By connecting networks and devices to the larger Internet, military, law enforcement, and other state, local, and federal government agencies are opening the door to cyber risks. In most instances, the risk is worth the benefits of connectivity. However, in some situations, the risk or ramifications of a potential breach or successful hack is so great that the network or device needs to operate in an air-gapped environment.
There are certain mental images that arise when people discuss air-gapped environments. Those mental images often include archaic computers that still operate with floppy disks and remain disconnected from the Internet because they’re responsible for the targeting and firing of nuclear weapons.
But air-gapped environments don’t always have to be completely disconnected to be considered secure. And not every network or device that the government wants to exist in an air-gapped environment can start World War Three. Private clouds can be considered air-gapped. And some law enforcement agencies may find it advantageous in the age of increasingly sophisticated cyber threats to keep their networks, applications, and devices in an air-gapped environment.
But what happens when developers need to create applications for air-gapped devices and networks? What challenges does a lack of connectivity create in the applications development and deployment process? And how can modern development platforms that require connectivity or are cloud-native be used to develop for air-gapped environments?
To get the answers to these questions, we sat down with the Chief Technology Officer of D2iQ, Deepak Goel, to talk about what exactly the government means when it says, “air-gapped,” and how platforms like Kubernetes can be used to develop for air-gapped environments.
Here is what he told us:
GovDevSecOpsHub (GDSOH): What is an “air-gapped” environment? In today’s network-enabled and universally-connected government, does a truly “air-gapped” environment even exist anymore?
Deepak Goel: A “true” air-gapped environment is one that has absolutely no Internet connectivity. But you don’t need an environment to be completely disconnected to be considered air-gapped. I have encountered deployments that have restricted access to the internet, and those are still categorized as air-gapped.
Surprisingly, there are still “true” air-gapped environments that exist in our network-connected and network-enabled world. In fact, we have seen true air-gapped environments not only at government sites, but also in certain commercial customer environments.
GDSOH: Are there types of cloud environments, such as private clouds, that could be considered “air-gapped?”
Deepak Goel: That is correct. As I mentioned, sometimes restricted access to the Internet is also categorized as air-gapped.
AWS GovCloud, AWS C2S, AWS SC2S, as well as other private cloud solutions can be considered air-gapped by military and government organizations.
“Kubernetes…isn’t built with air-gapped environments in mind. Maintaining a private container registry that is highly available is, in itself, a huge burden that takes a significant amount of a developer’s time and keeps them from actually developing business-critical applications.” – Deepak Goel
GDSOH: Are there any scenarios or situations in which the federal government, law enforcement agencies, or military organizations would need to use Kubernetes in an “air-gapped” environment? What would those scenarios look like?
Deepak Goel: Yes, these agencies use Kubernetes in an air-gapped environment primarily for security reasons. They work in a very secure, protected, and closed environment where nothing can leave the premises either physically or via network.
GDSOH: What benefits would these organizations possibly get from building applications and using Kubernetes in “air-gapped” environments?
Deepak Goel: The main benefit is security. However, security can be further broken down into having more control on the container images of the applications running on top of Kubernetes. These images can be scanned for critical vulnerabilities before uploading them to the private container registry.
Operators have peace of mind as no one can accidently run a compromised image. Even then if an application gets compromised, it cannot send any sensitive information out to the internet.
“…agencies use Kubernetes in an air-gapped environment primarily for security reasons. They work in a very secure, protected, and closed environment where nothing can leave the premises either physically or via network.” – Deepak Goel
GDSOH: Why is application development and Kubernetes use difficult in “air-gapped” environments? What inherent in the solution makes this difficult?
Deepak Goel: It’s difficult because Kubernetes by architecture isn’t built with air-gapped environments in mind. Most of the developer’s workflow involves pushing container images from their CI system to the public container registries, such as Docker Hub, GCR, ECR, and others.
Maintaining a private container registry that is highly available is, in itself, a huge burden that takes a significant amount of a developer’s time and keeps them from actually developing business-critical applications. Testing an air-gapped Kubernetes environment is equally difficult because it is difficult to create a true air-gapped environment.
If developers are trying to simulate an air-gapped environment in the cloud, then they need to understand how various objects – such as routing tables, gateways, NAT devices, interfaces, compute instances, and load balancers – are interconnected. They also need to ensure their simulated, air-gapped environment is still connected to their CI system to be able to run their test automation.
“A “true” air-gapped environment is one that has absolutely no Internet connectivity. But you don’t need an environment to be completely disconnected to be considered air-gapped.” – Deepak Goel
The fact that container registry sits outside of Kubernetes – and is an integral part of using the platform – makes it difficult to run Kubernetes in an air-gapped environment
GDSOH: How does the D2iQ Enterprise Kubernetes Platform (DKP) make using Kubernetes in air-gapped environments possible?
Deepak Goel: When building DKP, we took an “air-gapped first” approach with Kubernetes. We built automation around testing Kubernetes in an air-gapped environment. This ensures that any new feature that we develop is air-gapped environment compatible.
We have also automated the provisioning flow of Kubernetes, which makes it easy to provision an air-gapped Kubernetes cluster.
All of that is useless if the customer doesn’t know how to use it. So, we also provide detailed documentation about the necessary steps needed to successfully run Kubernetes in an air-gapped environment.
To learn more about what’s happening with Enterprise Kubernetes, what to do, and what to avoid, click HERE to download a complimentary copy of the, “2021 Gartner Market Guide for Container Management.”