1. puppet
labs Case Study
“Prior to using Puppet, managing the
Mac OS X systems in our network
Los ALAmos uses
was a challenge. There was a real lack
of visibility into both the number
PuPPet to gAin
of Macs on the network and their
configuration. Puppet has made a real
difference to our administrators who
previously were having to walk to
each Mac and service it individually.” visibiLity into their
- Allan Marcus, Solutions Architect,
Los Alamos National Laboratory
dePLoyed mAc os X
environment And
industry:
Government meet nist stAndArds.
chALLenge: Los Alamos National Labs is one of the world’s premier research
Meet NIST standards for organizations and is engaged in strategic science on behalf of national
Mac OS X environment
security. Los Alamos networks not only employs a wide variety of
soLution: devices and operating systems, they are also held to strict security
Puppet guidelines for the configuration and security software on all of their
resuLts: systems including systems running Mac OS X. Puppet helps support
Manage 1,700 Mac systems while hundreds of Macs, gains visibility into the devices on their networks
enhancing visibility and adhering and ensures they met security standards for those systems.
to compliance standards
stArting environment Key obJectives
• Manage over 1,700 Mac desktops that check in on a • Gain Visibility – They needed to understand how many
regular basis. Macs were on their network, how they were configured,
• There was a complete lack of visibility into the actual and whether they met their security requirements.
number of Macs on the network. There were over 3,400 • Configuration Management – Los Alamos is governed by
Macs registered but many of these systems were no NIST Special Publication 800-53 which has requirements
longer active. for configuration management controls of all desktop
• Requirements for least privilege on desktops caused assets.
problems because of the need to update software and • Enforcement of Least Privilege – NIST Special
antivirus. The need to update software was often given as Publication 800-53 also has requirements for enforcing
a reason to grant administrative rights to individual users. the most restrictive set of rights needed by users. Without
• Prior to using Puppet they weren’t using any institutional Puppet, users often requested and required administrative
administrative tools to manage Macs. It was highly privileges in order to regularly update their Symantec
manual and a time intensive process. security software on their Macs.
• Cross Platform Support – They were looking for a
solution that could support their varied versions of Linux
and Mac OS X.