Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Windows Patch Management
With Puppet Enterprise
Greg Sarjeant
Manager of Professional Services
Kenaz Kwa
Senior Engineerin...
Agenda
• How Puppet Enterprise works
• What is Patch Management?
• The Puppet Approach
• Demo
• Puppet Labs Windows suppor...
Our software
automates the provisioning,
configuration &
ongoing management
of your machines & the applications,
services ...
Puppet Deployment
Ubuntu
Server
PUPPET
MASTER
Windows
Server
Cisco
Switch
How Puppet Enterprise Works
What is Patch Management?
And what is it becoming?
What is Patch Management?
• Traditional Model
Application
s
OS
OS Updates
Windows Server Patch Management Today
• Patches stored in a central repository
– Windows Update (Internet)
– Internally ho...
Windows Server Update Services (WSUS)
• Updates distributed via Microsoft Update
• WSUS Server stages updates
• Updates pu...
System Center Configuration Manager (SCCM)
• Integrates with WSUS for software updates
• Wizard-driven configuration
– Dep...
Traditional View: OS as Platform
Application
s
OS
Can we alleviate this tension?
A Different Conceptual Model
OS
Applications
• OS, applications are interdependent
• Work together towards a common end
Extend the Patch Concept
OS Updates
Application Updates
Application Update Challenges
• Inconsistent formats
– .zip, .exe, .msi
• No central location
• No unified delivery mechan...
Package Management
• Package Management
– Centralized distribution of packages from curated repositories
– Package: Atomic...
Chocolatey
• Package Management for Windows
• Common format for software delivery
– Versioned
– Metadata (dependencies)
– ...
Install Notepad++ with Chocolatey
But wait, there’s more
OS
ApplicationsApp Configuration
OS Configuration
How do we patch configuration?
Configuration Patch Requirements
• Versioned
• Coupled to OS, App versions
• Machine-driven delivery mechanism
Puppet Enterprise
Enabling Technologies
• Infrastructure as Code
• Package Management
Puppet: Infrastructure as Code
• System state defined in software
– Stored in Version Control System (VCS)
• Microsoft Tea...
Puppet Manages Configuration State
Puppet Manages Package State
Desired State Configuration (DSC)
• Windows PowerShell Desired State Configuration
• Microsoft Implementation of Infrastru...
Look Familiar?
• Configurations
– Versioned
– Centralized
• Application Packages
– Versioned
– Centralized
• OS Patches
– ...
What’s missing?
• Unified management
• Visibility
• Security and Compliance
• Heterogeneous Environments
Puppet Enterprise Ties it all Together
Convergence of Functionality
• Infrastructure and Applications look like OS Patching
• WSUS client
– Query Windows Update ...
Aren’t OS Patches Just Packages?
Use the Right Tool for the Job
• Using package management is not a replacement for
Windows OS patch management
– Reinventi...
Rich Ecosystem of Windows Resources
• WSUS Client Module
– Manage configuration of Windows Updates
• Chocolatey
– Manage a...
Manage WSUS Client
The Puppet Approach
• Define OS update policies in Puppet code
• Manage OS patch policy as part of overall system
– Applic...
Puppet Enterprise allows you to more
effectively use proven Microsoft technologies
to integrate OS patch management into a...
DEMO
Puppet Labs Windows Support
• 32- & 64-bit Support – Native MSI packages for x64 as of Puppet
Enterprise 3.7
• Broad Platf...
Puppet Supported Modules
• SQL Server – Installs & manages MS SQL Server 2012 & 2014 on
Windows systems
• WSUS Client – Co...
Puppet Approved Modules
• IIS – install and manage IIS
• Chocolatey – package manager
• windows_env – manage Windows envir...
Windows Webinar Series
Register for upcoming webinars at: http://info.puppetlabs.com/1885-
Windows-Series-Main_LP-Registra...
Questions &
Answers
Resources
PuppetConf 2015 Windows Track
• Chocolatey and Puppet - Rob Reynolds
• Azure for the Non-Microsoft Person - Rob ...
Manage System State with DSC
Manage Packages with Chocolatey
Manage Configuration with PowerShell
Bringing it all Together
Automated Configuration Management
• Infrastructure as Code
– Machine-implemented infrastructure
• Package Management
– Ma...
Patch Management on Windows with Puppet
Upcoming SlideShare
Loading in …5
×

Patch Management on Windows with Puppet

7,845 views

Published on

5th Windows Webinar of the series

Published in: Technology

Patch Management on Windows with Puppet

  1. 1. Windows Patch Management With Puppet Enterprise Greg Sarjeant Manager of Professional Services Kenaz Kwa Senior Engineering Product Manager
  2. 2. Agenda • How Puppet Enterprise works • What is Patch Management? • The Puppet Approach • Demo • Puppet Labs Windows support • Resources • Q&A
  3. 3. Our software automates the provisioning, configuration & ongoing management of your machines & the applications, services & software running on them.
  4. 4. Puppet Deployment Ubuntu Server PUPPET MASTER Windows Server Cisco Switch
  5. 5. How Puppet Enterprise Works
  6. 6. What is Patch Management? And what is it becoming?
  7. 7. What is Patch Management? • Traditional Model Application s OS OS Updates
  8. 8. Windows Server Patch Management Today • Patches stored in a central repository – Windows Update (Internet) – Internally hosted • Distributed to end user systems on a schedule • Microsoft Technologies – Windows Server Update Services (WSUS) – System Center Configuration Manager (SCCM) – Extensive research and experience
  9. 9. Windows Server Update Services (WSUS) • Updates distributed via Microsoft Update • WSUS Server stages updates • Updates pulled by clients – Similar to Automatic Updates on desktops
  10. 10. System Center Configuration Manager (SCCM) • Integrates with WSUS for software updates • Wizard-driven configuration – Deployment targets – Update Rules • Manages WSUS client behind the scenes. Can initiate WSUS runs
  11. 11. Traditional View: OS as Platform Application s OS
  12. 12. Can we alleviate this tension?
  13. 13. A Different Conceptual Model OS Applications • OS, applications are interdependent • Work together towards a common end
  14. 14. Extend the Patch Concept OS Updates Application Updates
  15. 15. Application Update Challenges • Inconsistent formats – .zip, .exe, .msi • No central location • No unified delivery mechanism
  16. 16. Package Management • Package Management – Centralized distribution of packages from curated repositories – Package: Atomic bundle to deliver software • Versioned • Metadata (dependencies) • Allow scripts – Create repositories of packages – Machine-implemented
  17. 17. Chocolatey • Package Management for Windows • Common format for software delivery – Versioned – Metadata (dependencies) – Allow scripts • Defines repositories – Public, internet-hosted – Private, internal
  18. 18. Install Notepad++ with Chocolatey
  19. 19. But wait, there’s more OS ApplicationsApp Configuration OS Configuration
  20. 20. How do we patch configuration?
  21. 21. Configuration Patch Requirements • Versioned • Coupled to OS, App versions • Machine-driven delivery mechanism
  22. 22. Puppet Enterprise
  23. 23. Enabling Technologies • Infrastructure as Code • Package Management
  24. 24. Puppet: Infrastructure as Code • System state defined in software – Stored in Version Control System (VCS) • Microsoft Team Foundation Server (TFC), Git • Centralized location – Versionable • Commit hash – Dependency resolution • System state implemented by machine – Puppet agent
  25. 25. Puppet Manages Configuration State
  26. 26. Puppet Manages Package State
  27. 27. Desired State Configuration (DSC) • Windows PowerShell Desired State Configuration • Microsoft Implementation of Infrastructure as Code • Native support for many core types – Users, Files, Registry settings, etc. • Active development of extensions • Integration with Puppet
  28. 28. Look Familiar? • Configurations – Versioned – Centralized • Application Packages – Versioned – Centralized • OS Patches – Versioned – Centralized
  29. 29. What’s missing? • Unified management • Visibility • Security and Compliance • Heterogeneous Environments
  30. 30. Puppet Enterprise Ties it all Together
  31. 31. Convergence of Functionality • Infrastructure and Applications look like OS Patching • WSUS client – Query Windows Update service for new packages on a schedule – Apply new updates when available • Puppet agent – Query puppet master for new configuration on a schedule • New versions of application packages – Apply new configuration when available
  32. 32. Aren’t OS Patches Just Packages?
  33. 33. Use the Right Tool for the Job • Using package management is not a replacement for Windows OS patch management – Reinventing the wheel – Increased burden on Operations personnel • Manage OS patches individually • Maintain Puppet code to manage OS patches individually
  34. 34. Rich Ecosystem of Windows Resources • WSUS Client Module – Manage configuration of Windows Updates • Chocolatey – Manage application updates • Desired State Configuration (DSC) – Manage Windows State • PowerShell support – Automate arbitrary configuration requirements
  35. 35. Manage WSUS Client
  36. 36. The Puppet Approach • Define OS update policies in Puppet code • Manage OS patch policy as part of overall system – Application versions – System, application configuration • Native Puppet Types • DSC • Continually enforce state of OS patching policy • Report on changes to update policies
  37. 37. Puppet Enterprise allows you to more effectively use proven Microsoft technologies to integrate OS patch management into a more unified approach to platform management.
  38. 38. DEMO
  39. 39. Puppet Labs Windows Support • 32- & 64-bit Support – Native MSI packages for x64 as of Puppet Enterprise 3.7 • Broad Platform Support - Windows 2008, 2012, 7, 8 • Windows Provisioning - Provision Windows OSes with Razor • Puppet Supported & Approved Modules for Windows – Including Windows Module Pack, Supported SQL Sever & DSC modules • Azure Integration – Microsoft Azure extension handler for bootstrapping Puppet installs. Supported Azure module.
  40. 40. Puppet Supported Modules • SQL Server – Installs & manages MS SQL Server 2012 & 2014 on Windows systems • WSUS Client – Configure clients to point to update servers; schedule updates • DSC – Manages PowerShell DSC resources • Azure – Provision and manage Azure VMs • ACL – manage permissions with Windows ACLs • Registry – manage Registry keys and values • PowerShell – execute PowerShell commands with Puppet • Reboot – Automatically reboot after install
  41. 41. Puppet Approved Modules • IIS – install and manage IIS • Chocolatey – package manager • windows_env – manage Windows environment variables • Windows Java – Install and manage Oracle Java on Windows • pget – PowerShell alternative to wget or curl
  42. 42. Windows Webinar Series Register for upcoming webinars at: http://info.puppetlabs.com/1885- Windows-Series-Main_LP-Registration.html • Deploying IIS and ASP.NET with Puppet • Package Management on Windows with Chocolatey • Managing PowerShell DSC with Puppet • Patch Management on Windows with Puppet • Setting up Windows for System and Application Monitoring • Getting Up and Running with the Windows Module Pack • Get Started on Azure with Puppet
  43. 43. Questions & Answers
  44. 44. Resources PuppetConf 2015 Windows Track • Chocolatey and Puppet - Rob Reynolds • Azure for the Non-Microsoft Person - Rob Reynolds & Scott Hanselman, MSFT • Better Together: Managing Windows with Puppet and DSC - Ethan Brown & Bruce Payette, MSFT • Beyond the Registry - Matthew Stone, T-Mobile • The Wild World of Windows: Developing for Puppet on Windows - Travis Fields, Nike Blog • Chocolatey blog series • PowerShell DSC blog series Docs • Managing Windows Configurations Education • Learning VM • Puppet Essentials for Windows – Instructor-led • Puppet Essentials for Windows - Virtual
  45. 45. Manage System State with DSC
  46. 46. Manage Packages with Chocolatey
  47. 47. Manage Configuration with PowerShell
  48. 48. Bringing it all Together
  49. 49. Automated Configuration Management • Infrastructure as Code – Machine-implemented infrastructure • Package Management – Machine-implemented applications • Automated configuration management – Software that implements configuration instructions – Puppet Enterprise

×