Upgrade to Pro — share decks privately, control downloads, hide ads and more …

What if configuration management didn't need to...

Rudder
December 11, 2019
Technology
0
18

What if configuration management didn't need to be lvl60 in dev?

Server infrastructure automation is not simple. Several solutions have existed for several years and most of them rely on infra-as-code to achieve their mission. By the way, why infra-as-code?

And unfortunately, these solutions require strong development skills. So how can we do this when the infrastructure team does not have sufficient and, above all, homogeneous expertise? Because otherwise, beware of the "Guru Team" effect, or how the infrastructure automation to save time ends up with a huge SPOF because only one person in the team knows how it works....

I would like to discuss this together and introduce you to RUDDER briefly. RUDDER is a configuration management solution, and therefore infra-as-code, that allows you to automate your systems by relying entirely on a graphical interface to manage your configurations. Because the infrastructure is complex enough to add a layer!

Alexandre Brianceau
Paris Open Source Summit 2019

Rudder

December 11, 2019
Tweet

More Decks by Rudder

See All by Rudder
Hausse des cybermenaces lors des JO : êtes-vous suffisamment protégé ?
rudder
0
26
Adoptez une stratégie de patch management efficace adaptée à votre système d’information
rudder
0
48
Comment sécuriser son SI pour ne plus subir les attaques ?
rudder
0
50
Hardening systems: from a benchmark guide to meaningful compliance
rudder
0
26
Implementing configuration management primitives in 2024
rudder
0
20
Supply Chain Security in the Rust Ecosystem
rudder
0
16
Securing the software supply chain for infra management software
rudder
0
180
A journey from Configuration Management to Security of IT systems
rudder
0
50
Rudder: what is it and what makes it different?
rudder
0
130

Other Decks in Technology

See All in Technology
AWS Lambdaと歩んだ“サーバーレス”と今後 #lambda_10years
yoshidashingo
1
170
Shopifyアプリ開発における Shopifyの機能活用
sonatard
4
250
【若手エンジニア応援LT会】ソフトウェアを学んできた私がインフラエンジニアを目指した理由
kazushi_ohata
0
150
OCI Vault 概要
oracle4engineer
PRO
0
9.7k
ISUCONに強くなるかもしれない日々の過ごしかた/Findy ISUCON 2024-11-14
fujiwara3
8
870
The Role of Developer Relations in AI Product Success.
giftojabu1
0
120
Why does continuous profiling matter to developers? #appdevelopercon
salaboy
0
180
隣接領域をBeyondするFinatextのエンジニア組織設計 / beyond-engineering-areas
stajima
1
270
Making your applications cross-environment - OSCG 2024 NA
salaboy
0
180
透過型SMTPプロキシによる送信メールの可観測性向上: Update Edition / Improved observability of outgoing emails with transparent smtp proxy: Update edition
linyows
2
210
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.1k
初心者向けAWS Securityの勉強会mini Security-JAWSを9ヶ月ぐらい実施してきての近況
cmusudakeisuke
0
120

Featured

See All Featured
Music & Morning Musume
bryan
46
6.2k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
Designing on Purpose - Digital PM Summit 2013
jponch
115
7k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Mobile First: as difficult as doing things right
swwweet
222
8.9k
BBQ
matthewcrist
85
9.3k
Being A Developer After 40
akosma
86
590k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.7k
Into the Great Unknown - MozCon
thekraken
32
1.5k
A Modern Web Designer's Workflow
chriscoyier
693
190k
Navigating Team Friction
lara
183
14k

Transcript

  1. 10 & 11 DÉCEMBRE 2019 #OSSPARIS19 What if configuration management

    didn't need to be lvl60 in dev? Alexandre BRIANCEAU [email protected]

  2. • Everyone has authority over their activities and carries responsibilities:

    infrastructure is a cross-cutting concern ◦ IT Ops are directly concerned ◦ But so do the security teams ◦ Not to mention the application / dev teams ◦ Last but not least the management of course IT infrastructure and business

  3. IT infrastructure is enough complex... DEV QA PRODUCTION RECOVERY DEV

    SEC OPS MGMT EXTERN Multiple teams, differents values, diluted expertise, harder reporting Heterogeneous systems, reduced visibility, ease of use and understanding

  4. Full infrastructure-as-code is complex: • Learning is long, code maintenance

    is difficult • Not everyone involved in the infrastructure has the knowledge • Business still need relevant insights (reports, dashboards, context…) ...to avoid adding more complexity! Configuration management managed via code can split your teams and create knowledge silos (and therefore potential SPOFs)

  5. • Main issues: ◦ Systems complexity and heterogeneous infrastructures ◦

    Lack visibility and have blind spots ◦ Difficulties in having enough qualified people ◦ Collaboration between security and IT operational teams is difficult: ▪ non-aligned objectives ▪ different processes and technologies ▪ significant delays increasing reaction time IT Ops is a collaborative effort to align needs, objectives, values and technologies to effectively run & support IT production. IT infra management: team collaboration

  6. Automation makes it possible to make business goals real by

    allowing: ◦ To act quickly across all infrastructures by speeding up workflows ◦ To be 100% predictable and therefore reliable ◦ To centralize information, allow effective communication and ensure knowledge transfer ◦ To trace and log all events, report meaningful data and context to the teams with holistic and detailed informations ◦ To free up teams so that human intervention is valuable: analysis, decision-making, design, sharing Automation & DevSecOps

  7. 52% of organizations admit to cutting back on security measures

    to meet a business deadline or objective (source: ThreatStack survey) Some data applied to SecOps domain Half companies find that coordination between security and IT operations teams is challenging. (source: Forrester survey for BMC) Half of organizations cited that the absence of effective orchestration and automation is barrier (source: SANS SOC Survey for DFLabs)

  8. Open-source and French continuous configuration management solution for IT automation

    ➔ Do my servers have homogeneous configurations? ➔ How do I ensure that the application team does not break production at the next deployment? ➔ How to prove to CISO that the systems are secure?

  9. RUDDER & IT Ops landscape Business needs Operating System Versioned

    source code Applicative binaries Middleware App App App Server Agile methodology Continuous integration Continuous deployment Provisioning RUN DEV Installation & Configuration Updating & Patch Management Security & Risk Management Running & Incident resolution SUSE Manager SECURITY

  10. Ensure that the rules are applied

  11. Ensure that the risks are managed

  12. Give context to your teams

  13. Rudder: running principle 2. Configuration download 1. Target state definition

    3. Continuous local verification (+ Automatic fixing) 4. Continuous reporting Server App version XX.XX Port, services, general configurations... OS Configuration Users OpenSSH configuration...

  14. Collaboration to define compliance state

  15. Ensure that all your IT is compliant

  16. Fit to your workflows Sec Production Interns Ops Dev Externals

    audit - sudoers / logs validation workflow DMZ Compliance reporting

  17. IT automation & compliance for SecOps RUDDER in a nutshell

    • Automate and ensure that your IT systems are under control • Beyond auditing: act and remediate! • Give your teams quick feedbacks and contexts • Allow Sec & Ops team to collaborate in autonomy • Integrate with your workflows and your ecosystem:

  18. IT automation & compliance for SecOps Open-Source French Available on:

    More details: www.rudder.io & at the Stand C06 RUDDER in a nutshell

  19. 10 & 11 DÉCEMBRE 2019 #OSSPARIS19 What if configuration management

    didn't need to be lvl60 in dev? Alexandre BRIANCEAU [email protected]