request needs approval before commission.

Cloud Management: Unisys CloudForte^® provides visibility of the workloads across the public and private cloud with integrated, automated CMDB. It provides the statistics on number of stacks created successfully, number of stacks failed, cloud operations dashboards, audit trails, remediation tasks and root cause analysis dashboards.

Multi-cloud Governance, Visibility and Insight: Unisys CloudForte^® includes the functionality to create users, service accounts, associate the user to the group, the permissions, and assign budget limits. Quotas are assigned at the group level. Financial approval can be enabled and triggered when the developer requests a larger, out-of-budget cluster so that the request needs approval before commission.

Unisys CloudForte^® gives you the visibility to integrate with CMDB by discovering existing and newly provisioned resources. If there are any modifications to cloud resources as part of a change request, the resources will be updated, and relations between configuration items will be established within the CMDB automatically.

Unisys CloudForte^® provides the visibility of all your cloud resources and recommends right-sizing to optimize your costs. For example, if larger VM CPU and memory is not utilized 100 % for X number of days, it provides the recommendation to reduce the VM to Medium, which lowers your monthly cost.

Security and Compliance: Unisys Stealth^® provides endpoint software on Docker containers, Stealth-enabling each container so that it is only visible to members of a shared Community of Interest (COI). This enables us to scale microservices while protecting traffic both between containers and between other endpoints in the Stealth™ network.

Unisys Compliance Director™ provides an automated capability for cloud security posture management (CSPM) – a daunting challenge as cyber threats steadily become more sophisticated. Cloud Compliance Director™ scans environments using over 400+ best practice security and compliance guidelines, such as PCI, HIPAA, NIST, etc. Compliance Director™ also produces compliance audit reports, on-demand.

Unisys also provides extensive expertise in rightsizing and optimization using Kubernetes levers to help right-size environments for less cost without sacrificing performance and more quickly get up and running. Our extensive library of tools and accelerators reduce set-up, integration, and app development, delivering apps to market more quickly.