Green-Field conception of a private cloud

Jan Gönnecke

Green-Field conception of a private cloud

The Task

Through the mediation of a leading provider of cloud products, we were able to plan the architecture of a complete private cloud infrastructure, supervise its implementation and organize the onboarding of developers. The “catch” of the project: no internet access.

This type of infrastructure, also known as dark site or airgapped environment, poses completely new challenges. After recording the requirements and evaluating the key features of an MVP, a platform was created over several month that now offers self-service portals for services on CloudFoundry and Kubernetes for internal developers.

Further challenges

Although the connection to the Internet does not exist, the platform was not spared from the requirement of internal security. Services may only communicate in encrypted form and a separate key management system had to be implemented. On the one hand, this had to be as secure as technically possible, but on the other hand it had to allow certificates to be obtained automatically.

It was also necessary to prevent individual employees from building up island knowledge while the environment was being set up. To avoid this, pair programming was used and the area of responsibility was changed on a daily basis. With the help of this methodology, knowledge can be transferred efficiently and the risk of malicious code being introduced is also reduced, as the circle of people who know about the function of the code is extended to the entire team.

The customer described above is still being supported today and we continue to receive positive feedback.