Merge pull request juju#141 from anthonydillon/linkify-site

Linkify site

templates/about/beyond-configuration-management.html

@@ -78,7 +78,7 @@ <h3 id="open-source">Open source principles and practices</h3>
 <p>
 An open source operator will not be perfect initially. It will likely handle just the situations that its original developer needed. But it serves to attract a community and contributors, each of whom bring new insights and perspectives and experience. Just as open source gains momentum and depth, an open source operator delivers better and better operations, until it is the world’s best expert in a package.
 </p>
-<h2 id="experience">Consistent experience</h2>
+<h2 id="consistency">Consistent experience</h2>
 <p>
 In order for operations to become simple despite the richness and diversity of software, we are required to integrate and run, the administration experience of diverse applications must become consistent.
 </p>

templates/about/devsecops.html

@@ -4,48 +4,48 @@
 
 {% block meta_copydoc %}https://docs.google.com/document/d/10tjWftKVRrmsUn9R5vSLlRtLS0o0nwBbKA4Av5m840w/edit#{% endblock meta_copydoc %}
 
-{% block meta_description %}The Open Operator Collection community brings ‘many eyes’ to devsecops. Shared, open source operators represent best practice both for operations and for security, greatly increasing quality and reducing the cost of high-security, compliant operations for all end users of the operator collection.{% endblock %}
+{% block meta_description %}Juju has security at its core.  Shared, open source operators distill best practice both for operations and for security, to ensure safe deployments across the global community.{% endblock %}
 
 {% block about_content %}
 <h1>Community-driven DevSecOps</h1>
 <p class="p-heading--four">Combining the operator pattern and devsecops<br>with open source community processes</p>
-<h2 id="hardening">Hardened open source operators</h2>
+<h2 id="hardened">Hardened open source operators</h2>
 <p>The Open Operator Collection community brings ‘many eyes’ to devsecops. Shared, open source operators represent best practice both for operations and for security, greatly increasing quality and reducing the cost of high-security, compliant operations for all end users of the operator collection.</p>
 <h2 id="devsecops">What is DevSecOps?</h2>
 <p>DevSecOps means integrating the expertise of security specialists into the DevOps process.</p>
-<p>The shift to agile development, continuous integration and continuous deployment drove the rise of devops, combining development and production operations expertise into agile teams. Devops meant that development teams now also had to understand the production consequences of their work, taking responsibility for performance, upgrades, and reliability.</p>
-<p>DevSecOps extends this to recognise the importance of security. Since devops means faster deployments, there are fewer opportunities to review security before code is deployed to production. Instead of trying to address security after the fact, DevSecOps brings the security expertise into the devops team and makes security the responsibility of the combined group.</p>
+<p>The shift to agile development, continuous integration and continuous deployment drove the rise of devops, combining development and production operations expertise into agile teams. Devops meant that development teams also had to understand the production consequences of their work, taking responsibility for performance, upgrades, and reliability.</p>
+<p>Devsecops extends this principle to recognise the importance of security. Since devops means faster deployments, there are fewer opportunities to review security before code is deployed to production. Instead of trying to address security after the fact, Devsecops brings the security expertise into the devops team and makes security the responsibility of the combined group.</p>
 <p>Security becomes a shared responsibility, tightly integrated into the devops process. Security design, security reviews, and security responses all take place in the arena of continuous integration, testing and deployment. Automation of security monitoring and analysis is crucial, since there will be fewer opportunities for lengthy analysis of static systems in production given the fast pace of change inherent to continuous deployment.</p>
-<h2 id="containerised">Containerized operations need DevSecOps</h2>
-<p>The cloud-native preference for immutable containers means that security can never be addressed in production, but must be addressed in the source tree of the containers which are being deployed. Since all deployments are automated, the security design and review process must take place at the same time as development.</p>
-<p>Even the underlying infrastructure on which applications are deployed is likely to be software-defined infrastructure-as-code, with continuous deployment processes driving high speed change. So devsecops is necessary, all the way from the baseline infrastructure to the applications themselves.</p>
+<h2 id="containerised">Containerized operations require devsecops</h2>
+<p>A central shared repository of operators creates the opportunity for security reviews at a community level, bringing specialist perspectives which would not be available to every project in every organisation.</p>
+<p>The benefits of an open source approach are well understood; expertise is pooled, costs are reduced, security fixes are provided faster. These same benefits apply to operators which are of course software packages, even though their purpose is to drive operations.</p>
 <h2 id="quality">Reuse drives quality</h2>
-<p>A key benefit of the operator pattern is the ability to reuse operations logic. Reuse of code drives quality. The more scenarios in which operations logic is used, the more it reflects experience and insights. In the ideal case, an operator is used across many organisations so that it also provides the mechanism for sharing the cost of implementation across multiple parties, reducing the cost to each individual user.</p>
+<p>A key benefit of the operator pattern is the ability to reuse operations logic. Reuse of code drives quality. When ops code is reused in more scenarios, it reflects more experience and insights. In the ideal case, an operator is used across many organisations and many clouds so that the cost of implementation is shared across multiple parties, reducing the cost to each individual user.</p>
 <p>The Open Operator Collection is a community-driven approach to operator design and development. The collection is a portfolio of consistent operators, developed by vendors, open source leaders, and expert contributors. The goal is to bring diverse experience to reusable operations code for software components that are very widely shared.</p>
 <h2 id="sharing">Shared apps, shared operators, shared security</h2>
-<p>This also creates the opportunity to conduct security reviews at a community level, bringing specialist perspectives to bear which would not normally be available to every project in every organisation.</p>
+<p>A central shared repository of operators creates the opportunity for security reviews at a community level, bringing specialist perspectives which would not be available to every project in every organisation.</p>
 <p>The benefits of an open source approach are well understood; expertise is pooled, costs are reduced, security fixes are provided faster. These same benefits apply to operators which are of course software packages, even though their purpose is to drive operations.</p>
 <h3 id="open-source">Open source operators get more reviews</h3>
 <p>When an operator is developed as proprietary code inside an organisation, the only code reviews of that operator will be done in the team responsible. Open source operators have many more opportunities for inspection and analysis, which increase the likelihood of identifying problems and generating solutions.</p>
 <p>The Open Operator Manifesto, which shapes the work of the Open Operator Collection Community, requires source code for all operators to be available for such review.</p>
 <h3 id="expertise">Specialist expertise is shared</h3>
 <p>Security in particular is a subtle and challenging discipline. For every system in production there are many attack vectors that require different experience to analyse and address. This experience is both rare and expensive.</p>
-<p>A good software architecture applies defense-in-depth strategies to mitigate the consequences of a security lapse in one part of the system, but it remains the case that a single mistake can undo all of the good work of many in providing an adversary with an entrypoint to integrated systems. Unlike performance or reliability in software, simply addressing the top priority issue does not fundamentally secure a system when there are many lower-priority problems; it is necessary to close all the gaps, and quickly, to be confident in the integrity of a production system.</p>
+<p>A good software architecture applies defense-in-depth to mitigate the consequences of a security lapse in one part of the system, but it remains the case that a single mistake can undo all of the good work of many in providing an adversary with an entrypoint to integrated systems. Unlike performance or reliability in software, simply addressing the top priority issue does not fundamentally secure a system when there are many lower-priority problems; it is necessary to close all the gaps, and quickly, to be confident in the integrity of a production system.</p>
 <p>A community can draw upon specialist perspectives to harden the entire stack for the benefit of all its members and users. From kernel configuration to MAC-based security policies, from cryptography and key management to network security, an open source operator is more likely to reflect the state of the art than any single-vendor effort.</p>
 <p>Importantly, open source provides a level playing field for large and small organisations alike, both of which bring benefits to the community.</p>
-<h3 id="security">Rapid distribution of security fixes</h3>
+<h3 id="fixes">Rapid distribution of security fixes</h3>
 <p>Security issues are not fixed when a patch is available, they are fixed when the patch is in production.</p>
-<p>A critical characteristic of software delivery frameworks is the speed with which fixes move from being available to being in production. Many popular distribution mechanisms for software have a very poor track record of delivering fixes to production. Security research firm <a href="https://snyk.io/wp-content/uploads/helm-report.pdf" class="p-link--external">Snyk found systematic security problems in Helm charts</a> for example.</p>
+<p>A critical characteristic of software delivery frameworks is the speed with which fixes move from being available to being in production. Many popular distribution mechanisms for software have a poor track record of delivering fixes to production. Security research firm <a href="https://snyk.io/wp-content/uploads/helm-report.pdf" class="p-link--external">Snyk found systematic security problems in Helm charts</a> for example.</p>
 <p>The Juju operator lifecycle manager provides an efficient update distribution system. Progressive releases minimise the risk of a widespread update-related problem and increase user confidence in automated updates. As a result, many users choose to apply updates automatically, enhancing the security posture of the entire ecosystem.</p>
 <h2 id="cves">CVEs for operators</h2>
-<p>It is important for institutions to audit and report on their systems security standing. The global community of practitioners have come to rely on CVEs as a framework for tracking systematic issues in shared applications.</p>
-<p>The Open Operator Collection extends this idea to operator code. Security vulnerabilities in operators are treated with the same process of disclosure and fix distribution that applies to vendor applications and solutions.</p>
+<p>It is important for institutions to audit and report on their systems security standing. The global security community relies on CVEs as a framework for tracking systematic issues in shared applications.</p>
+<p>The Open Operator Collection extends this to operator code. Security vulnerabilities in operators are treated with the same process of disclosure and fix distribution as vendor applications and solutions.</p>
 <p>In addition, because operators drive workload updates and upgrades, it becomes possible in principle to have operators provide the audit function, enabling a consistent view of CVE coverage in a complex containerised estate.</p>
 <h2 id="compliance">Compliance</h2>
 <p>Ensuring compliance is essential for large organisations, but difficult in a fast-moving devops world. Regulated entities face a growing list of hard requirements - FIPS, HIPAA, CIS. These specify precise requirements for machine and container behaviour, and carry significant penalties if not met.</p>
-<p>Every organisation also has to meet internal standards for infrastructure and apps. When an application is being deployed widely off custom ops code, it is extremely difficult to ensure that every deployment meets expectations. Checklists and manuals depend on human judgment.</p>
+<p>Every organisation also has to meet internal standards for infrastructure and apps. When an application is being deployed widely off custom ops code, it is extremely difficult to ensure that every deployment meets expectations. Checklists and manuals depend on fallible human judgment.</p>
 <p>Operators greatly improve compliance consistency, audit and remediation.</p>
-<p>Since an operator contains all the logic of service instantiation, upgrade, integration and configuration, it can enforce compliance consistency. The Juju OLM allows placement of operators on specific machines, or all machines in the model, for the specific purpose of enforcing compliance with infrastructure standards such as CIS or FIPS.</p>
+<p>Since an operator contains all the logic of service instantiation, upgrade, integration and configuration, it can enforce compliance consistency. The Juju OLM allows placement of operators on specific machines, or all machines in the model, to enforce compliance with infrastructure standards such as CIS or FIPS.</p>
 <p>Juju’s unique ability to compose operators efficiently means that investments in compliance for a particular operator are returned in every single application graph where that operator is used. Rather than develop overly complex operators for entire scenarios, composition gets the benefits of focus, simplicity and reuse at the level of individual software components.</p>
 <p>Audit is improved because the Juju OLM supports actions on operators; reporting on specific compliance is thus codified in operator actions and can be invoked wherever a particular workload is deployed.</p>
 <p>Remediation takes place through the standard process of operator updates; since operators are distributed through a reliable global distribution infrastructure, improvements flow quickly to production systems with appropriate enterprise control.</p>

templates/about/hosted-olm.html

@@ -15,7 +15,7 @@ <h2 id="jaas">JAAS.ai is multi-cloud OLM as a service</h2>
 If you don’t want to run your own Juju controllers, you can get someone else to do it for you!
 </p>
 <p>
-The public site <a href="https://jaas.ai/" class="p-link--external">JAAS.ai</a> is a hosted Juju service that spans all the public clouds. Any user can login there and start to create models on their public cloud accounts or Kubernetes clusters. JAAS.ai supports both machine and Kubernetes models across the major public clouds. The service is run by Canonical on highly-available instances on each of the public clouds.
+The public site <a href="https://jaas.ai/" class="p-link--external">JAAS.ai</a> is a hosted Juju service that spans all the public clouds. Any user can login there and start to create models on their public cloud accounts or Kubernetes clusters. JAAS.ai supports both machine and Kubernetes models across all major public clouds. The service is run by Canonical on highly-available instances on each of the public clouds.
 </p>
 <h2 id="operators">Addressing operator sprawl</h2>
 <p>

templates/about/integration.html

@@ -35,7 +35,7 @@ <h2 id="unix">“Do one thing and do it well”</h2>
 <p>
 A community process is extremely effective at surfacing the range of possibilities and requirements for operator composition, so the Open Operator Collection serves as a single venue for discussions between operator designers and their users. Since composition is the key ingredient of efficiency, it is more valuable to have those conversations in a central location than to fragment the discussion across many forums.
 </p>
-<h2 id="integration">Integration with remote applications</h2>
+<h2 id="remote">Integration with remote applications</h2>
 <p>
 Typically, the entire scenario is captured in a single application graph in a single model. It is possible, however, for a large scenario to be split across several different models.
 </p>