Course Overview
As an infrastructure administrator or security professional, this course prepares you to identity and mitigate threats to OpenShift container-based infrastructure. You will also understand how to implement and manage secure architecture, policies, and procedures for modern containerized applications and software-defined networking.
You will discover how to use secure and trusted container images, registries, and source code; manage network and storage isolation; implement application single sign-on; and configure appropriate security constraints and service role–based access control. You will also understand how existing core Linux technologies - such as namespaces, cgroups, seccomp, capabilities, and SELinux—provide a robust and mature host environment with strongly secure containers.
This course is based on Red Hat®Enterprise Linux® 7.5, Red Hat® OpenShift® Container Platform 3.11, and Red Hat® Identity Manager 7.5.
Course Objectives
As a result of attending this course, you should be able to use security technologies included in Red Hat OpenShift Container Platform and Red Hat Enterprise Linux to manage security risk and help meet compliance requirements. You should be able to demonstrate these skills:
Use recommend practices to ensure that images for container deployment come from trusted sources, including the use of secure registries, signed images, secure access protocols, and authorized access controls.
Explain and implement advanced SELinux techniques to restrict access by users, processes, and virtual machines.
Configure security context constraints to control the actions that pods can perform and to declare what a pod has the ability to access.
Implement the Linux computer security (seccomp) and Linux capabilities features to control the vulnerability footprint of a containerized application.
Implement and configure single sign-on for web applications, including the use of JWT for token sharing.
Explain and implement network isolation and encryption techniques to segregate application traffic to allow only authorized access.
Implement and explain storage management techniques to segregate volume storage I/O to allow only authorized access.
Observe and explain how the build process can be extended to include automated security testing and vulnerability scanning to ensure that no exploits are introduced into the final container images to be deployed.
Manage container deployment policies and configuration to control application placement, resource capacity, container affinity, and application demand scaling.
Manage OpenShift project access and quotas to ensure private and authorized self-service access, as well as to limit exposure to rogue tokens and denial-of-service attempts.
Who Should Attend?
This course is designed for professionals responsible for designing, implementing, maintaining, and managing the security of containerized applications on Red Hat Enterprise Linux systems and in Red Hat OpenShift Container Platform installations, including these roles: System administrators, IT security administrators, IT security engineers, DevOps engineers, Cloud developers, Cloud architects
United Training is committed to working as a partner with our clients. Choose United Training and take advantage of the following benefits.
- Robust Public Enrollment Schedule. Enjoy access to hundreds of Guaranteed to Run dates across a diverse catalog of course titles.
- Private Group Training. Let our world-class instructors come to you to deliver training at your place of business or we can present to your team online using our Virtual Instructor-Led Training platform.
- Custom Training Solutions. Our subject matter experts can customize the class to specifically address the unique goals of your team.
- Free Re-Takes. Most completed United Training courses carry our unbeatable Learning Guarantee. This guarantee allows students to repeat most United Training courses, if they are the same version, FREE OF CHARGE, within six months of completion of the courses. Exceptions: Cisco, Citrix, VMware, Red Hat, and courses provided by affiliated 3rd party training providers.
Agenda
1 - DESCRIBE HOST SECURITY TECHNOLOGIES
- Understand the core technologies that make Red Hat Enterprise Linux a robust and trusted container host.
2 - ESTABLISH TRUSTED CONTAINER IMAGES
- Describe the registries, services, and methods that comprise the Red Hat image ecosystem.
3 - IMPLEMENT SECURITY IN THE BUILD PROCESS
- Learn automated methods for integrating security checks into build and deployment pipelines.
4 - MANAGE USER ACCESS CONTROL
- Apply methods for integrating and managing user authentication for operators and for web applications.
5 - CONTROL THE DEPLOYMENT ENVIRONMENT
- Determine how a container platform secures the deployment process through policies and automation.
6 - MANAGE SECURE PLATFORM ORCHESTRATION
- Study how a container platform secures the orchestration process through policies and infrastructure.
7 - PROVIDE SECURE NETWORK I/O
- Discover the technologies and control features that enable multitenancy and project isolation.
8 - DELIVER SECURE STORAGE I/O
- Enable authorized, multitenant storage access through a firm understanding of related technologies and control features.