CaaS

What is CaaS?

Containers as a Service, or CaaS (pronounced “cass”), enables mission partners to run an application and all its dependencies in isolated processes. These isolated processes, also known as code packages, have everything the app needs to reliably run its software in any environment (including the app, runtime, system libraries, etc.). With all critical elements packaged together, applications can be easily moved from one environment to another. Simply put, CaaS is like an application suitcase, with wheels.

CaaS is a modern IL4/5 Container Platform Cloud Service from DISA

On-Premise protection, behind the DISA communication infrastructure
NIPRnet accessible

Fully ATOed
DOD Identity Integrated - Global Directory (GFUD)
Compatible with public clouds and your on-prem solutions for true hybrid deployment options

As a Service Model, Billed Monthly to Mission Partners
Service delivered and maintained via modern DevSecOps principles and practices - DevSecOps, GitOps, Infrastructure-as-Code and heavy automation

Why CaaS?

Focus on your mission and apps

DISA handles the Kubernetes layer, updates, patching, etc, allowing you to focus on your app and mission
It can often months to operationalize a platform, let alone get an ATO.

DISA handles the platform ATO, reducing overhead burden and maintenance on your IT staff
Pay as you go - reduce large upfront costs; No hidden I/O fees.
Leverage DISA datacenter security advantages
On boarding assistance - tap into industry and DOD experts to partner with you on your container journey
Move at the speed of the mission - should you need to move your workload they are portable now and, in the future

When you build on CaaS you get consistency and choice

Portability across DISA data centers, your data centers, public clouds, and even the tactical edge
Portability and consistency across development, testing & production
Options now, and in the future as needs change

No vendor lock-in

A current challenge for many mission partners is portability, the ability to lift and shift applications and their dependencies from one environment to another. Application dependencies may be hard to locate, there may be limited hardware space to hold applications, or potential conflicts between programs running on the same computer. CaaS provides mission partners with portability to easily move applications from one environment
to another.

Features.

• Rapid application portability. The application and all its dependencies are bundled in a container, allowing mission partners to easily move applications from one environment to another.

• Faster access. Currently, it is difficult for mission partners to access container platforms. CaaS provides direct pathways for mission partners to access platforms.

• Faster start-up times. Containers are smaller (megabytes, instead of gigabytes), allowing a single operating system kernel to start up in a few seconds—versus the minutes required to start-up a virtual machine.

• Direct support. HaCCers partner with customers to develop container applications, providing expert support with portability, accreditation, and other requirements. This allows mission partners to focus their resources on application development.

Built on Red Hat OpenShift - A Fully CNCF Compliant Kubernetes Distribution and Container Platform
FIPS 140-2, CaC enabled

No vendor lock in - the containers are portable
Bug fixes and CVEs provided
Rich marketplace of 3rd party containers and operators
Underlying OS and Container Platform is a hardened, immutable Red Hat Enterprise Linux (RHEL) CoreOS

How to order CaaS.

The CaaS platform is operational and available for hosting containerized applications, as of 1 Oct 2022. If you are interested in hosting your containerized application on the CaaS platform, please use the contact us feature and our Cloud Hybrid team will reach out to you.

Frequently Asked Questions
Solution Comparison
Security Measures

Collapse All Expand All

1. What is a container?

Containers are packages of software that contain all of the necessary elements to run in any environment: from a private data center, to the public cloud, or even on a developer’s personal laptop.

2. What containers are available to use right now?

Web Servers, databases, application servers, middleware, compilers, interpreters, caching applications, messaging servers, machine learning, shells, security scanners, firewall, filtering, inspection, and most everything else. Large catalogs of containers exist that are free to use. Most vendors have their application in a supported container version as well as community supported containers with most mainline configuration variations.

3. What is Containers as a Service (CaaS)?

▸    CaaS is a modern IL4/5 Container Platform Cloud Service from DISA
▸    On-Premise protection, behind the DISA communication infrastructure
▸    NIPRnet accessible
▸    Fully ATOed
▸    DoD Identity Integrated - Global Directory (GFUD)
▸    Compatible with public clouds and your on-prem solutions for true hybrid deployment options
▸    As a Service Model, Billed Monthly to Mission Partners
▸    Service delivered and maintained via modern DevSecOps principles and practices - DevSecOps, GitOps, Infrastructure-as-Code and heavy automation

4. Why CaaS?

Focus on your mission and applications while DISA handles the Kubernetes Layer: Updates, patching, etc. DISA handles the platform ATO, reducing overhead burden on your IT staff. DISA handles the platform ATO, reducing overhead burden and maintenance on your IT staff while you pay as you go, taking advantage of DISA datacenter security. CaaS has Industry and DoD experts to help you onboard, moving at the speed mission.

5. Why would I want to containerize my application?

Release code faster
Cost Savings
Simpler, lighter, and denser than Virtual Machines
Manage application through code
No OS to maintain
Eliminate Configuration Drift
Simplified Networking
Large catalogs of applications to build from
Deploy to more environments

Speed of Mission
Efficiency
Density
Standardization, Auditing, Version Control
Lightweight
Standardization
Efficient Deployments
No Wheel Rebuilding
Portability, Scalability

6. What are the cost saving benefits for mission partners?

Given equal CPU and RAM, CaaS is about ½ the price of a traditional hosted virtual server running in a DISA datacenter.

7. What capability gap does CaaS meet?

Cloud Native Applications and applications seeking modernization can utilize CaaS to develop or host production container based applications. Code based deployments are constantly monitored through CI/CD pipelines.

8. Is CaaS operational now?

Yes, we began offering the service on 1 October 2022.

Collapse All Expand All

1. How does CaaS compare to commercial containers?

A CaaS and commercial application deployment would be very similar and one of the benefits of containerization is the portability between environments. It is likely that if your container runs anywhere else, it runs on CaaS also. However, CaaS is on premise and may easily integrate with existing DISA hosted services to create a hybrid operating environment or transition into container based infrastructure. CaaS inherits many DISA security controls and comes with NIPR connectivity.

Collapse All Expand All

1. Red hat Advanced Cluster Security

Provides detailed CVE and vulnerable configuration detection in the hosted namespace for running containers.

2. Red Hat Core OS

An OS designed for hosted Cloud Based applications.

3. Role Based 2FA

Integrated with GFUD, signing in to OpenShift is easy and CAC protected.

4. FIPS

A high standard for cryptography, enabled at install time on the physical nodes.

5. Red Hat Compliance Operator

Protects the cluster itself from misconfigurations.

6. SELInux

Protects against arbitrary inter-container access and access to the nodes from containers.

7. Arbitrary IDs

A container runs without node level root access, although it can access all of its own assigned resources and no more.

8. Hosted Physically Inside DISA data center

Download the Slick Sheet