Rudder: what is it and what makes it different?

Transcript

1. Rudder What is it, and what makes it different? 1

2. Outline This talk presents Rudder. It starts with an introduction

   to the tool, and continue with its recent evolutions

3. Introduction Nicolas CHARLES Head of Customer Service Co-founder of Rudder

   French Father

4. A Brief Overview 4

5. All rights reserved Agnostic automation Asset management Automation features Continuous

   configuration Standard compliance General Architecture Multiplatform & Multi-OS

6. All rights reserved Node Management Multiplatform lightweight agent. A Node

   is a system with a rudder agent installed on it Each Node with an agent is automatically added to the environment and Rudder will recover all information from it. Agnostic automation Asset management Automation features Continuous configuration Standard compliance General Architecture

7. All rights reserved Full System Inventory Each Node has a

   dynamic inventory. Agnostic automation Asset management Automation features Continuous configuration Standard compliance General Architecture

8. All rights reserved Full System Inventory Each Node has a

   dynamic inventory. It can be extended with properties (key=value), optionally synced by REST API with other tools like CMDB. Agnostic automation Asset management Automation features Continuous configuration Standard compliance General Architecture

9. All rights reserved Groups Two group types: Dynamic or Static.

   With Dynamic group, you can add Node based on various criteria from inventory or custom properties from Nodes. Each group can have its own properties and nodes inherit their properties from the groups. Agnostic automation Asset management Automation features Continuous configuration Standard compliance General Architecture

10. All rights reserved Continuous Configuration Unlike orchestration tools, Rudder will

    keep your configuration up to date and in a targeted configuration state With Orchestration With Rudder You will always find your configuration as defined in the initial state. Agnostic automation Asset management Automation features Continuous configuration Standard compliance General Architecture

11. All rights reserved Rudder provide a graphical solution to build

    the desire state of configuration Visual configuration builder Agnostic automation Asset management Automation features Continuous configuration Standard compliance General Architecture

12. All rights reserved Audit or Enforce Two modes: • The

    audit mode ensures that our configuration meets the requirements. It doesn't make any changes, it only makes a simple verification. • The enforce mode will make changes only if the configuration does not match to what has been defined. This is known as remediation. Agnostic automation Asset management Automation features Continuous configuration Standard compliance General Architecture

13. All rights reserved Rudder Architecture Every 5 minutes, agents pull

    their configuration to the Rudder server, and perform a local checking. In Enforce mode, agent will automatically remediate all drift from desired configuration and report the new status. Agnostic automation Asset management Automation features Continuous configuration Standard compliance General Architecture

14. All rights reserved Rudder Node Push Mode Pull Mode -

    Manual Synchro Needed - Many Streams to Open - Network Availability + Asynchronous + Security Enhanced + Constant Conformity Agnostic automation Asset management Automation features Continuous configuration Standard compliance General Architecture

15. What’s new? 15

16. Evolution toward operational security Rudder users can prove their compliance

    and improve their security posture

17. Evolution toward operational security Rudder users can prove their compliance

    and improve their security posture System administrators, cloud users and also security teams in charge of hardening will excel thanks to Rudder. Continuous hardening, control and audit of the Security Posture, application of security standard recommendations, patch management application can be fulfilled by Rudder.

18. All rights reserved In Rudder 7.x we introduced features around

    patch management: • List available updates • Full system updates Patch management Patch management Configuration synchronization YAML Improved compliance

19. All rights reserved In Rudder 7.2, we improved the synchronization

    of configuration between environments • API to export an object with its dependent objects ◦ Rule + Groups + Directives + Techniques • API to import and replace said object In Rudder 7.3, option to import rules without groups Configurations Import/Export Patch management Configuration synchronization YAML Improved compliance

20. All rights reserved Rudder 7.3: transpiler from YAML to agent

    language • Storage format for the Technique Editor • Stable format for sharing/exporting/importing YAML Patch management Configuration synchronization YAML Improved compliance

21. All rights reserved Rudder 7.3: transpiler from YAML to agent

    language Based on rudderc component: • Takes a YAML technique and local generic methods • Validate the correctness of the technique • Generates the content • Provides a compile-and-run command to test the Technique, without a Rudder server YAML Patch management Configuration synchronization YAML Improved compliance

22. All rights reserved Rudder 7.3: Compliance per directive New tab

    on the Directive page for Compliance of the directive Improved compliance Patch management Configuration synchronization YAML Improved compliance

23. All rights reserved Rudder 7.3: Compliance per directive New tab

    on the Directive page for Compliance of the directive Exportable in CSV Improved compliance Patch management Configuration synchronization YAML Improved compliance

24. All rights reserved Rudder 8.x: Make compliance more useful Improved

    compliance I want to find out what is red on that node. Then, I want to find similar nodes - but I don't know what similar is, I need to explore. Next I need to choose relevant attributes to make the problem understandable - inventory parts, applied directives, etc Finally I want to export data in an actionable format - csv, xls, json Patch management Configuration synchronization YAML Improved compliance

25. All rights reserved Rudder 8.x: Explore & Extract non-compliance ◦

    query • pull • spanning several data providers • homogeneous/powerful query language • extensible backend • structured, filtered result set ◦ transversal security (authorizations) • some data can not be viewed by some role ◦ export in CSV / Excel / … Improved compliance Patch management Configuration synchronization YAML Improved compliance

26. All rights reserved Rudder 8.0: GraphQL • Simple query language

    • Works on patterns • ask fields on objects • no built-in boolean logic, etc • Based on typed schema • Backend agnostic, easily extendable • Notion of authorization at data Improved compliance Patch management Configuration synchronization YAML Improved compliance

27. All rights reserved Rudder 8.0: GraphQL • This is a

    BIG evolution ◦ provide stable foundation for higher level needs • Goals: ◦ validate that it actually work for us ▪ get performance data points & user feedbacks ◦ expose low level engine as soon as 8.0 ▪ with some "Beta" warning sign • scope for 8.0: ◦ core schema ▪ nodes, groups, directives, techniques, rules... ◦ some queries on them ◦ know how to extend Improved compliance Patch management Configuration synchronization YAML Improved compliance

28. Demo 28