Northrop Grumman, Ford prep AI infrastructure with OpenShift
The defense contractor leaned on OpenShift AI and GitOps as it installed a 30,000-core GPU farm, while the automaker established workload identity federation across clouds.
ATLANTA – For two major enterprises, implementing AI infrastructure first depends on a strong base in IT automation at scale.
That was the message from speakers from aerospace defense contractor Northrop Grumman and automaker Ford Motor Company during Red Hat's OpenShift Commons co-located event here during KubeCon + CloudNativeCon 2025 this week. Each company's representatives presented on how their internal developer platforms have evolved to deliver hands-off automation consistently across multiple cloud and data center environments, which will form the substrate for each company's AI infrastructure.
"For AI to be successful, we need a foundational infrastructure … that is self-healing, to a certain extent, and always up to date," said Satish Puranam, technical leader and manager of cloud at Ford, during a Q&A at the end of his presentation.
Northrop Grumman's GitOps aids on-prem setup
At Northrop Grumman, the adoption of infrastructure as code and GitOps on OpenShift beginning in 2020 brought order to a "Wild West" environment. It also guided recent efforts by IT teams to set up a 30,000-core on-premises GPU farm within three months this year.
The company worked with a vendor consortium led by Dell, which assembled an infrastructure stack with Dell servers and switches, Nvidia GPUs, Red Hat OpenShift AI and DDN data storage, according to co-presenter Joseph McConnell, infrastructure automation center of excellence lead at Northrop Grumman, during a Q&A session at the end of his Commons presentation.
"We're working with Dell, in particular, with our future tech group, to create what we're calling a single SKU, so we'll have a standardized environment with all the devices that we need … as well as all the licensing," McConnell said. "We'll be deploying a bunch of these in different environments, and those will all be managed by different programs."
Randy Ellefsen (left) and Joseph McConnell of Northrop Grumman present at Red Hat OpenShift Commons 2025.
For the enterprise Kubernetes team, setting up its first on-premises GPU cluster this year was a significant milestone, said Randy Ellefsen, staff information systems analyst at Northrop Grumman, who co-presented with McConnell.
"We've been in the cloud for a while, so we aren't used to dealing with hardware," Ellefsen said during the session Q&A. "Sometimes hardware shows up broken -- we're used to software problems, so dealing with all that was interesting."
The team’s efforts to streamline Kubernetes cluster and application setup in the cloud using OpenShift, Argo CD and a custom infrastructure-as-code workflow based on Bash scripts were essential for adding software layers to the GPU farm, Ellefsen said during an interview with Informa TechTarget after the presentation.
"Our current GitOps process largely impacted how we deployed this particular cluster," Ellefsen said. "We use it ourselves to build out our cluster, but for our customers that are using the cluster, we also install a CI/CD pipeline with Tekton and Argo CD."
There were some nuances in setting up hardware initially and some deviations from the standard process when working with partners who weren't as familiar with the company's internal tools. However, like the single-SKU hardware design, GitOps workflows will make it easier to repeat the process as the environment expands, Ellefsen said.
Ford drives identity federation for workloads
Satish Puranam, technical leader and manager of cloud at Ford, presents at Red Hat OpenShift Commons 2025.
Like Northrop Grumman, "everything-as-code" has become a fundamental part of Ford's cloud platform, according to Puranam's presentation.
"Since the beginning of this year and late last year, everything that my teams do is code," Puranam said. "If it is not code, you're not allowed to be on the platform."
That includes pipelines, infrastructure as code, policy as code, secrets and certificates, all of which are managed and provisioned programmatically, according to a presentation slide. Removing manual human processes -- as well as usernames and passwords -- is crucial to removing blockers to automation. This is crucial in a platform that comprises more than 25 hosting environments, ranging from manufacturing plants to data centers and public clouds, with over 200 clusters and 25,000 namespaces serving more than 3,000 application teams, Puranam said.
Everything in our system starts with an identity.
Satish PuranamTechnical leader & manager, Ford
"The goal is to reduce [developers'] learning curve [and] run diverse infrastructure at diverse locations using a single abstraction pattern," Puranam said. "The most important aspect of it is that it can't stress security enough … and everything in our system starts with an identity."
To manage identities for each application, product and project within the platform, Ford has integrated OpenID Connect authentication using Microsoft's Entra ID. This allows developers to authenticate users across websites and apps without needing to maintain password files. Ford also utilizes CyberArk's workload identity federation to handle short-lived tokens that each entity uses for authentication and authorization when accessing systems.
As AI enters the picture, federated identity and access management for LLM- and agent-based workloads will be crucial to safeguard the platform, Puranam said during a Q&A session at the end of the presentation.
"AI systems are integrated systems, so you need a way to actually govern who has access, what they have access to, using what credentials," he said. "Once you have those foundational elements, AI becomes much more approachable and safe, because you do not want it to hallucinate at some point and [affect] your entire cluster."
Beth Pariseau, a senior news writer for Informa TechTarget, is an award-winning veteran of IT journalism covering DevOps. Have a tip? Email her or reach out @PariseauTT.
