Upgrade to Pro — share decks privately, control downloads, hide ads and more …

What if configuration management didn't need to be lvl60 in dev?

Rudder
December 11, 2019
Technology
0
16

What if configuration management didn't need to be lvl60 in dev?

Server infrastructure automation is not simple. Several solutions have existed for several years and most of them rely on infra-as-code to achieve their mission. By the way, why infra-as-code?

And unfortunately, these solutions require strong development skills. So how can we do this when the infrastructure team does not have sufficient and, above all, homogeneous expertise? Because otherwise, beware of the "Guru Team" effect, or how the infrastructure automation to save time ends up with a huge SPOF because only one person in the team knows how it works....

I would like to discuss this together and introduce you to RUDDER briefly. RUDDER is a configuration management solution, and therefore infra-as-code, that allows you to automate your systems by relying entirely on a graphical interface to manage your configurations. Because the infrastructure is complex enough to add a layer!

Alexandre Brianceau
Paris Open Source Summit 2019

Rudder

December 11, 2019
Tweet

More Decks by Rudder

See All by Rudder
Hausse des cybermenaces lors des JO : êtes-vous suffisamment protégé ?
rudder
0
23
Adoptez une stratégie de patch management efficace adaptée à votre système d’information
rudder
0
32
Comment sécuriser son SI pour ne plus subir les attaques ?
rudder
0
35
Hardening systems: from a benchmark guide to meaningful compliance
rudder
0
24
Implementing configuration management primitives in 2024
rudder
0
16
Supply Chain Security in the Rust Ecosystem
rudder
0
12
Securing the software supply chain for infra management software
rudder
0
160
A journey from Configuration Management to Security of IT systems
rudder
0
49
Rudder: what is it and what makes it different?
rudder
0
110

Other Decks in Technology

See All in Technology
GoとアクターモデルでES+CQRSを実践! / proto_actor_es_cqrs
ytake
1
150
プレイドにおけるDatadog APMの活用方法
plaidtech
PRO
2
120
CTOから見た事業開発とプロダクト開発 / My Perspective on Business and Product Development as CTO
keisuke69
4
960
サーバーレスAPI(API Gateway+Lambda)とNext.jsで 個人ブログを作ろう!
shuntaka
PRO
0
560
累計ダウンロード数1億8000万を超えるアプリケーションプラットフォームのレガシーシステム脱却とモダン化への道
kmitsuhashi
0
120
開発と事業を繋ぐ!SREのオブザーバビリティ戦略 ~ Developers Summit 2024 Summer ~
leveragestech
0
620
RAGのサービスをリリースして1年3ヶ月が経ちました
segavvy
4
900
【基調講演】変える、今ここから ― IoTとAIで紡ぐ未来
soracom
PRO
0
310
テスト・設計研修【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
170
コンテナ・K8s研修 - 後半 Kubernetes 基礎&ハンズオン【MIXI 24新卒技術研修】
mixi_engineers
PRO
1
120
運用改善、不都合な真実 / 20240722-ssmjp-kaizen
opelab
17
8k
ペパボのオブザーバビリティ研修2024 説明資料
kesompochy
0
1.1k

Featured

See All Featured
Building Your Own Lightsaber
phodgson
101
5.9k
GitHub's CSS Performance
jonrohan
1026
450k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
662
120k
Fireside Chat
paigeccino
25
2.8k
Making the Leap to Tech Lead
cromwellryan
127
8.7k
RailsConf 2023
tenderlove
16
720
Infographics Made Easy
chrislema
238
18k
KATA
mclloyd
20
13k
Writing Fast Ruby
sferik
623
60k
Visualization
eitanlees
139
14k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
78
15k
Thoughts on Productivity
jonyablonski
64
4.1k

Transcript

  1. 10 & 11 DÉCEMBRE 2019 #OSSPARIS19 What if configuration management

    didn't need to be lvl60 in dev? Alexandre BRIANCEAU [email protected]

  2. • Everyone has authority over their activities and carries responsibilities:

    infrastructure is a cross-cutting concern ◦ IT Ops are directly concerned ◦ But so do the security teams ◦ Not to mention the application / dev teams ◦ Last but not least the management of course IT infrastructure and business

  3. IT infrastructure is enough complex... DEV QA PRODUCTION RECOVERY DEV

    SEC OPS MGMT EXTERN Multiple teams, differents values, diluted expertise, harder reporting Heterogeneous systems, reduced visibility, ease of use and understanding

  4. Full infrastructure-as-code is complex: • Learning is long, code maintenance

    is difficult • Not everyone involved in the infrastructure has the knowledge • Business still need relevant insights (reports, dashboards, context…) ...to avoid adding more complexity! Configuration management managed via code can split your teams and create knowledge silos (and therefore potential SPOFs)

  5. • Main issues: ◦ Systems complexity and heterogeneous infrastructures ◦

    Lack visibility and have blind spots ◦ Difficulties in having enough qualified people ◦ Collaboration between security and IT operational teams is difficult: ▪ non-aligned objectives ▪ different processes and technologies ▪ significant delays increasing reaction time IT Ops is a collaborative effort to align needs, objectives, values and technologies to effectively run & support IT production. IT infra management: team collaboration

  6. Automation makes it possible to make business goals real by

    allowing: ◦ To act quickly across all infrastructures by speeding up workflows ◦ To be 100% predictable and therefore reliable ◦ To centralize information, allow effective communication and ensure knowledge transfer ◦ To trace and log all events, report meaningful data and context to the teams with holistic and detailed informations ◦ To free up teams so that human intervention is valuable: analysis, decision-making, design, sharing Automation & DevSecOps

  7. 52% of organizations admit to cutting back on security measures

    to meet a business deadline or objective (source: ThreatStack survey) Some data applied to SecOps domain Half companies find that coordination between security and IT operations teams is challenging. (source: Forrester survey for BMC) Half of organizations cited that the absence of effective orchestration and automation is barrier (source: SANS SOC Survey for DFLabs)

  8. Open-source and French continuous configuration management solution for IT automation

    ➔ Do my servers have homogeneous configurations? ➔ How do I ensure that the application team does not break production at the next deployment? ➔ How to prove to CISO that the systems are secure?

  9. RUDDER & IT Ops landscape Business needs Operating System Versioned

    source code Applicative binaries Middleware App App App Server Agile methodology Continuous integration Continuous deployment Provisioning RUN DEV Installation & Configuration Updating & Patch Management Security & Risk Management Running & Incident resolution SUSE Manager SECURITY

  10. Ensure that the rules are applied

  11. Ensure that the risks are managed

  12. Give context to your teams

  13. Rudder: running principle 2. Configuration download 1. Target state definition

    3. Continuous local verification (+ Automatic fixing) 4. Continuous reporting Server App version XX.XX Port, services, general configurations... OS Configuration Users OpenSSH configuration...

  14. Collaboration to define compliance state

  15. Ensure that all your IT is compliant

  16. Fit to your workflows Sec Production Interns Ops Dev Externals

    audit - sudoers / logs validation workflow DMZ Compliance reporting

  17. IT automation & compliance for SecOps RUDDER in a nutshell

    • Automate and ensure that your IT systems are under control • Beyond auditing: act and remediate! • Give your teams quick feedbacks and contexts • Allow Sec & Ops team to collaborate in autonomy • Integrate with your workflows and your ecosystem:

  18. IT automation & compliance for SecOps Open-Source French Available on:

    More details: www.rudder.io & at the Stand C06 RUDDER in a nutshell

  19. 10 & 11 DÉCEMBRE 2019 #OSSPARIS19 What if configuration management

    didn't need to be lvl60 in dev? Alexandre BRIANCEAU [email protected]