Slides from Alexandre BRIANCEAU's talk at #OSSPARIS19 (Open Source Summit. Server infrastructure automation is not simple. Several solutions have existed for several years and most of them rely on infra-as-code to achieve their mission. By the way, why infra-as-code? And unfortunately, these solutions require strong development skills. So how can we do this when the infrastructure team does not have sufficient and, above all, homogeneous expertise? Because otherwise, beware of the "Guru Team" effect, or how the infrastructure automation to save time ends up with a huge SPOF because only one person in the team knows how it works.... I would like to discuss this together and introduce you to RUDDER briefly. RUDDER is a configuration management solution, and therefore infra-as-code, that allows you to automate your systems by relying entirely on a graphical interface to manage your configurations. Because the infrastructure is complex enough to add a layer!

1. 10 & 11
DÉCEMBRE
2019
#OSSPARIS19
What if configuration management
didn't need to be lvl60 in dev?
Alexandre BRIANCEAU
alexandre@rudder.io

2. ● Everyone has authority over their activities and carries
responsibilities: infrastructure is a cross-cutting concern
○ IT Ops are directly concerned
○ But so do the security teams
○ Not to mention the application / dev teams
○ Last but not least the management of course
IT infrastructure and business

3. IT infrastructure is enough complex...
DEV QA PRODUCTION RECOVERY
DEV SEC OPSMGMT EXTERN
Multiple teams, differents values, diluted expertise, harder reporting
Heterogeneous systems, reduced visibility, ease of use and understanding

4. Full infrastructure-as-code is complex:
● Learning is long, code maintenance is difficult
● Not everyone involved in the infrastructure has the
knowledge
● Business still need relevant insights (reports,
dashboards, context…)
...to avoid adding more complexity!
Configuration management managed via code can split your teams
and create knowledge silos (and therefore potential SPOFs)

5. ● Main issues:
○ Systems complexity and heterogeneous infrastructures
○ Lack visibility and have blind spots
○ Difficulties in having enough qualified people
○ Collaboration between security and IT operational teams is difficult:
■ non-aligned objectives
■ different processes and technologies
■ significant delays increasing reaction time
IT Ops is a collaborative effort to align needs, objectives, values and
technologies to effectively run & support IT production.
IT infra management: team collaboration

6. Automation makes it possible to make business goals real by allowing:
○ To act quickly across all infrastructures by speeding up workflows
○ To be 100% predictable and therefore reliable
○ To centralize information, allow effective communication and
ensure knowledge transfer
○ To trace and log all events, report meaningful data and context to
the teams with holistic and detailed informations
○ To free up teams so that human intervention is valuable: analysis,
decision-making, design, sharing
Automation & DevSecOps

7. 52% of organizations admit to cutting back on security measures to
meet a business deadline or objective (source: ThreatStack survey)
Some data applied to SecOps domain
Half companies find that coordination between security and IT
operations teams is challenging. (source: Forrester survey for BMC)
Half of organizations cited that the absence of effective
orchestration and automation is barrier (source: SANS SOC Survey for DFLabs)

8. Open-source and French continuous configuration
management solution for IT automation
➔ Do my servers have homogeneous
configurations?
➔ How do I ensure that the application
team does not break production at the
next deployment?
➔ How to prove to CISO that the systems
are secure?

9. RUDDER & IT Ops landscape
Business needs
Operating System
Versioned source code
Applicative binaries
Middleware
App App App
Server
Agile methodology
Continuous integration
Continuous deployment
Provisioning
RUNDEV
Installation & Configuration
Updating & Patch Management
Security & Risk Management
Running & Incident resolution
SUSE Manager
SECURITY

10. Ensure that the rules are applied

11. Ensure that the risks are managed

12. Give context to your teams

13. Rudder: running principle
2. Configuration
download
1. Target state definition
3. Continuous local verification
(+ Automatic fixing)
4. Continuous reporting Server
App version XX.XX
Port, services, general
configurations...
OS Configuration
Users
OpenSSH configuration...

14. Collaboration to define compliance state

15. Ensure that all your IT is compliant

16. Fit to your workflows
Sec
Production
Interns
OpsDev
Externals
audit - sudoers / logs
validation workflow
DMZ
Compliance
reporting

17. IT automation & compliance for SecOps
RUDDER in a nutshell
● Automate and ensure that your IT systems are under control
● Beyond auditing: act and remediate!
● Give your teams quick feedbacks and contexts
● Allow Sec & Ops team to collaborate in autonomy
● Integrate with your workflows and your ecosystem:

18. IT automation & compliance for SecOps
Open-Source French
Available on:
More details: www.rudder.io
& at the Stand C06
RUDDER in a nutshell

19. 10 & 11
DÉCEMBRE
2019
#OSSPARIS19
What if configuration management
didn't need to be lvl60 in dev?
Alexandre BRIANCEAU
alexandre@rudder.io