Slides from Alexandre BRIANCEAU's talk at #OSSPARIS19 (Open Source Summit.
Server infrastructure automation is not simple. Several solutions have existed for several years and most of them rely on infra-as-code to achieve their mission. By the way, why infra-as-code?
And unfortunately, these solutions require strong development skills. So how can we do this when the infrastructure team does not have sufficient and, above all, homogeneous expertise? Because otherwise, beware of the "Guru Team" effect, or how the infrastructure automation to save time ends up with a huge SPOF because only one person in the team knows how it works....
I would like to discuss this together and introduce you to RUDDER briefly. RUDDER is a configuration management solution, and therefore infra-as-code, that allows you to automate your systems by relying entirely on a graphical interface to manage your configurations. Because the infrastructure is complex enough to add a layer!
2. ● Everyone has authority over their activities and carries
responsibilities: infrastructure is a cross-cutting concern
○ IT Ops are directly concerned
○ But so do the security teams
○ Not to mention the application / dev teams
○ Last but not least the management of course
IT infrastructure and business
3. IT infrastructure is enough complex...
DEV QA PRODUCTION RECOVERY
DEV SEC OPSMGMT EXTERN
Multiple teams, differents values, diluted expertise, harder reporting
Heterogeneous systems, reduced visibility, ease of use and understanding
4. Full infrastructure-as-code is complex:
● Learning is long, code maintenance is difficult
● Not everyone involved in the infrastructure has the
knowledge
● Business still need relevant insights (reports,
dashboards, context…)
...to avoid adding more complexity!
Configuration management managed via code can split your teams
and create knowledge silos (and therefore potential SPOFs)
5. ● Main issues:
○ Systems complexity and heterogeneous infrastructures
○ Lack visibility and have blind spots
○ Difficulties in having enough qualified people
○ Collaboration between security and IT operational teams is difficult:
■ non-aligned objectives
■ different processes and technologies
■ significant delays increasing reaction time
IT Ops is a collaborative effort to align needs, objectives, values and
technologies to effectively run & support IT production.
IT infra management: team collaboration
6. Automation makes it possible to make business goals real by allowing:
○ To act quickly across all infrastructures by speeding up workflows
○ To be 100% predictable and therefore reliable
○ To centralize information, allow effective communication and
ensure knowledge transfer
○ To trace and log all events, report meaningful data and context to
the teams with holistic and detailed informations
○ To free up teams so that human intervention is valuable: analysis,
decision-making, design, sharing
Automation & DevSecOps
7. 52% of organizations admit to cutting back on security measures to
meet a business deadline or objective (source: ThreatStack survey)
Some data applied to SecOps domain
Half companies find that coordination between security and IT
operations teams is challenging. (source: Forrester survey for BMC)
Half of organizations cited that the absence of effective
orchestration and automation is barrier (source: SANS SOC Survey for DFLabs)
8. Open-source and French continuous configuration
management solution for IT automation
➔ Do my servers have homogeneous
configurations?
➔ How do I ensure that the application
team does not break production at the
next deployment?
➔ How to prove to CISO that the systems
are secure?
16. Fit to your workflows
Sec
Production
Interns
OpsDev
Externals
audit - sudoers / logs
validation workflow
DMZ
Compliance
reporting
17. IT automation & compliance for SecOps
RUDDER in a nutshell
● Automate and ensure that your IT systems are under control
● Beyond auditing: act and remediate!
● Give your teams quick feedbacks and contexts
● Allow Sec & Ops team to collaborate in autonomy
● Integrate with your workflows and your ecosystem:
18. IT automation & compliance for SecOps
Open-Source French
Available on:
More details: www.rudder.io
& at the Stand C06
RUDDER in a nutshell