Difference between revisions of "Configuration & Toolkits"
m |
|||
(17 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
{{Cloud Information Centre - Government of Canada}} | {{Cloud Information Centre - Government of Canada}} | ||
+ | <b> | ||
+ | </b> | ||
+ | <!-- Columns --> | ||
+ | {| width="100%" cellpadding="10" | ||
+ | |||
+ | |width="90%" style="color: black;" align="right" | | ||
+ | <!-- COLUMN 1 STARTS: --> | ||
+ | [[Configuration et trousse d’outils|Français]] | ||
+ | <!-- COLUMN 1 ENDS: --> | ||
+ | |width="10%" style="color: black; align="center" | | ||
+ | |||
+ | <!-- COLUMN 2 STARTS: --> | ||
+ | |||
+ | <!-- COLUMN 2 ENDS: --> | ||
+ | |||
+ | |} | ||
+ | |||
+ | <!-- Columns --> | ||
+ | |||
+ | {| width="100%" cellpadding="10" | ||
+ | |-valign="top" | ||
+ | |||
+ | |width="33.3%" style="color: black;" | | ||
+ | <!-- COLUMN 1 STARTS: --> | ||
+ | [[Image:Tech build.jpg|250x250px|center |link=Cloud technical build]] | ||
+ | <!-- COLUMN 1 ENDS: --> | ||
+ | |||
+ | |width="33.3%" style="color: black;" | | ||
+ | <!-- COLUMN 2 STARTS: --> | ||
+ | [[Image:Migration.jpg |250x250px|center |link=Cloud migration]] | ||
+ | <!-- COLUMN 2 ENDS: --> | ||
+ | |||
+ | |width="33.3%" style="color: black;" | | ||
+ | <!-- COLUMN 3 STARTS: --> | ||
+ | [[Image:Cic.jpg|center|250x250px |center |link=GC_Cloud_Infocentre]] | ||
+ | <!-- COLUMN 3 ENDS: --> | ||
+ | |} | ||
+ | <b> | ||
+ | </b> | ||
+ | <b> | ||
+ | </b> | ||
+ | <big><big> | ||
+ | <span style="font-family: Century Gothic; font-size: 28pt;"><font color="#9F000F;"> Configuration & Toolkits</font></span> | ||
== GC Cloud Security Risk Management Approach for Adopting Cloud == | == GC Cloud Security Risk Management Approach for Adopting Cloud == | ||
− | Multiple Security breaches from companies known for their reputations on protecting personal information, lead the Government of Canada to take and hard look at security risks and | + | Multiple Security breaches from companies known for their reputations on protecting personal information, lead the Government of Canada to take and hard look at security risks and develop the appropriate mitigating factors. This will required a structured approach to managing risks associated with the protection of government data and infrastructure in a public cloud. [https://www.gcpedia.gc.ca/wiki/Cloud_Security_Initiative#GC_Cloud_Security_Risk_Management_Approach_for_Adopting_Cloud GC Cloud Security Risk Management Approach for adopting Cloud] is one of the initiatives developed by TBS to provide the necessary direction to GC departments. |
== GC Cloud Operationalization Framework == | == GC Cloud Operationalization Framework == | ||
− | With the needs of securing protected B data in a Public cloud, the office of GC Chief Technology Officer developed an operationalization framework | + | With the needs of securing protected B data in a Public cloud, the office of GC Chief Technology Officer developed an operationalization framework approved by the GC Enterprise Architecture Review Board (EARB). |
== GC Event Logging Guidance == | == GC Event Logging Guidance == | ||
− | + | TBS had developed a High-level strategy to configure event logging. | |
+ | https://www.gcpedia.gc.ca/gcwiki/images/e/e3/GC_Event_Logging_Strategy.pdf | ||
== GC Accelerator == | == GC Accelerator == | ||
− | Conscious of the fact that wide adoption in GC will require enabling GC | + | Conscious of the fact that wide adoption in GC will require enabling GC departments to effectively and rapidly deploy applications, computing etc. in public cloud environment. TBS in collaboration with SSC and other departments has developed a GC accelerator for Microsoft Azure and AWS cloud. |
− | == | + | == GC Accelerators - Azure == |
− | To access the Azure accelerator, consult canada-ca/accelerators_accelerateurs-azure | + | To access the Azure accelerator, consult [https://github.com/canada-ca/accelerators_accelerateurs-azure canada-ca/accelerators_accelerateurs-azure] |
− | == | + | == GC Accelerators – Amazon Web Services == |
− | To access the AWS accelerator, consult canada-ca/accelerators_accelerateurs-aws | + | To access the AWS accelerator, consult [https://github.com/canada-ca/accelerators_accelerateurs-aws canada-ca/accelerators_accelerateurs-aws] |
== Secure Cloud Connectivity == | == Secure Cloud Connectivity == | ||
The establishment of secure cloud connections to cloud services and trusted interconnection points will: | The establishment of secure cloud connections to cloud services and trusted interconnection points will: | ||
− | • Improve resiliency of the GC infrastructure with dedicated and private connections to cloud; | + | • Improve resiliency of the GC infrastructure with dedicated and private connections to the cloud; |
− | • | + | • Thereby ensuring continued access to GC information systems and solutions hosted in the cloud; |
• Help the GC to mitigate direct attacks from the Internet against cloud-based GC resources; and | • Help the GC to mitigate direct attacks from the Internet against cloud-based GC resources; and | ||
Line 32: | Line 76: | ||
Below are the link to the GC Secure Cloud Connectivity Requirements. | Below are the link to the GC Secure Cloud Connectivity Requirements. | ||
− | + | :o [http://%5Bhttps://www.gcpedia.gc.ca/gcwiki/images/e/e7/GC_Secure_Cloud_Connectivity_Requirements.pdf GC Secure Cloud Connectivity Requirements] | |
− | + | ::— [https://www.gcpedia.gc.ca/gcwiki/images/1/18/GC_Cloud_Access_Use_Cases.xlsx GC Cloud Access Use Cases] | |
− | + | ::— [https://www.gcpedia.gc.ca/gcwiki/images/7/75/GC_Cloud_Connection_Patterns.pdf GC Connection Patterns - DRAFT for Consultation] | |
== GC Guardrails == | == GC Guardrails == | ||
− | The purpose of the guardrails is to ensure that departments and agencies are implementing a preliminary baseline set of controls within their cloud-based environments. These minimum guardrails are to be implemented within the GC-specified initial period (e.g. 30 days) upon receipt of | + | The purpose of the guardrails is to ensure that departments and agencies are implementing a preliminary baseline set of controls within their cloud-based environments. These minimum guardrails are to be implemented within the GC-specified initial period (e.g. 30 days) upon receipt of enrollment under the GC Cloud Services Framework Agreement. |
− | + | :o [https://www.gcpedia.gc.ca/gcwiki/images/8/84/GC_Cloud_Guardrails.pdf GC Cloud Guardrails - DRAFT for Consultation] | |
− | + | ::— [https://www.gcpedia.gc.ca/gcwiki/images/e/ed/GC_Cloud_Guardrails.xlsx Cloud Guardrails - Initial 30 Days] | |
− | + | ::— [https://www.gcpedia.gc.ca/gcwiki/images/1/19/SOP_for_Validating_Cloud_Guardrails.pdf Standard Operating Procedure for Validating Cloud Guardrails] | |
https://github.com/canada-ca/cloud-guardrails | https://github.com/canada-ca/cloud-guardrails | ||
Line 53: | Line 97: | ||
== GC Cloud Guardrails – Amazon Web Service == | == GC Cloud Guardrails – Amazon Web Service == | ||
− | + | The GC accelerator for AWS is on GitHub: https://github.com/canada-ca/cloud-guardrails-aws | |
− | + | * The UTM Firewall VPC Overlay templates and scripts are also on GitHub and can be found here: https://github.com/canada-ca/accelerators_accelerateurs-aws/tree/master/templates | |
− | |||
− | * The UTM Firewall VPC Overlay templates and scripts are also on GitHub and can be found here: | ||
* The GC AWS Accelerator documentation including build books, etc., is currently stored in GCCode: https://gccode.ssc-spc.gc.ca/GCCloudEnablement/AWS/tree/master/GC%20Accelerator%20-%20AWS%20Landing%20Zone%20Package%20(July%202019) | * The GC AWS Accelerator documentation including build books, etc., is currently stored in GCCode: https://gccode.ssc-spc.gc.ca/GCCloudEnablement/AWS/tree/master/GC%20Accelerator%20-%20AWS%20Landing%20Zone%20Package%20(July%202019) | ||
* Terraform modules on github: https://github.com/canada-ca-terraform-modules | * Terraform modules on github: https://github.com/canada-ca-terraform-modules | ||
Line 67: | Line 109: | ||
== Naming and Tagging == | == Naming and Tagging == | ||
To effectively manage GC cloud Resources, Shared Services Canada had developed a Cloud Resources Naming and Tagging Convention which was approved and ready to be used by GC departments deploying GC IT resources using approved public cloud services. | To effectively manage GC cloud Resources, Shared Services Canada had developed a Cloud Resources Naming and Tagging Convention which was approved and ready to be used by GC departments deploying GC IT resources using approved public cloud services. | ||
+ | |||
+ | </big></big> | ||
+ | {{GC Cloud Information Centre Footer}} | ||
+ | __FORCETOC__ |
Latest revision as of 00:59, 8 April 2020
|
Configuration & Toolkits
GC Cloud Security Risk Management Approach for Adopting Cloud
Multiple Security breaches from companies known for their reputations on protecting personal information, lead the Government of Canada to take and hard look at security risks and develop the appropriate mitigating factors. This will required a structured approach to managing risks associated with the protection of government data and infrastructure in a public cloud. GC Cloud Security Risk Management Approach for adopting Cloud is one of the initiatives developed by TBS to provide the necessary direction to GC departments.
GC Cloud Operationalization Framework
With the needs of securing protected B data in a Public cloud, the office of GC Chief Technology Officer developed an operationalization framework approved by the GC Enterprise Architecture Review Board (EARB).
GC Event Logging Guidance
TBS had developed a High-level strategy to configure event logging. https://www.gcpedia.gc.ca/gcwiki/images/e/e3/GC_Event_Logging_Strategy.pdf
GC Accelerator
Conscious of the fact that wide adoption in GC will require enabling GC departments to effectively and rapidly deploy applications, computing etc. in public cloud environment. TBS in collaboration with SSC and other departments has developed a GC accelerator for Microsoft Azure and AWS cloud.
GC Accelerators - Azure
To access the Azure accelerator, consult canada-ca/accelerators_accelerateurs-azure
GC Accelerators – Amazon Web Services
To access the AWS accelerator, consult canada-ca/accelerators_accelerateurs-aws
Secure Cloud Connectivity
The establishment of secure cloud connections to cloud services and trusted interconnection points will:
• Improve resiliency of the GC infrastructure with dedicated and private connections to the cloud;
• Thereby ensuring continued access to GC information systems and solutions hosted in the cloud;
• Help the GC to mitigate direct attacks from the Internet against cloud-based GC resources; and
• Enhance the protection of on-premise networks from compromised GC resources in the cloud.
Below are the link to the GC Secure Cloud Connectivity Requirements.
GC Guardrails
The purpose of the guardrails is to ensure that departments and agencies are implementing a preliminary baseline set of controls within their cloud-based environments. These minimum guardrails are to be implemented within the GC-specified initial period (e.g. 30 days) upon receipt of enrollment under the GC Cloud Services Framework Agreement.
https://github.com/canada-ca/cloud-guardrails
GC Cloud Guardrails – AZURE
https://github.com/canada-ca/cloud-guardrails-azure
GC Cloud Guardrails – Amazon Web Service
The GC accelerator for AWS is on GitHub: https://github.com/canada-ca/cloud-guardrails-aws
- The UTM Firewall VPC Overlay templates and scripts are also on GitHub and can be found here: https://github.com/canada-ca/accelerators_accelerateurs-aws/tree/master/templates
- The GC AWS Accelerator documentation including build books, etc., is currently stored in GCCode: https://gccode.ssc-spc.gc.ca/GCCloudEnablement/AWS/tree/master/GC%20Accelerator%20-%20AWS%20Landing%20Zone%20Package%20(July%202019)
- Terraform modules on github: https://github.com/canada-ca-terraform-modules
- ARM templates on github: https://github.com/canada-ca-azure-templates
- Azure accelerators on github: https://github.com/canada-ca/accelerators_accelerateurs-azure
Cloud reference Architecture
*** In construction ***
Naming and Tagging
To effectively manage GC cloud Resources, Shared Services Canada had developed a Cloud Resources Naming and Tagging Convention which was approved and ready to be used by GC departments deploying GC IT resources using approved public cloud services.