© 2020 Jackpine Technologies Corp. All Rights Reserved.
© 2020 Jackpine Technologies Corp. All Rights Reserved.
CONS3RT makes users
successful and productive in any Cloud.
It is a platform for getting things done!
© 2020 Jackpine Technologies Corp. All Rights Reserved.
What is CONS3RT?
CONS3RT delivers Cloud, Security, and DevOps orchestration…simultaneously across multiple
public & private Clouds…with Automation and Validation… and DevOps across your favorite tools
and the entire lifecycle.
It provides self service access to…automated provisioning
of applications, configs & data…source code builds… and ElasticTest™, for
functional & performance Tests, security scans, and network defense.
Along with…workflow orchestration… access to shared Library of Assets for
true collaboration…and a whole new level of
System design discipline.
© 2020 Jackpine Technologies Corp. All Rights Reserved.
CONS3RT …
• is strategic DevOps vs. tactical
DevOps
• works across the entire lifecycle
• pulls together good, focused DevOps
tools into a cohesive solution
• Puppet • Docker
• Jenkins • Codeship
• Ansible • Git
• and many more
• enables users to leverage IasS to
deliver PaaS and SaaS solutions
• includes simple, easy, and secure
access to Systems in the Cloud
• and ElasticTest™ deliver on-demand,
cross-Cloud test & security validation
• is the key to correct design,
development, and deployment
discipline
• is a user self-service environment.
• builds and deploys secure Systems
• uses modular construction and
execution of complex Cloud
deployments
• involves shared library of reusable
building to reuse knowledge
investment
• provides rapid access to resources
across public and private Clouds
• includes the ability to develop in one
Cloud and deploy within another at
ANY time
© 2020 Jackpine Technologies Corp. All Rights Reserved.
Enterprise DevOps need a framework to orchestrate the entire software delivery pipeline. CONS3RT unifies all your DevOps tools into a “single pane of glass,” allowing users to automate the entire software delivery and deployment
process. The entire delivery team can collaborate to deliver software releases in a defined, consistent, and repeatable manner, cutting release times from months to weeks and task times from days to hours or even minutes.
Unify All Your DevOps Tools
© 2020 Jackpine Technologies Corp. All Rights Reserved.
Success
• Commercial (www.cons3rt.com) and Government sites
• More than 8M+ hours of deployed systems across all sites
• 3,000+ registered users.
• More than 200,000 systems launched into clouds
• More than 20,000 reusable assets including applications,
test, security and lockdown
• Primary cloud orchestration platform in the Department of
Defense (DoD)
• Successful subscription business model in Government
sector, across multiple contracts
• Operating at ALL security classification levels
© 2020 Jackpine Technologies Corp. All Rights Reserved.
CONS3RTIntegration “Lab”
Change the Approach
Traditional: Integration “Labs”All users have to request & schedule access to and share the same resource pool, manually rebuild their entire System for each event, coordinating resources, people, calendars …
LDAP
External WebService
Data
Web Servers
Web Service
Today: CONS3RTUsers can manually or automatically deploy their own complex Systems from a library of resources in hours (or even minutes) as often as necessary…
... and include multiple validations in these automated workflows.
… activities leave behind artifacts and require constant care and maintenance on the Systems.
Don’t fall in love with your servers, fall in love with your design!
© 2020 Jackpine Technologies Corp. All Rights Reserved.
Web Application
Life Cycle Automation
CONS3RT empowers the user to …• work in private, secure Project spaces
• collect and share building blocks
• use these to create simple to complex
multi-System Scenarios
• install and configure multiple Software Applications
• optionally add the Source Code • launch into one or more public and/or
private Cloud resources• easily and securely connect to Systems• run manual & automated Tests/Scans • save, manage, update and reuse
these repeatable designs
• build community around similar
development challenges
• and automate the process!Asset Library
Operating System
Test Cases
Software
Data Sets
Configurations
Scenarios
Virtual Machines Hardware
Devices
� �
Source Code
Web ApplicationWeb Application
Project A Project B Project C Project D
© 2020 Jackpine Technologies Corp. All Rights Reserved.
Key Features
Automated Security ElasticTest
Remote AccessCloud Abstraction• Secure, encrypted access to deployed Systems
through RDP, VNC, and/or SSH
• File transfer
• Clipboard to/from local machine
• All via browser – no plugin required!• Accredited solution
• Proven performance
• Built in load balancing
• Removes major barrier to adoption
• Works across all cloud technologies
• Not Public vs. Private but Public & Private• IaaS is already commodity
• Make choice real time based on:
• Performance • Cost
• Security • Access
• Tasking • Location
• Unified interface
• Consistent access to system
• Portability, scalability,
availability
• Make ‘elasticity’ more
than a buzz word
© 2016 Jackpine Technologies Corp. All Rights Reserved.
ElasticTest™ Flow
Benefits • Built on-demand • Tool is local so it can reach its target • Less disruptive traffic • Isolated activities • Elastic resources • Efficient use of license investment • No management of system necessary • No expertise required to execute but… • Power users can still customize ElasticTest™ Enabled Tools • Tenable Nessus • HP Fortify • Web Exploit • Worksoft Certify • CA LISA • Script • smartBear SoapUI • Sonarlint ElasticTest™ SDK (beta)
Cloudspace Boundary System A
System B
System C
Cloudspace Boundary
System A
System B
System C
ACAS
System A
System B
System C
Exploit Test
CONS3RT System A
System B
System C
Cloudspace Boundary
CONS3RT
System A
System B
System C
Performance Test
• Infrastructure built on-demand
• Tool is local, so it can reach its target
• Less disruptive traffic
• Isolated activities
• Efficient use of license investment
• No management of System necessary
• No expertise required to execute but…
• Power users can still customize
Enabled Tools• Tenable Nessus • HP Fortify
• Web Exploit • Worksoft Certify
• CA LISA • Script
• smartBear SoapUI • Sonarlint
• Baked into design & execution
• Application quality
• Configuration discipline & management
• Source Code Analysis
• Industry Best Practice Lockdown
• Vulnerability Scans
• Penetration Testing
• Patch Management
• Policy Enforcement
• Monitoring Configuration & Analysis
• Entire Ecosystem into Design
• Validate Alternatives in Real Time
© 2020 Jackpine Technologies Corp. All Rights Reserved.
Key Services
If an organization can’t use the DIY approach,
• Asset Development:• Software Components
• Simple to complex environments
• Training
• Cloud Migration:• Architecture review
• Application migration
• Tier 3 CSSP
• Event Support• Program management support
• Subject matter expertise
• Evaluation and assessment
Example: Complex Environment
© 2020 Jackpine Technologies Corp. All Rights Reserved.
And many more…
• Impact Level Governance• Mobile Device & IoT Clouds
• Custom User Properties
• Granular Assets States & Status
• More OS types (e.g. Fortinet, F5,
VyOS, Atomic)
• System Resource Resizing
• Instance Limits
• Asset States• Project Dashboards
• Data Impact Level (IL) Enforcement
• Offline System Install & Config• Cloudspace Audit & Logging
• ReST API• Cloud portable system designs • User Created Accounts & Passwords
• Slack Integration
• Regular Security Enhancements
• Cloudspace Create
• Virus Scans
• Asset Builder Wizard• vGPU capabilities
• Certified Assets
New releases every two weeks
© 2020 Jackpine Technologies Corp. All Rights Reserved.
Use Cases
DevOps• Continuous integration &
delivery
• Use favorite tools
• Infrastructure as code
needs the same tools &
discipline
Cyber Security• Private space
• Use favorite tools
• Get started today
• Flexible resources
• Remote access
Cloud Migration• Understand current state
• Compliant architecture
• Accreditation artifacts
• Security tools
Integration & Test• Integrate teams real time
• Uncover issues early
• Hands on collaboration
Exercises & Events• Connect programs &
industry
• Private & joint spaces
• Evaluation phases
Training• On-demand resources
• Customize curricula
• Freedom to try & fail
• Rinse/repeat
© 2020 Jackpine Technologies Corp. All Rights Reserved.
www.cons3rt.com
John Casebolt Peter Walsh
[email protected] [email protected]
(978) 637-2923 x202 (617) 816-6001
© 2020 Jackpine Technologies Corp. All Rights Reserved.
BACKUPS
© 2020 Jackpine Technologies Corp. All Rights Reserved.
TECHNOLOGY
COMPARISON
© 2020 Jackpine Technologies Corp. All Rights Reserved.
Key Functionality: ToolsetsCONS3RT HP
OrchestratorVMwarevRealize
AWS OpsWorks
Puppet Pivotal CloudFoundry
In-house Tool Chain
Hybrid Clouds yes need to add no no n/a no need to add
Cloud Abstraction yes need to add no no n/a no no (possible?)
Multiple Clouds yes need to add VMware only yes n/a no need to add
VM provisioning yes yes yes yes no yes need to add
App Provision/Config
yes need to add need to add yes (Chef only) yes yes (PCF apps
only)
yes
Reusable Assets yes no partial yes no yes no
Build automation yes need to add need to add no no no yes
Test Automation yes need to add need to add no no no need to add
Multiple Test Tools yes no need to add no no no need to add
Test Tool SDK beta no no no no no no
PKI Support yes no no no no no no
Platform Neutral yes yes yes yes no no no
Mixed Projects yes yes yes yes partial no no
Hardware support yes need to add no no no no no
API ReST yes yes yes yes yes separate pieces
Accreditations All DoD
levels
no no not in GovCloud no no no
License DoD
Comm.
Commercial Commercial part of service Open Source Commercial OpenSource/
mixed
© 2020 Jackpine Technologies Corp. All Rights Reserved.
Key Functionality: TechnologiesCONS3RT IaaS PaaS Commercial Cloud In-house Tool
Chain
Examples - vCloud
OpenStack
Cloud Foundry
OpenShift
AWS, Azure Jenkins + Puppet +
some test tool
Hybrid Clouds yes partial no no need to add
Cloud Abstraction yes no partial no no (possible?)
Multiple Clouds yes no partial no need to add
VM provisioning yes yes no yes need to add
App Provision/Config yes no partial partial yes
Reusable Assets yes n/a yes n/a no
Build automation yes no no need to add yes
Test Automation yes no no no need to add
Multiple Test Tools yes need to add no need to add need to add
Test Tool SDK beta no no no no
PKI Support yes no no no need to add
Platform Neutral yes yes no yes no
Mixed Projects yes yes partial yes no
Hardware support yes no no no need to add
API ReST yes yes yes individual pieces
Accreditations All DoD levels some site specific some site specific FedRamp no
© 2020 Jackpine Technologies Corp. All Rights Reserved.
USER SUCCESSES
© 2020 Jackpine Technologies Corp. All Rights Reserved.
Real World Use Cases
• Security Compliance
• New Development
• User Assessment
• Regression Testing
• “What if...?” Analysis
• Cross Organization Collaboration
• Training
• Vendor Distribution
• Elasticity
• Lab Management
• Product “Bake-Offs”
• Cyber Assessment
• Continuous Integration
• Data Center Migration
• Customer Support
© 2020 Jackpine Technologies Corp. All Rights Reserved.
Customer Quotes
• 400% more test coverage
• Shortened time between release
from 6 months to 6 weeks
• Reduced bugs from 100+ to 5 per
release
Most comprehensive assessment of
external system
Potential to save $1M+ per labDeployed 60 operational classified
servers in two days
• Six Dev teams integrating seven
applications in HmC every week.
• Reduced Fortify code scan times
from 6-8 weeks to only 1 day
“[Pro services team] did some great
work, this is crazy!”
87% reduction in test execution timeTeam of 20 worked on similar idea for
two years with no success
Critical support for Cyber PlugTest
rapid acquisition model“More capable, lower cost than
alternatives”
© 2020 Jackpine Technologies Corp. All Rights Reserved.
User Successes: Dev & Test
ERP Team• 2,300+ automated tests
executed in first year
• 87% reduction in execution time
• 1M+ cloud VM hours
• Dedicated Test Automation Team
as of FY15
• Expanding to two other
enterprise systems (Oracle ERP,
Mainframe)
New Web Development• User assessment & test
• Agile UAT within one week of
code (users, testers, developers)
DoD C2ISR Program• 400% more test coverage
• Shortened time between release
from 6 months to 6 weeks
• Reduced “findings” at release
from low triple digits to a handful
• Automated deploys & tests every
night, posting results to
dashboard
ALM SaaS Provider• Working across cloud resources
• Multiple, simultaneous deploys
• Lower cost environments
• Cross team collaboration
© 2020 Jackpine Technologies Corp. All Rights Reserved.
User Successes: Operations
Collaboration Service Operations• Deployed 60 secured servers in
two days
• Recovered 35 deleted production
VMs in less than 2 hours
• Stood up classified site in 2 days
• Patch cycle management
Aircraft Maintenance Database• Moving from datacenter to Cloud
• Solved access problem
• Reduced fielding costs for tools
and infrastructure
Hosted Platform Service• Reduced System-fielding time of
compliant production System from
4 days to 3 hours
• Reduced costs to mission partners
Intel Agency• Had a team of 20 working on
similar capability for two years with
little success
• Shifted and adopted CONS3RT;
had it installed in less than 30 days
© 2020 Jackpine Technologies Corp. All Rights Reserved.
User Successes: Cyber
Training• Self-service resources
• Share tools across Teams
• Safe zone for vulnerable systems
• Unlimited retries
Exercises• Elastic resources
• Reuse knowledge investment
• Substantial cost savings
• Rinse & repeat as needed
• Travel and on-site not required
Development• Rapidly and iteratively develop
tools in response to threats
• Access to networks
• Unclassified & classified
capacity
• Easy access
• Collaboration across locations
© 2020 Jackpine Technologies Corp. All Rights Reserved.
User Successes: Acquisition
Sec. of Air Force PlugFest Initiative• Immediately available infrastructure
• Simplified delivery of Government
software and configs to participants
• Access for “new to DoD” players
• Controlled, incremental data access
• Regular updates rolled to all Teams
AFLCMC Cyber PlugTest• PlugFest Initiative v2.0
• Extending into Cyber Security
• First event: Mobile Device testing
Program Re-Compete• Shared baseline GOTS
• Common test data
• Access for evaluators
• Part of selection criteria
Vendor “Marketplace”• Vendors create assets for their
products
• Validate running in Government
environment
• Accessible by programs to test
drive/pilot