Policy as Code

A97a75c945507f70992f579a730b0657?s=47 Doug Barth
November 14, 2014

Policy as Code

DevOpsDays Vancouver 2014
Video: http://youtu.be/QEfS0z_iPoo?t=34m1s

Most organizations choose to centralize resource and policy management to make managing it easier. That centralization brings with it some challenges: single points of failure, scaling, etc. Using DevOps practices like configuration management, we have the opportunity to try a different route.

In this talk, we'll discuss why PagerDuty chose to distribute our policy management. We'll look at how we skipped LDAP and distributed user management. We will cover our firewall automation which produces a perfect firewall tailored to each instance. We will profess our love for HAProxy which intelligently balances traffic between our ever changing service layers. We will discuss how we created a point to point IPSec mesh to secure our network traffic. We will discuss how this architecture is working so far and how we plan to improve the experience in the future.

After hearing this talk, I hope to have convinced attendees that implementing policy controls does not require centralized hardware. Treating the policy like code that can be replicated trivially produces a more stable system that is still just as easy to manage, and is architecturally superior.


Doug Barth

November 14, 2014