Teyo Tyree's slides from GOSCON 2010. He covers the benefits for a modern approach to systems management and compliance and the key advantages of a model-driven approach to configuration management.
12. Puppet: A New Approach
★ Is a model driven framework to centrally manage IT systems.
Wednesday, December 15, 2010
13. Puppet: A New Approach
★ Is a model driven framework to centrally manage IT systems.
★ Enforces consistent, known secure, configurations of target
systems.
Wednesday, December 15, 2010
14. Puppet: A New Approach
★ Is a model driven framework to centrally manage IT systems.
★ Enforces consistent, known secure, configurations of target
systems.
★ Enables cross-functional collaboration within IT.
Wednesday, December 15, 2010
15. Puppet: A New Approach
★ Is a model driven framework to centrally manage IT systems.
★ Enforces consistent, known secure, configurations of target
systems.
★ Enables cross-functional collaboration within IT.
★ Enables reuse of service configurations across departments
and organizations.
Wednesday, December 15, 2010
16. Puppet: a framework for configuration
management
Wednesday, December 15, 2010
18. A Language for Collaboration: DevOps
Today: 99% of IT Silo’d Managed With Puppet
Team OS Team App Team Config Team Sec SOX LAMP RAILS
Puppet = dev/ops/sec
Config
OS App Config Security
OS App Config
Wednesday, December 15, 2010
22. Advantages?
★ Puppet enforced policies can be applied over and over again.
Wednesday, December 15, 2010
23. Advantages?
★ Puppet enforced policies can be applied over and over again.
★ Policies can be expressed as the desired state (not how to get
there).
Wednesday, December 15, 2010
24. Advantages?
★ Puppet enforced policies can be applied over and over again.
★ Policies can be expressed as the desired state (not how to get
there).
★ Puppet’s enforced policies can be context sensitive.
Wednesday, December 15, 2010
25. Advantages?
★ Puppet enforced policies can be applied over and over again.
★ Policies can be expressed as the desired state (not how to get
there).
★ Puppet’s enforced policies can be context sensitive.
★ Puppet provides a log history over the lifecycle of a system.
Wednesday, December 15, 2010
26. Advantages?
★ Puppet enforced policies can be applied over and over again.
★ Policies can be expressed as the desired state (not how to get
there).
★ Puppet’s enforced policies can be context sensitive.
★ Puppet provides a log history over the lifecycle of a system.
★ Operates at cloud scale.
Wednesday, December 15, 2010
27. With Puppet, auditing and remediation is a
single automated configuration task.
Wednesday, December 15, 2010
30. Puppet and SCAP
★ Current SCAP tools are auditing only.
Wednesday, December 15, 2010
31. Puppet and SCAP
★ Current SCAP tools are auditing only.
★ Remediation tools are Windows only.
Wednesday, December 15, 2010
32. Puppet and SCAP
★ Current SCAP tools are auditing only.
★ Remediation tools are Windows only.
★ Puppet provides auditing and remediation in a single step.
Wednesday, December 15, 2010
33. Puppet and SCAP
★ Current SCAP tools are auditing only.
★ Remediation tools are Windows only.
★ Puppet provides auditing and remediation in a single step.
★ Puppet is being used for configuration and security management
across government agencies.
Wednesday, December 15, 2010
34. Puppet and SCAP
★ Current SCAP tools are auditing only.
★ Remediation tools are Windows only.
★ Puppet provides auditing and remediation in a single step.
★ Puppet is being used for configuration and security management
across government agencies.
★ Puppet currently support AIX, HP-UX, LINUX, Mac OS X.
Wednesday, December 15, 2010
35. Puppet and SCAP
★ Current SCAP tools are auditing only.
★ Remediation tools are Windows only.
★ Puppet provides auditing and remediation in a single step.
★ Puppet is being used for configuration and security management
across government agencies.
★ Puppet currently support AIX, HP-UX, LINUX, Mac OS X.
★ Broadly adopted outside of GOV.
Wednesday, December 15, 2010
37. Puppet and OVAL/ORVL
★ Puppet provides a high level auditing and configuration
management language.
Wednesday, December 15, 2010
38. Puppet and OVAL/ORVL
★ Puppet provides a high level auditing and configuration
management language.
★ Each managed element is represented as an abstract resource.
Wednesday, December 15, 2010
39. Puppet and OVAL/ORVL
★ Puppet provides a high level auditing and configuration
management language.
★ Each managed element is represented as an abstract resource.
★ Puppet is well suited and widely deployed for configuration
management, security compliance is a subset of overall
configuration management.
Wednesday, December 15, 2010
40. Puppet and OVAL/ORVL
★ Puppet provides a high level auditing and configuration
management language.
★ Each managed element is represented as an abstract resource.
★ Puppet is well suited and widely deployed for configuration
management, security compliance is a subset of overall
configuration management.
★ Puppet Language is machine parse-able and the compiled catalog
of resources cleanly represents the desired state of each resource
on a system.
Wednesday, December 15, 2010
41. Puppet and OVAL/ORVL
★ Puppet provides a high level auditing and configuration
management language.
★ Each managed element is represented as an abstract resource.
★ Puppet is well suited and widely deployed for configuration
management, security compliance is a subset of overall
configuration management.
★ Puppet Language is machine parse-able and the compiled catalog
of resources cleanly represents the desired state of each resource
on a system.
★ Each resource is audited for state and the result of that audit is
logged as an event.
Wednesday, December 15, 2010
42. Puppet and OVAL/ORVL
★ Puppet provides a high level auditing and configuration
management language.
★ Each managed element is represented as an abstract resource.
★ Puppet is well suited and widely deployed for configuration
management, security compliance is a subset of overall
configuration management.
★ Puppet Language is machine parse-able and the compiled catalog
of resources cleanly represents the desired state of each resource
on a system.
★ Each resource is audited for state and the result of that audit is
logged as an event.
★ High level Puppet language is machine readable.
Wednesday, December 15, 2010
43. Puppet and OVAL/ORVL
★ Puppet provides a high level auditing and configuration
management language.
★ Each managed element is represented as an abstract resource.
★ Puppet is well suited and widely deployed for configuration
management, security compliance is a subset of overall
configuration management.
★ Puppet Language is machine parse-able and the compiled catalog
of resources cleanly represents the desired state of each resource
on a system.
★ Each resource is audited for state and the result of that audit is
logged as an event.
★ High level Puppet language is machine readable.
★ Puppet managed resources can be generated from external
datasources.
Wednesday, December 15, 2010
44. Who is using this approach?
Wednesday, December 15, 2010
45. Who is using this approach?
★ Los Alamos National Laboratories
Wednesday, December 15, 2010
46. Who is using this approach?
★ Los Alamos National Laboratories
★ SPAWAR (STIG compliance)
Wednesday, December 15, 2010
47. Who is using this approach?
★ Los Alamos National Laboratories
★ SPAWAR (STIG compliance)
★ Lockheed Martin
Wednesday, December 15, 2010
48. Who is using this approach?
★ Los Alamos National Laboratories
★ SPAWAR (STIG compliance)
★ Lockheed Martin
★ Northrup Grumman
Wednesday, December 15, 2010
49. Who is using this approach?
★ Los Alamos National Laboratories
★ SPAWAR (STIG compliance)
★ Lockheed Martin
★ Northrup Grumman
★ SecState (An SCAP audit and remediation tool.)
Wednesday, December 15, 2010