Richard Bucker

Zero Trust Network

Posted at — Nov 9, 2020

Zero Trust Network has a new meaning to me. “It’s an architecture not a product”. The theme presented in a 2019 talk has multiple vectors:

The list if remediation tools is tricky; standouts are:

What is interesting is that docker does this (batteries included), however, like most systems there is a necessary admin backplane that is no more or less vulnerable. If you try to implement these features in a ESX cluster, or baremetal cluster the SDN bits are left for the admin to manage. And as you balance the effort and enterprise cost between them. And then there is datacenter workload density.

I’m not advocating a particular solution here… but for the last 5 years my development environment was based on CoreOS which has since been acquired by RedHat and deprecated (EOL), rebranded and repackaged. Granted, I discovered late that deploying my tools like cattle instead of pets meant having a proper bootstrapping operation. And so I failed there. I also developed a deep dependency on GITLAB which is terribly fragile and I nearly lost the entire tree at one point. I underestimated the amount of disk space I was going to need.

Sidebar notes:

So much more to review.