144 lines
5.3 KiB
Markdown
144 lines
5.3 KiB
Markdown
- DONE [[Plug-in framework vision and strategy]]
|
|
completed:: [[06-05-2025]]
|
|
collapsed:: true
|
|
- can we target a date for this.
|
|
- DONE pick a date
|
|
completed:: [[06-05-2025]]
|
|
- This is gaining more priority everyday. It will be great to target the first version for review amongst the three of us next week.
|
|
- DONE **Morpheus Road Map Review with Cheri** on [[05-20-2025]] and [[05-21-2025]] .
|
|
completed:: [[06-05-2025]]
|
|
- More context on this - Essentially, we need to provide a Morpheus roadmap, high confidence roadmap for the next two quarters, and a medium confidence roadmap for the 12 months after that. Again, the priority here is to have a very high confidence clear roadmap for the next two quarters To an extent that it can be communicated with dates to external customers.
|
|
- DONE review current roadmap in AHA (any big groups?)
|
|
completed:: [[06-05-2025]]
|
|
- DONE review items in "**FW: PCFS 1st monthly backlog, release and roadmap planning - May 21 & 22**" email
|
|
completed:: [[06-05-2025]]
|
|
-
|
|
- Neil van Ransburg 1:1 #call #[[plugins and integrations]] #morpheus
|
|
collapsed:: true
|
|
- ISV plugins
|
|
- morpheus supported
|
|
- partners upported
|
|
- get NDA in place + alliance docs in place
|
|
- low bar to entry at the moment
|
|
- terms of use (EULA) + plugin source license (based on terraform BSL)
|
|
- no certification or SLA in place today
|
|
- informal QA testing from our engineering team
|
|
- no strict process in place
|
|
- overhead was key blocker
|
|
- based on the terraform module processes
|
|
-
|
|
-
|
|
- community
|
|
- spend largest amount of time doing enablement
|
|
- certifiation of external plugins?
|
|
- list of isvs who are creating plugins
|
|
- https://share.morpheusdata.com/plugin
|
|
- Maven central (plugin core) = interace to mopheus
|
|
- Captures
|
|
- 
|
|
- plugins are classes are exposed via grooxy classes
|
|
- 
|
|
- High interest tight now
|
|
- openshift virtualization is high priority
|
|
- SSE tam under divaker want to do this
|
|
- USU -
|
|
- tryting to target asia tech jam
|
|
- Exavity
|
|
- stackit
|
|
- german service provider
|
|
- helped build this plugin, then got stuck on floating IPS
|
|
-
|
|
- 
|
|
-
|
|
-
|
|
- Eric Forgette 1:1 #call #morpheus #security #architecture
|
|
- Security processes/standrds for developmet
|
|
- Architectural Threat Analysis?
|
|
- architecture overview and current thinking on future
|
|
- as we are designing new features in HPE (not yet the process for the core eng. team)
|
|
- design doc
|
|
- security design doc
|
|
- one observation
|
|
- implemetation of MKS takes a very simlar approach to k8s as it does vmware
|
|
- leverage RBAC in morpheus, then if allowed AuthZ, then elevated to run the command
|
|
- Central Service
|
|
- cloud based mgmt of multiple morpheus installs
|
|
- PCCP = just morpheus
|
|
- big changes in PCE - getting more features
|
|
- PCBE -
|
|
-
|
|
- SilverCreek == GLP on prem?
|
|
- disconnnected PCAI - control plane is huge, expensive on prem
|
|
-
|
|
- Adam Lipscombe 1:1 #call #morpheus #security
|
|
- + Greg Willis
|
|
- **Security processes/standards for development**
|
|
- SDLC and guidelines
|
|
- OWASP top 10
|
|
- **SLA based on CSSV scroring**
|
|
- internal engineering process, doesn't hit AHA!
|
|
- VTN is notification mechanism
|
|
- noticed as sent to security
|
|
- Adam/Gram
|
|
- the review notifications
|
|
- if needs rememdiation
|
|
- then goes it 'shortcut' (old Jira alternative)
|
|
- also triggered via support tickets to Adam
|
|
- **process today**
|
|
- featues goes to backlog
|
|
- this means approved by committe
|
|
- development happens
|
|
- in branch
|
|
- summited for PR
|
|
- non-trusted have PR
|
|
- trusted developers peer-review on submisison to dev branch
|
|
- Dev goes through QA cycle
|
|
- functional testing
|
|
- at code freeze promoted to staging
|
|
- regression testing
|
|
- release tag on pass etc
|
|
- **Morpheus**
|
|
- Architectural Threat Analysis? (see Estes)
|
|
- **Current State**
|
|
- HVM not tracked in same process
|
|
- multi-tenant arch
|
|
- seperation via rbac and encrytion
|
|
- config code is encrypted on upload by customer
|
|
- agent methodology
|
|
- subscribes to queue
|
|
- comms channels and authz
|
|
- only way to get inside the system would be via the applicaiton code
|
|
- VTN instead of Git dependabot
|
|
- app pentesting - was used in the past
|
|
- but no longer used
|
|
- moving to HPE armor
|
|
- 3rd party pen testing every year
|
|
- nothing found in last 4 years
|
|
- some rapid7 testing happening now
|
|
- morpheus tested on the PCE end of things
|
|
- arch diagrams
|
|
- ref arch diagrams
|
|
- Tiered model
|
|
- SQL database
|
|
- elastic
|
|
- rabbitmq messaging
|
|
- app tier
|
|
- 2 parts
|
|
- nginx web proxy
|
|
- tomcat container for ui/app
|
|
- bouncycastle generates keys etc
|
|
- Cypher used for key store
|
|
- Lots of requests from customers re more security features
|
|
- e.g. create users in external IAM
|
|
- sec config testing
|
|
- Certificaitons/regualtions
|
|
- before HPE - only a shippable software
|
|
- not a saas etc
|
|
- hardening guides
|
|
- disa
|
|
- tested up to CIS level 1 and 2
|
|
- post HPE
|
|
- having to shift into a sevice offering
|
|
- no one has connected the dots here yet on compliance
|
|
-
|
|
- ((6814dcc7-6319-4582-8c00-642a273286ab)) |