Upgrade to Pro — share decks privately, control downloads, hide ads and more …

What if configuration management didn't need to be lvl60 in dev?

7d9785e3bdceb2d9e86dabcfb77b1686?s=47 Rudder
December 11, 2019

What if configuration management didn't need to be lvl60 in dev?

Server infrastructure automation is not simple. Several solutions have existed for several years and most of them rely on infra-as-code to achieve their mission. By the way, why infra-as-code?

And unfortunately, these solutions require strong development skills. So how can we do this when the infrastructure team does not have sufficient and, above all, homogeneous expertise? Because otherwise, beware of the "Guru Team" effect, or how the infrastructure automation to save time ends up with a huge SPOF because only one person in the team knows how it works....

I would like to discuss this together and introduce you to RUDDER briefly. RUDDER is a configuration management solution, and therefore infra-as-code, that allows you to automate your systems by relying entirely on a graphical interface to manage your configurations. Because the infrastructure is complex enough to add a layer!

Alexandre Brianceau
Paris Open Source Summit 2019

7d9785e3bdceb2d9e86dabcfb77b1686?s=128

Rudder

December 11, 2019
Tweet

Transcript

  1. 10 & 11 DÉCEMBRE 2019 #OSSPARIS19 What if configuration management

    didn't need to be lvl60 in dev? Alexandre BRIANCEAU alexandre@rudder.io
  2. • Everyone has authority over their activities and carries responsibilities:

    infrastructure is a cross-cutting concern ◦ IT Ops are directly concerned ◦ But so do the security teams ◦ Not to mention the application / dev teams ◦ Last but not least the management of course IT infrastructure and business
  3. IT infrastructure is enough complex... DEV QA PRODUCTION RECOVERY DEV

    SEC OPS MGMT EXTERN Multiple teams, differents values, diluted expertise, harder reporting Heterogeneous systems, reduced visibility, ease of use and understanding
  4. Full infrastructure-as-code is complex: • Learning is long, code maintenance

    is difficult • Not everyone involved in the infrastructure has the knowledge • Business still need relevant insights (reports, dashboards, context…) ...to avoid adding more complexity! Configuration management managed via code can split your teams and create knowledge silos (and therefore potential SPOFs)
  5. • Main issues: ◦ Systems complexity and heterogeneous infrastructures ◦

    Lack visibility and have blind spots ◦ Difficulties in having enough qualified people ◦ Collaboration between security and IT operational teams is difficult: ▪ non-aligned objectives ▪ different processes and technologies ▪ significant delays increasing reaction time IT Ops is a collaborative effort to align needs, objectives, values and technologies to effectively run & support IT production. IT infra management: team collaboration
  6. Automation makes it possible to make business goals real by

    allowing: ◦ To act quickly across all infrastructures by speeding up workflows ◦ To be 100% predictable and therefore reliable ◦ To centralize information, allow effective communication and ensure knowledge transfer ◦ To trace and log all events, report meaningful data and context to the teams with holistic and detailed informations ◦ To free up teams so that human intervention is valuable: analysis, decision-making, design, sharing Automation & DevSecOps
  7. 52% of organizations admit to cutting back on security measures

    to meet a business deadline or objective (source: ThreatStack survey) Some data applied to SecOps domain Half companies find that coordination between security and IT operations teams is challenging. (source: Forrester survey for BMC) Half of organizations cited that the absence of effective orchestration and automation is barrier (source: SANS SOC Survey for DFLabs)
  8. Open-source and French continuous configuration management solution for IT automation

    ➔ Do my servers have homogeneous configurations? ➔ How do I ensure that the application team does not break production at the next deployment? ➔ How to prove to CISO that the systems are secure?
  9. RUDDER & IT Ops landscape Business needs Operating System Versioned

    source code Applicative binaries Middleware App App App Server Agile methodology Continuous integration Continuous deployment Provisioning RUN DEV Installation & Configuration Updating & Patch Management Security & Risk Management Running & Incident resolution SUSE Manager SECURITY
  10. Ensure that the rules are applied

  11. Ensure that the risks are managed

  12. Give context to your teams

  13. Rudder: running principle 2. Configuration download 1. Target state definition

    3. Continuous local verification (+ Automatic fixing) 4. Continuous reporting Server App version XX.XX Port, services, general configurations... OS Configuration Users OpenSSH configuration...
  14. Collaboration to define compliance state

  15. Ensure that all your IT is compliant

  16. Fit to your workflows Sec Production Interns Ops Dev Externals

    audit - sudoers / logs validation workflow DMZ Compliance reporting
  17. IT automation & compliance for SecOps RUDDER in a nutshell

    • Automate and ensure that your IT systems are under control • Beyond auditing: act and remediate! • Give your teams quick feedbacks and contexts • Allow Sec & Ops team to collaborate in autonomy • Integrate with your workflows and your ecosystem:
  18. IT automation & compliance for SecOps Open-Source French Available on:

    More details: www.rudder.io & at the Stand C06 RUDDER in a nutshell
  19. 10 & 11 DÉCEMBRE 2019 #OSSPARIS19 What if configuration management

    didn't need to be lvl60 in dev? Alexandre BRIANCEAU alexandre@rudder.io