Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Configurations, do you prove yours?

Configurations, do you prove yours?

How can we be sure of the continuous configuration management proper operation? How to expose factual topic-related reports to dev, sec, managers, customers...?

We believe that, in order to deliver the full business and collaboration value of continuous configuration management, the solution needs to go further than simply applying policies - it must ensure configuration reliability; prove historized application and status; share it to other teams; notify of any drift with a relevant context.

This talk will present why and how we should be concerned about transmitting factual measures on infrastructure management to all parties involved. We will also guide you through the journey to include a full-fledged reporting feature in a configuration management solution.

Alexandre Brianceau



June 12, 2019


  1. Configurations: Do you prove yours ? Main theme: Infrastructure automation

    Alexandre BRIANCEAU alexandre@rudder.io @abrianceau
  2. How are the servers doing? No error nor change in

    logs means success? Aren’t we missing something?
  3. Main challenges faced nowadays 3 DEV QA PRODUCTION RECOVERY DEV

    SEC OPS MGMT EXTERN Multiple teams, diluted expertise, harder reporting Heterogeneous systems, reduced visibility, ease of use and understanding
  4. Getting and understanding the info is complex Operators, Managers, Experts,

    APIs have differents needs Frustration if we need a third party to get data We mistrust what we don’t understand
  5. Definition Configuration management is a systems engineering process for establishing

    and maintaining consistency of a product [...] throughout its life. Configuration_management “
  6. How DevSecOps can help to understand? Culture Automation Share Measure

  7. Let's remember: What does configuration management do? configuration target state

    feedback configuration
  8. Let's remember: What does configuration management do? configuration target state

    feedback configuration feedback configuration feedback configuration
  9. Definition (again) Observability is a measure of how well internal

    states of a system can be inferred from knowledge of its external outputs. Observability “
  10. Monitoring VS Observability: having a factual & deep insight monitoring

    observability VS
  11. Why we need Observability in Configuration Management? Causality Agency Perspective

    trust and prove configuration states provide insights relevant to different needs help teams find the best levers for their job A B
  12. Let’s take an implementation example...

  13. These concepts are core to Rudder Everyone/thing can be an

    actor of configuration management
  14. Observability and how Rudder can prove the compliance? PARAM RULE

    • Id DIRECTIVE • Id • (Components) GROUP • Id RUDDER config (global) • Policy Mode • Schedule... NODE • Properties • Policy Mode • Schedule... Environmental context • Id : . . . • Generated : . . . Files Node configuration Historisation Historisation RUN • Reports • Reports • ... • ... METADATA • node id • config id • run timestamp RUN • Reports • Reports • ... • ... METADATA • node id • config id • run timestamp • Signature Get config Send configuration reports Expected reports (node id, config id, timestamp) Run reports Historisation Compliance historised Send expected reports Metadata • Integrity • Signature Config • For Rule R, Directive D1, Component C Event logs Change request
  15. What can we do with observability in configuration mgmt? 15

  16. Thank you ! Any questions ?