Rudder: what is it and what makes it different?

Transcript

1. Rudder
   What is it, and what makes it different?
   1
   

   View Slide

2. Outline
   This talk presents Rudder.
   It starts with an introduction to the tool, and continue with its recent evolutions
   

   View Slide

3. Introduction
   Nicolas CHARLES
   Head of Customer Service
   Co-founder of Rudder
   French
   Father
   

   View Slide

4. A Brief Overview
   4
   

   View Slide

5. All rights reserved
   Agnostic automation
   Asset management
   Automation features
   Continuous configuration
   Standard compliance
   General Architecture
   Multiplatform
   & Multi-OS
   

   View Slide

6. All rights reserved
   Node
   Management
   Multiplatform lightweight agent. A Node is a system with a
   rudder agent installed on it
   Each Node with an agent is automatically added to the
   environment and Rudder will recover all information from it.
   Agnostic automation
   Asset management
   Automation features
   Continuous configuration
   Standard compliance
   General Architecture
   

   View Slide

7. All rights reserved
   Full System
   Inventory
   Each Node has a dynamic inventory.
   Agnostic automation
   Asset management
   Automation features
   Continuous configuration
   Standard compliance
   General Architecture
   

   View Slide

8. All rights reserved
   Full System
   Inventory
   Each Node has a dynamic inventory.
   It can be extended with properties (key=value), optionally
   synced by REST API with other tools like CMDB.
   Agnostic automation
   Asset management
   Automation features
   Continuous configuration
   Standard compliance
   General Architecture
   

   View Slide

9. All rights reserved
   Groups Two group types: Dynamic or Static.
   With Dynamic group, you can add Node based on various
   criteria from inventory or custom properties from Nodes.
   Each group can have its own properties and nodes inherit their
   properties from the groups.
   Agnostic automation
   Asset management
   Automation features
   Continuous configuration
   Standard compliance
   General Architecture
   

   View Slide

10. All rights reserved
    Continuous
    Configuration
    Unlike orchestration tools, Rudder will keep your configuration up to date
    and in a targeted configuration state
    With Orchestration
    With Rudder
    You will always find your configuration as defined in the initial state.
    Agnostic automation
    Asset management
    Automation features
    Continuous configuration
    Standard compliance
    General Architecture
    

    View Slide

11. All rights reserved
    Rudder provide a graphical solution to build the desire state of
    configuration
    Visual
    configuration
    builder
    Agnostic automation
    Asset management
    Automation features
    Continuous configuration
    Standard compliance
    General Architecture
    

    View Slide

12. All rights reserved
    Audit or
    Enforce
    Two modes:
    ● The audit mode ensures that our configuration meets the
    requirements. It doesn't make any changes, it only makes a
    simple verification.
    ● The enforce mode will make changes only if the
    configuration does not match to what has been defined.
    This is known as remediation.
    Agnostic automation
    Asset management
    Automation features
    Continuous configuration
    Standard compliance
    General Architecture
    

    View Slide

13. All rights reserved
    Rudder
    Architecture
    Every 5 minutes, agents pull their configuration to the Rudder server, and
    perform a local checking.
    In Enforce mode, agent will automatically remediate all drift from desired
    configuration and report the new status.
    Agnostic automation
    Asset management
    Automation features
    Continuous configuration
    Standard compliance
    General Architecture
    

    View Slide

14. All rights reserved
    Rudder
    Node
    Push Mode Pull Mode
    - Manual Synchro Needed
    - Many Streams to Open
    - Network Availability
    + Asynchronous
    + Security Enhanced
    + Constant Conformity
    Agnostic automation
    Asset management
    Automation features
    Continuous configuration
    Standard compliance
    General Architecture
    

    View Slide

15. What’s new?
    15
    

    View Slide

16. Evolution toward operational security
    Rudder users can prove their compliance and improve their security posture
    

    View Slide

17. Evolution toward operational security
    Rudder users can prove their compliance and improve their security posture
    System administrators, cloud users and also security teams in charge of hardening will
    excel thanks to Rudder.
    Continuous hardening, control and audit of the Security Posture, application of
    security standard recommendations, patch management application can be fulfilled by
    Rudder.
    

    View Slide

18. All rights reserved
    In Rudder 7.x we introduced features around patch
    management:
    ● List available updates
    ● Full system updates
    Patch
    management
    Patch management
    Configuration
    synchronization
    YAML
    Improved compliance
    

    View Slide

19. All rights reserved
    In Rudder 7.2, we improved the synchronization of
    configuration between environments
    ● API to export an object with its dependent objects
    ○ Rule + Groups + Directives + Techniques
    ● API to import and replace said object
    In Rudder 7.3, option to import rules without groups
    Configurations
    Import/Export
    Patch management
    Configuration
    synchronization
    YAML
    Improved compliance
    

    View Slide

20. All rights reserved
    Rudder 7.3: transpiler from YAML to agent language
    ● Storage format for the Technique Editor
    ● Stable format for sharing/exporting/importing
    YAML
    Patch management
    Configuration
    synchronization
    YAML
    Improved compliance
    

    View Slide

21. All rights reserved
    Rudder 7.3: transpiler from YAML to agent language
    Based on rudderc component:
    ● Takes a YAML technique and local generic methods
    ● Validate the correctness of the technique
    ● Generates the content
    ● Provides a compile-and-run command to test the
    Technique, without a Rudder server
    YAML
    Patch management
    Configuration
    synchronization
    YAML
    Improved compliance
    

    View Slide

22. All rights reserved
    Rudder 7.3: Compliance per directive
    New tab on the Directive page for Compliance of the
    directive
    Improved
    compliance
    Patch management
    Configuration
    synchronization
    YAML
    Improved compliance
    

    View Slide

23. All rights reserved
    Rudder 7.3: Compliance per directive
    New tab on the Directive page for Compliance of the
    directive
    Exportable in CSV
    Improved
    compliance
    Patch management
    Configuration
    synchronization
    YAML
    Improved compliance
    

    View Slide

24. All rights reserved
    Rudder 8.x: Make compliance more useful
    Improved
    compliance I want to find out what is red on that node.
    Then, I want to find similar nodes - but I don't know
    what similar is, I need to explore.
    Next I need to choose relevant attributes to make
    the problem understandable - inventory parts,
    applied directives, etc
    Finally I want to export data in an
    actionable format - csv, xls, json
    Patch management
    Configuration
    synchronization
    YAML
    Improved compliance
    

    View Slide

25. All rights reserved
    Rudder 8.x: Explore & Extract non-compliance
    ○ query
    ● pull
    ● spanning several data providers
    ● homogeneous/powerful query language
    ● extensible backend
    ● structured, filtered result set
    ○ transversal security (authorizations)
    ● some data can not be viewed by some role
    ○ export in CSV / Excel / …
    Improved
    compliance
    Patch management
    Configuration
    synchronization
    YAML
    Improved compliance
    

    View Slide

26. All rights reserved
    Rudder 8.0: GraphQL
    ● Simple query language
    ● Works on patterns
    ● ask fields on objects
    ● no built-in boolean logic, etc
    ● Based on typed schema
    ● Backend agnostic, easily extendable
    ● Notion of authorization at data
    Improved
    compliance
    Patch management
    Configuration
    synchronization
    YAML
    Improved compliance
    

    View Slide

27. All rights reserved
    Rudder 8.0: GraphQL
    ● This is a BIG evolution
    ○ provide stable foundation for higher level needs
    ● Goals:
    ○ validate that it actually work for us
    ■ get performance data points & user
    feedbacks
    ○ expose low level engine as soon as 8.0
    ■ with some "Beta" warning sign
    ● scope for 8.0:
    ○ core schema
    ■ nodes, groups, directives, techniques, rules...
    ○ some queries on them
    ○ know how to extend
    Improved
    compliance
    Patch management
    Configuration
    synchronization
    YAML
    Improved compliance
    

    View Slide

28. Demo
    28
    

    View Slide