Pulogalamu ya ProHoster > Blog > Ulamuliro > DevOps vs DevSecOps: momwe zimawonekera mu banki imodzi

DevOps vs DevSecOps: momwe zimawonekera mu banki imodzi

DevOps vs DevSecOps: momwe zimawonekera mu banki imodzi

Bankiyi imapereka ntchito zake kwa makontrakitala ambiri. "Akunja" lembani kachidindo, kenako perekani zotsatira mu mawonekedwe osakhala bwino. Mwachindunji, ndondomekoyi inkawoneka ngati iyi: adapereka pulojekiti yomwe inadutsa nawo mayesero ogwira ntchito, ndiyeno inayesedwa mkati mwa banki yozungulira kuti agwirizane, katundu, ndi zina zotero. Nthawi zambiri ankadziwika kuti mayesero anali kulephera. Kenako zonse zidabwerera kwa wopanga kunja. Monga momwe mungaganizire, izi zikutanthauza nthawi yayitali yowongolera zolakwika.

Banki idaganiza kuti zinali zotheka komanso kofunika kukokera payipi yonse pansi pa mapiko ake, kuchokera pamapiko kuti amasulidwe. Kotero kuti chirichonse chiri yunifolomu ndi pansi pa ulamuliro wa magulu omwe ali ndi udindo wa mankhwala mu banki. Ndiko kuti, ngati kuti kontrakitala wakunja akungogwira ntchito kwinakwake m'chipinda chotsatira cha ofesiyo. Pamtengo wamakampani. Awa ndi ma devops wamba.

Kodi Sec wachokera kuti? Chitetezo cha banki chaika zofuna zambiri za momwe kontrakitala wakunja angagwire ntchito mu gawo la maukonde, ndi mwayi wotani womwe munthu ali nawo, momwe angagwiritsire ntchito ndi code. Kungoti IB sinadziwebe kuti makontrakitala akamagwira ntchito kunja, malamulo ochepa amabanki amatsatiridwa. Ndiyeno m’masiku angapo aliyense ayenera kuyamba kuwayang’ana.

Vumbulutso losavuta loti kontrakitalayo anali ndi mwayi wofikira ku code yamalonda anali atatembenuza kale dziko lawo mozondoka.

Pakadali pano, nkhani ya DevSecOps idayamba, yomwe ndikufuna kukuwuzani.

Ndi mfundo zotani zomwe banki idapeza pankhaniyi?

Panali mikangano yambiri pa mfundo yakuti zonse zikuchitidwa molakwika. Madivelopa adanena kuti chitetezo chimangotanganidwa kuyesera kusokoneza chitukuko, ndipo iwo, monga alonda, amayesa kuletsa popanda kuganiza. Komanso, akatswiri achitetezo adazengereza kusankha pakati pa malingaliro: "opanga mapulogalamu amapanga ziwopsezo mdera lathu" komanso "opanga mapulogalamu sapanga ziwopsezo, koma ndi iwo eni." Mkanganowo ukadapitilira kwa nthawi yayitali ngati sikunali kufuna msika watsopano komanso kuwonekera kwa DevSecOps paradigm. Zinali zotheka kufotokoza kuti izi zokha za njira zomwe zimaganizira zofunikira zachitetezo chazidziwitso "kunja kwa bokosi" zithandiza aliyense kukhala wosangalala. M'lingaliro lakuti malamulo amalembedwa nthawi yomweyo ndipo sasintha panthawi ya masewera (chitetezo cha chidziwitso sichidzaletsa chinachake mosayembekezereka), ndipo okonza amasunga chidziwitso cha chidziwitso cha zonse zomwe zimachitika (chitetezo cha chidziwitso sichikumana ndi chinachake mwadzidzidzi) . Gulu lililonse lilinso ndi udindo woteteza, osati abale ena achikulire.

  1. Popeza ogwira ntchito akunja ali ndi mwayi wopeza kachidindo ndi machitidwe angapo amkati, mwina ndizotheka kuchotsa pazolembazo zomwe "chitukuko chiyenera kuchitidwa kwathunthu pazomangamanga za banki."
  2. Kumbali ina, tifunika kulimbitsa ulamuliro pa zimene zikuchitika.
  3. Kusagwirizanaku kunali kupanga magulu ogwirira ntchito, komwe antchito amagwira ntchito limodzi ndi anthu akunja. Pankhaniyi, muyenera kuwonetsetsa kuti gulu likugwira ntchito pazida pa seva za banki. Kuyambira pachiyambi mpaka kumapeto.

Ndiko kuti, makontrakitala amatha kuloledwa, koma amafunika kupatsidwa magawo osiyana. Kuti asabweretse matenda amtundu wina kuchokera kunja kupita ku banki komanso kuti asawone zambiri kuposa zomwe zikufunika. Chabwino, kuti zochita zawo zilowedwe. DLP yoteteza ku kutayikira, zonsezi zidaphatikizidwa.

Kwenikweni, mabanki onse amabwera ku izi posachedwa kapena mtsogolo. Apa tinadutsa njira yopunthidwa ndikuvomereza zofunikira za malo otere omwe "akunja" amagwira ntchito. Panawoneka zida zambiri zowongolera mwayi wopezeka, zida zowunikira kusatetezeka, kusanthula kwa anti-virus pamabwalo, misonkhano ndi mayeso. Izi zimatchedwa DevSecOps.

Mwadzidzidzi zinaonekeratu kuti ngati chitetezo cha banki cha DevSecOps chisanachitike chinalibe mphamvu pa zomwe zimachitika kumbali ya omanga, ndiye kuti chitetezo chatsopano cha paradigm chimayendetsedwa mofanana ndi zochitika wamba pazomangamanga. Pokhapokha pamakhala zidziwitso pamisonkhano ikuluikulu, kuyang'anira malaibulale, ndi zina zotero.

Zomwe zatsala ndikusamutsa magulu ku chitsanzo chatsopano. Chabwino, pangani zomangamanga. Koma izi ndi zazing'ono, zili ngati kujambula kadzidzi. Kwenikweni, tidathandizira ndi zomangamanga, ndipo panthawiyo njira zachitukuko zinali kusintha.

Zomwe zasintha

Tinaganiza zogwiritsa ntchito pang'onopang'ono, chifukwa tinamvetsetsa kuti njira zambiri zidzatha, ndipo ambiri "akunja" sangathe kupirira mikhalidwe yatsopano yogwirira ntchito moyang'aniridwa ndi aliyense.

Choyamba, tinapanga magulu osiyanasiyana ndipo tinaphunzira kukonza mapulojekiti poganizira zofunikira zatsopano. M'lingaliro la gulu tinakambirana zomwe zimachitika. Chotsatira chake chinali chithunzi cha mapaipi a msonkhano ndi onse omwe ali ndi udindo.

  • KODI: Git, Jenkins, Maven, Roslyn, Gradle, jUnit, Jira, MF Fortify, CA Harvest, GitlabCI.
  • CD: Ansible, Chidole, TeamCity, Gitlab TFS, Liquidbase.
  • Mayeso: Sonarqube, SoapUI, jMeter, Selenium: MF Fortify, Performance Center, MF UFT, Ataccama.
  • Kupereka (malipoti, kulumikizana): Grafana, Kibana, Jira, Confluence, RocketChat.
  • ntchito (kukonza, kasamalidwe): Ansible, Zabbix, Prometheus, Elastic + Logstash, MF Service Manager, Jira, Confluence, MS Project.

Zosakaniza zosankhidwa:

  • Knowledge Base - Atlassian Confluence;
  • Task tracker - Atlassian Jira;
  • Zojambulajambula - "Nexus";
  • Njira yophatikizira yopitilira - "Gitlab CI";
  • Dongosolo losasintha - "SonarQube";
  • Njira yowunikira chitetezo - "Micro Focus Forify";
  • Njira yolumikizirana - "GitLab Mattermost";
  • Kasamalidwe kasamalidwe kachitidwe - "Ansible";
  • Dongosolo loyang'anira - "ELK", "TICK Stack" ("InfluxData").

Iwo anayamba kupanga gulu lomwe lidzakhala lokonzeka kukokera makontrakitala mkati. Pali kuzindikira kuti pali zinthu zingapo zofunika:

  • Chilichonse chiyenera kukhala chogwirizana, makamaka potumiza code. Chifukwa panali makontrakitala ambiri monga panali njira zambiri zachitukuko zokhala ndi mawonekedwe awoawo. Zinali zofunikira kuti aliyense agwirizane ndi chimodzi, koma ndi zosankha.
  • Pali makontrakitala ambiri, ndipo kupanga pamanja kwa zomangamanga sikoyenera. Ntchito ina iliyonse yatsopano iyenera kuyamba mwachangu kwambiri - ndiye kuti, chitsanzocho chiyenera kutumizidwa nthawi yomweyo kuti opanga akhale ndi njira zothetsera mapaipi awo.

Kuti titenge sitepe yoyamba, kunali koyenera kumvetsetsa zimene zinali kuchitika. Ndipo tinayenera kudziwa momwe tingakafikire kumeneko. Tidayamba ndikuthandizira kujambula kamangidwe ka yankho lomwe mukufuna kutsata pazomangamanga komanso makina a CI/CD. Kenako tinayamba kusonkhanitsa chotengera ichi. Tinkafunikira chikhazikitso chimodzi, chofanana kwa aliyense, komwe ma conveyor omwewo amayendera. Tidapereka zosankha ndi mawerengedwe, banki idaganiza, ndikusankha zomwe zingamangidwe ndi ndalama ziti.

Chotsatira ndi kulenga dera - kukhazikitsa mapulogalamu, kasinthidwe. Kupanga zolemba zoyendetsera ntchito ndikuwongolera. Kenako pakubwera kusintha kwa conveyor thandizo.

Tinaganiza kuyesa chirichonse pa woyendetsa ndege. Chochititsa chidwi n'chakuti panthawi yoyendetsa ndegeyo, mulu wina unawonekera kubanki kwa nthawi yoyamba. Mwa zina, wogulitsa m'nyumba wa imodzi mwamayankhowo adaperekedwa pakukula kwa woyendetsa ndegeyo kuti ayambitse mwachangu. Chitetezo chinamudziwa pamene amayendetsa ndege, ndipo zinasiya chidwi chosaiwalika. Pamene tinaganiza zosintha, mwamwayi, gawo la zomangamanga linasinthidwa ndi yankho la Nutanix, lomwe linali kale mu banki kale. Kuphatikiza apo, izi zisanachitike zinali za VDI, koma tidazigwiritsanso ntchito pazothandizira. Pamagulu ang'onoang'ono sanagwirizane ndi chuma, koma pamagulu akuluakulu adakhala malo abwino kwambiri opangira chitukuko ndi kuyesa.

Zina zonse ndizodziwika bwino kwa aliyense. Zida zamagetsi mu Ansible zidagwiritsidwa ntchito, ndipo akatswiri achitetezo adagwira nawo ntchito limodzi. Stack ya Atlassin idagwiritsidwa ntchito ndi banki isanachitike. Zida zachitetezo za Fortinet - zidaperekedwa ndi anthu achitetezo okha. Choyimira choyesera chinapangidwa ndi banki, palibe mafunso omwe anafunsidwa. Malo osungiramo zinthu anadzutsa mafunso, ndinayenera kuzoloΕ΅era.

Makontrakitala adapatsidwa mulu watsopano. Anatipatsa nthawi yoti tilembenso za GitlabCI, ndikusamukira ku Jira kupita ku gawo la banki, ndi zina zotero.

sitepe ndi sitepe

Gawo 1. Choyamba, tidagwiritsa ntchito yankho kuchokera kwa ogulitsa apakhomo, mankhwalawa adalumikizidwa ndi gawo latsopano lopangidwa ndi DSO network. Pulatifomu idasankhidwa chifukwa cha nthawi yake yobweretsera, kusinthasintha kwapang'onopang'ono komanso kuthekera kopanga zokha zokha. Mayeso adachitika:

  • Kuthekera kwa kusinthika komanso kuwongolera kwathunthu kwa maziko a nsanja ya virtualization (network, disk subsystem, computing resources subsystem).
  • Makina oyendetsa makina oyendetsa makina (tempplating, snapshots, backups).

Pambuyo kukhazikitsa ndi kukhazikitsa koyambira kwa nsanja, idagwiritsidwa ntchito ngati malo oyika magawo agawo lachiwiri (Zipangizo za DSO, ndondomeko zachitukuko zamalonda). Ma seti ofunikira a mapaipi adapangidwa - kulenga, kufufutidwa, kusinthidwa, kusungitsa makina enieni. Mapaipiwa adagwiritsidwa ntchito ngati gawo loyamba la ntchito yotumiza.

Chotsatira chake ndi chakuti zida zoperekedwa sizikukwaniritsa zofunikira za banki kuti zigwire ntchito komanso kulekerera zolakwika. DIT ya banki idaganiza zopanga zovuta kutengera pulogalamu ya Nutanix.

Gawo 2. Tidatenga stack yomwe idafotokozedwa, ndikulemba zolemba zodziwikiratu komanso zosintha pambuyo pazigawo zonse kuti chilichonse chisamutsidwe kuchokera kwa woyendetsa kupita kudera lomwe mukufuna mwachangu. Machitidwe onse adayikidwa muzosintha zololera zolakwika (pomwe kuthekera uku sikuli malire ndi ndondomeko zoperekera chilolezo cha ogulitsa) komanso kulumikizidwa ndi ma metrics ndi machitidwe osonkhanitsa zochitika. IB idasanthula kuti ikutsatira zofunikira zake ndikupereka kuwala kobiriwira.

Gawo 3. Kusamuka kwa ma subsystems onse ndi zosintha zawo kupita ku PAC yatsopano. Zolemba zodzipangira zokha zidalembedwanso, ndipo kusamuka kwa ma subsystems a DSO kunamalizidwa mwanjira yokhazikika. Ma contours a IP Development adapangidwanso ndi mapaipi amagulu achitukuko.

Gawo 4. Automation of application software install. Ntchitozi zidakhazikitsidwa ndi otsogolera amagulu atsopano.

Gawo 5. Kudyera masuku pamutu.

Kufikira kutali

Magulu achitukuko adapempha kuti pakhale kusinthasintha kwakukulu pogwira ntchito ndi dera, ndipo kufunikira kofikira kutali ndi ma laputopu aumwini kunakwezedwa kumayambiriro kwa ntchitoyi. Bankiyi inali kale ndi mwayi wofikira kutali, koma sizinali zoyenera kwa opanga. Chowonadi ndi chakuti chiwembucho chinagwiritsa ntchito kulumikizana kwa wosuta ku VDI yotetezedwa. Izi zinali zoyenera kwa iwo omwe amangofunikira makalata ndi phukusi laofesi kuntchito kwawo. Madivelopa amafunikira makasitomala olemera, magwiridwe antchito apamwamba, okhala ndi zinthu zambiri. Ndipo, ndithudi, iwo amayenera kukhala osasunthika, popeza kutayika kwa gawo la ogwiritsa ntchito kwa iwo omwe amagwira ntchito ndi VStudio (mwachitsanzo) kapena SDK ina sikuvomerezeka. Kukonzekera ma VDI ambiri olimba amagulu onse achitukuko kunachulukitsa mtengo wa yankho la VDI lomwe linalipo.

Tinaganiza zogwira ntchito yofikira kutali mwachindunji kuzinthu za gawo lachitukuko. Jira, Wiki, Gitlab, Nexus, kumanga ndi kuyesa mabenchi, zomangamanga zenizeni. Oyang'anira chitetezo adafuna kuti mwayi wopezeka ukhoza kuperekedwa malinga ndi izi:

  1. Kugwiritsa ntchito matekinoloje omwe alipo kale ku banki.
  2. Zomangamanga siziyenera kugwiritsa ntchito madomeni omwe alipo omwe amasunga marekodi azinthu zamaakaunti.
  3. Kupeza kuyenera kukhala kokha pazofunikira zomwe gulu linalake likufuna (kuti gulu limodzi silingathe kupeza zomwe gulu lina limagwiritsa ntchito).
  4. Kuwongolera kwakukulu pa RBAC pamakina.

Zotsatira zake, dera lina linapangidwa la gawoli. Derali lili ndi zida zonse zachitukuko, mbiri ya ogwiritsa ntchito komanso zomangamanga. Kuzungulira kwa ma rekodi mu domeni iyi kumayendetsedwa ndi IdM yomwe ilipo kubanki.

Kufikira kutali kwachindunji kunakonzedwa pamaziko a zida zomwe zilipo kale. Kuwongolera kofikira kunagawidwa m'magulu a AD, omwe malamulo okhudzana ndi zochitika amafanana (gulu lazinthu = gulu limodzi la malamulo).

VM Template Management

Kuthamanga kwa kupanga msonkhano ndi kuyesa kuzungulira ndi imodzi mwa ma KPIs akuluakulu omwe amaikidwa ndi mutu wa gulu lachitukuko, chifukwa liwiro la kukonzekera chilengedwe limakhudza mwachindunji nthawi yonse yopangira payipi. Njira ziwiri zokonzekera zithunzi za VM zoyambira zidaganiziridwa. Choyamba ndi kukula kwazithunzi zochepa, kusasinthika kwazinthu zonse zamakina, kutsata kwambiri malamulo a banki okhudza zoikamo. Chachiwiri ndi chithunzi choyambira, chomwe chili ndi POPPO yolemetsa yoikidwa, nthawi yoyika yomwe ingakhudze kwambiri kuthamanga kwa payipi.

Zofunikira za zomangamanga ndi chitetezo zinaganiziridwanso panthawi yachitukuko - kusunga zithunzi zamakono (zigamba, ndi zina zotero), kuphatikiza ndi SIEM, zoikidwiratu zachitetezo malinga ndi miyezo ya banki.

Chifukwa chake, adaganiza zogwiritsa ntchito zithunzi zochepa kuti achepetse mtengo woti azisunga nthawi. Ndizosavuta kusintha OS yoyambira kuposa kuyika chithunzi chilichonse pamitundu yatsopano ya POPPO.

Kutengera zotsatira, mndandanda udapangidwa wa magawo ochepera ofunikira ogwiritsira ntchito, kusinthidwa komwe kumachitika ndi gulu logwira ntchito, ndipo zolembedwa kuchokera papaipi ndizoyenera kukonzanso pulogalamuyo, ndipo ngati kuli kofunikira, sinthani mtunduwo. ya pulogalamu yomwe idayikidwa - ingosamutsa chizindikiro chofunikira ku payipi. Inde, izi zimafuna kuti gulu lazogulitsa za devops likhale ndi zochitika zovuta kwambiri zotumizira, koma zimachepetsa kwambiri nthawi yogwira ntchito yofunikira kuthandizira zithunzi zoyambira, zomwe zingafunikire zithunzi zoposa zana za VM kuti zisungidwe.

Kufikira pa intaneti

Chopunthwitsa china ndi chitetezo cha banki chinali kupeza zinthu zapaintaneti kuchokera kumalo otukuka. Komanso, mwayi uwu ukhoza kugawidwa m'magulu awiri:

  1. Kufikira kwa zomangamanga.
  2. Kufikira kwa Madivelopa.

Kufikira pazipangizo zogwirira ntchito kudakonzedwa potengera nkhokwe zakunja ndi Nexus. Ndiko kuti, kupeza mwachindunji kuchokera ku makina enieni sikunaperekedwe. Izi zidapangitsa kuti zitheke kulumikizana ndi chitetezo chazidziwitso, zomwe zinali zotsutsana ndikupereka mwayi uliwonse kudziko lakunja kuchokera kugawo lachitukuko.

Madivelopa amafunikira intaneti pazifukwa zomveka (stackoverflow). Ndipo ngakhale kuti malamulo onse, monga tafotokozera pamwambapa, anali ndi mwayi wopita kuderali, sizikhala zosavuta nthawi zonse pamene simungathe kuchita ctrl + v kuchokera kumalo ogwirira ntchito ku banki mu IDE.

Chigwirizano chinafikiridwa ndi IS kuti poyamba, pa siteji yoyesera, mwayi udzaperekedwa kudzera mwa wothandizira banki pogwiritsa ntchito mndandanda woyera. Pambuyo pomaliza ntchitoyi, mwayi udzasamutsidwa ku mndandanda wakuda. Matebulo akuluakulu ofikira adakonzedwa, omwe adawonetsa zida zazikulu ndi nkhokwe zomwe zimayenera kupezeka poyambira ntchitoyo. Kuyanjanitsa kwa mafikidwewa kunatenga nthawi yochuluka, zomwe zinapangitsa kuti zitheke kulimbikira pakusintha kwachangu kwambiri ku mndandanda wakuda.

Zotsatira

Ntchitoyi inatha patangopita chaka chimodzi. Zodabwitsa ndizakuti, makontrakitala onse adasinthiratu mulu watsopano pa nthawi yake ndipo palibe amene adachoka chifukwa cha makina atsopanowo. IB safulumira kugawana nawo malingaliro abwino, koma samadandaula, momwe tinganene kuti amawakonda. Kusamvana kwachepa chifukwa chitetezo cha chidziwitso chimamvanso kuti chikulamulira, koma sichimasokoneza njira zachitukuko. Maguluwa adapatsidwa udindo wochulukirapo, ndipo malingaliro onse okhudza chitetezo chazidziwitso adakhala bwino. Banki idamvetsetsa kuti kusintha kwa DevSecOps kunali kosapeweka, ndipo idachita, m'malingaliro mwanga, mwanjira yofatsa komanso yolondola.

Alexander Shubin, womanga dongosolo.

Source: www.habr.com

Kuwonjezera ndemanga