SlideShare a Scribd company logo

WinOps in a Secure Environment

Chocolatey Software
Chocolatey Software

Dwight Bragdon, IT Security Engineer at Qualcomm: Do you work in a non-internet connected environment? Are your computers and users locked down using government security standards? See how our division in Qualcomm use WinOps to provide local admin and internet connected behaviors without either, using Chocolatey and Puppet.”

Technology
1 of 26
Download to read offline
A sweet Conference focused on Windows Automation (WinOps)
WinOps in a Secure Environment Dwight Bragdon, IT Sec Engr, Sr Staff Qualcomm
Before we begin… ● Who am I? ○ Dwight Bragdon – IT Security Engineer, Sr. Staff ● What do I do? ○ Microsoft Stack, VMware, Citrix, Nutanix, etc… ● Why should you listen to me? ○ Great question!
Environment Overview • Network 1 “non-secure” • Internet Connected • Users are local admins • Corporate Business Productivity • “Wild West” • Network 2 “Secure Enclave” • Non-Internet Connected • Users are not local admins • Business/Mission Productivity • Windows Security Baselins/STIGs applied. • Carbon Black High Enforcement
Solutions Chocolatey for Business (C4B) Gerrit ● Honorable Mentions: ○ SCCM ○ GPO ○ Task Scheduler
Workflow Overview Gerrit List of packages to internalize Choco- Internalize PowerShell Script Jenkins Merged changes start internalization job. Internalization job also run on a schedule. (C4B) FileShare Pushes Internalized packages to file share after internalization job runs Jenkins Artifactory Custom Package Puppet Puppet Enforced settings Choco Packages AdHoc Chocolatey Packages Self-Service/Background Service (C4B) Pulls Internalized packages brought in from the outside , pushes packages to Artifactory Package Builder (C4B) FileShare Internet Connected Non-Internet/Secure Enclave
Gerrit/Source Control Choco-Internlize.ps1 foreach ($package in get-content choco-pkg-list.txt) { Write-Output "Internalizing $package" Write-Output "------------------------------------------------------------------------" C:ProgramDatachocolateybinchoco.exe download --internalize locale=en-US $package --no-progress Write-Output "------------------------------------------------------------------------" Write-Output "" } choco-pkg-list.txt chocolatey chocolatey-agent chocolatey-core.extension chocolateygui firefox googlechrome pester winscp etc… Gerrit List of packages to internalize Choco- Internalize PowerShell Script
Workflow Overview Gerrit List of packages to internalize Choco- Internalize PowerShell Script Jenkins Merged changes start internalization job. Internalization job also run on a schedule. (C4B) FileShare Pushes Internalized packages to file share after internalization job runs Jenkins Artifactory Custom Package Puppet Puppet Enforced settings Choco Packages AdHoc Chocolatey Packages Self-Service/Background Service (C4B) Pulls Internalized packages brought in from the outside , pushes packages to Artifactory Package Builder (C4B) FileShare Internet Connected Non-Internet/Secure Enclave
(external) ● Build Periodically – Daily, Weekly ● Build on Trigger – Gerrit Change Merged ● Build Step: ○ Run PowerShell command ○ Uploads choco packages to file share Gerrit Jenkins FileShare
Workflow Overview Gerrit List of packages to internalize Choco- Internalize PowerShell Script Jenkins Merged changes start internalization job. Internalization job also run on a schedule. (C4B) FileShare Pushes Internalized packages to file share after internalization job runs Jenkins Artifactory Custom Package Puppet Puppet Enforced settings Choco Packages AdHoc Chocolatey Packages Self-Service/Background Service (C4B) Pulls Internalized packages brought in from the outside , pushes packages to Artifactory Package Builder (C4B) FileShare Internet Connected Non-Internet/Secure Enclave
Package Transfer FileShare FileShare ● Transfer files from external file share to non-internet connected file share ● Can be automated: ○ One-way snapmirror (Netapp) ○ Secure one-way transfers using data diodes ○ Other ● Can be manual ○ Sneakernet
Workflow Overview Gerrit List of packages to internalize Choco- Internalize PowerShell Script Jenkins Merged changes start internalization job. Internalization job also run on a schedule. (C4B) FileShare Pushes Internalized packages to file share after internalization job runs Jenkins Artifactory Custom Package Puppet Puppet Enforced settings Choco Packages AdHoc Chocolatey Packages Self-Service/Background Service (C4B) Pulls Internalized packages brought in from the outside , pushes packages to Artifactory Package Builder (C4B) FileShare Internet Connected Non-Internet/Secure Enclave
(internal) ● Build Periodically – Daily, Weekly ● Build Step: ○ Upload choco packages from file share to Artifactory Jenkins Artifactory FileShare
Workflow Overview Gerrit List of packages to internalize Choco- Internalize PowerShell Script Jenkins Merged changes start internalization job. Internalization job also run on a schedule. (C4B) FileShare Pushes Internalized packages to file share after internalization job runs Jenkins Artifactory Custom Package Puppet Puppet Enforced settings Choco Packages AdHoc Chocolatey Packages Self-Service/Background Service (C4B) Pulls Internalized packages brought in from the outside , pushes packages to Artifactory Package Builder (C4B) FileShare Internet Connected Non-Internet/Secure Enclave
browsers.pp class profile::browsers { require profile::chocolatey # Ensures latest Firefox package { 'firefox': ensure => latest, } # Ensures latest Google Chrome package { 'googlechrome': ensure => latest, } } workstation.pp class role::workstation { include profile::browsers } Artifactory Puppet Puppet Enforced settings Choco Packages
Ad Hoc installs prereq ● Chocolatey Agent ● Background Service ○ Use Puppet!
Ad Hoc installs ● “Self-Service” choco installs ○ Chocolatey GUI ○ Command Line ○ Carbon Black approved!
Workflow Overview Gerrit List of packages to internalize Choco- Internalize PowerShell Script Jenkins Merged changes start internalization job. Internalization job also run on a schedule. (C4B) FileShare Pushes Internalized packages to file share after internalization job runs Jenkins Artifactory Custom Package Puppet Puppet Enforced settings Choco Packages AdHoc Chocolatey Packages Self-Service/Background Service (C4B) Pulls Internalized packages brought in from the outside , pushes packages to Artifactory Package Builder (C4B) FileShare Internet Connected Non-Internet/Secure Enclave
Custom Packages ● Custom packages ○ Custom application ○ Different install arguments ● Use Package Builder (C4B) ○ Command Line ○ GUI ● Non-Admins can create packages ○ C:ProgramdataChocolateytemplatesNewFileInstaller needs to be present Artifactory Custom Package
Workflow Overview Gerrit List of packages to internalize Choco- Internalize PowerShell Script Jenkins Merged changes start internalization job. Internalization job also run on a schedule. (C4B) FileShare Pushes Internalized packages to file share after internalization job runs Jenkins Artifactory Custom Package Puppet Puppet Enforced settings Choco Packages AdHoc Chocolatey Packages Self-Service/Background Service (C4B) Pulls Internalized packages brought in from the outside , pushes packages to Artifactory Package Builder (C4B) FileShare Internet Connected Non-Internet/Secure Enclave
Updates ● Puppet: ○ Ensure => latest ● Ad Hoc installs: ○ “cup all –y” scheduled task created via GPO or Puppet
Limitations ● If enforcing background service ○ Users and Puppet cannot call a custom source ● Ad-Hoc Installs: ○ Pinning versions ○ Uninstalling
Key Takeaways ● Use WinOps to enable everyone ● C4B enables users - without sacrificing security
Questions???
Thank you to our Sponsors
SSID: Park Central Meetings Password: chocolateyfest2018 WIFI

Recommended

Manage your bare-metal infrastructure with a CI/CD-driven approach
Manage your bare-metal infrastructure with a CI/CD-driven approachManage your bare-metal infrastructure with a CI/CD-driven approach
Manage your bare-metal infrastructure with a CI/CD-driven approachinovex GmbH
 
Using NuGet the way you should - TechDays NL 2014
Using NuGet the way you should - TechDays NL 2014Using NuGet the way you should - TechDays NL 2014
Using NuGet the way you should - TechDays NL 2014Maarten Balliauw
 
Puppet On Windows - Puppet Camp DC 2015
Puppet On Windows - Puppet Camp DC 2015Puppet On Windows - Puppet Camp DC 2015
Puppet On Windows - Puppet Camp DC 2015Rob Reynolds
 
FrameMaker and the DITA Open Toolkit
FrameMaker and the DITA Open ToolkitFrameMaker and the DITA Open Toolkit
FrameMaker and the DITA Open ToolkitContrext Solutions
 
OSDC 2016 - Inspecting Security of Docker formatted Container Images to find ...
OSDC 2016 - Inspecting Security of Docker formatted Container Images to find ...OSDC 2016 - Inspecting Security of Docker formatted Container Images to find ...
OSDC 2016 - Inspecting Security of Docker formatted Container Images to find ...NETWAYS
 
Using nu get the way you should svcc
Using nu get the way you should svccUsing nu get the way you should svcc
Using nu get the way you should svccMaarten Balliauw
 
Getting Started with EasyBuild - Tutorial Part 2
Getting Started with EasyBuild - Tutorial Part 2Getting Started with EasyBuild - Tutorial Part 2
Getting Started with EasyBuild - Tutorial Part 2inside-BigData.com
 
Embedded Linux primer
Embedded Linux primerEmbedded Linux primer
Embedded Linux primerDrew Fustini
 

Recommended

Manage your bare-metal infrastructure with a CI/CD-driven approach
Manage your bare-metal infrastructure with a CI/CD-driven approachManage your bare-metal infrastructure with a CI/CD-driven approach
Manage your bare-metal infrastructure with a CI/CD-driven approachinovex GmbH
 
Using NuGet the way you should - TechDays NL 2014
Using NuGet the way you should - TechDays NL 2014Using NuGet the way you should - TechDays NL 2014
Using NuGet the way you should - TechDays NL 2014Maarten Balliauw
 
Puppet On Windows - Puppet Camp DC 2015
Puppet On Windows - Puppet Camp DC 2015Puppet On Windows - Puppet Camp DC 2015
Puppet On Windows - Puppet Camp DC 2015Rob Reynolds
 
FrameMaker and the DITA Open Toolkit
FrameMaker and the DITA Open ToolkitFrameMaker and the DITA Open Toolkit
FrameMaker and the DITA Open ToolkitContrext Solutions
 
OSDC 2016 - Inspecting Security of Docker formatted Container Images to find ...
OSDC 2016 - Inspecting Security of Docker formatted Container Images to find ...OSDC 2016 - Inspecting Security of Docker formatted Container Images to find ...
OSDC 2016 - Inspecting Security of Docker formatted Container Images to find ...NETWAYS
 
Using nu get the way you should svcc
Using nu get the way you should svccUsing nu get the way you should svcc
Using nu get the way you should svccMaarten Balliauw
 
Getting Started with EasyBuild - Tutorial Part 2
Getting Started with EasyBuild - Tutorial Part 2Getting Started with EasyBuild - Tutorial Part 2
Getting Started with EasyBuild - Tutorial Part 2inside-BigData.com
 
Embedded Linux primer
Embedded Linux primerEmbedded Linux primer
Embedded Linux primerDrew Fustini
 
NJEdgeCon2018-Automating-Package-Management-in-Windows-with-Chocolatey
NJEdgeCon2018-Automating-Package-Management-in-Windows-with-ChocolateyNJEdgeCon2018-Automating-Package-Management-in-Windows-with-Chocolatey
NJEdgeCon2018-Automating-Package-Management-in-Windows-with-ChocolateyDan Franciscus
 
Symfony under control. Continuous Integration and Automated Deployments in Sy...
Symfony under control. Continuous Integration and Automated Deployments in Sy...Symfony under control. Continuous Integration and Automated Deployments in Sy...
Symfony under control. Continuous Integration and Automated Deployments in Sy...Max Romanovsky
 
Symfony Under Control by Maxim Romanovsky
Symfony Under Control by Maxim RomanovskySymfony Under Control by Maxim Romanovsky
Symfony Under Control by Maxim Romanovskyphp-user-group-minsk
 
Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...
Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...
Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...Puppet
 
IoT: Contrasting Yocto/Buildroot to binary OSes
IoT: Contrasting Yocto/Buildroot to binary OSesIoT: Contrasting Yocto/Buildroot to binary OSes
IoT: Contrasting Yocto/Buildroot to binary OSesMender.io
 
Embedded Linux Build Systems - Texas Linux Fest 2018
Embedded Linux Build Systems - Texas Linux Fest 2018Embedded Linux Build Systems - Texas Linux Fest 2018
Embedded Linux Build Systems - Texas Linux Fest 2018Mender.io
 
Strategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and imagesStrategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and imagesMender.io
 
Magento Docker Setup.pdf
Magento Docker Setup.pdfMagento Docker Setup.pdf
Magento Docker Setup.pdfAbid Malik
 
Yocto - Embedded Linux Distribution Maker
Yocto - Embedded Linux Distribution MakerYocto - Embedded Linux Distribution Maker
Yocto - Embedded Linux Distribution MakerSherif Mousa
 
The 10 Commandments of Release Engineering
The 10 Commandments of Release EngineeringThe 10 Commandments of Release Engineering
The 10 Commandments of Release EngineeringSolano Labs
 
Yocto Project : Custom Embedded Linux Distribution
Yocto Project : Custom Embedded Linux DistributionYocto Project : Custom Embedded Linux Distribution
Yocto Project : Custom Embedded Linux Distributionemertxemarketing
 
Gitlab Commit: How Containerized GitLab CI Pipelines Can Help You Streamline ...
Gitlab Commit: How Containerized GitLab CI Pipelines Can Help You Streamline ...Gitlab Commit: How Containerized GitLab CI Pipelines Can Help You Streamline ...
Gitlab Commit: How Containerized GitLab CI Pipelines Can Help You Streamline ...Nico Meisenzahl
 
Flink Forward Berlin 2017: Dominik Bruhn - Deploying Flink Jobs as Docker Con...
Flink Forward Berlin 2017: Dominik Bruhn - Deploying Flink Jobs as Docker Con...Flink Forward Berlin 2017: Dominik Bruhn - Deploying Flink Jobs as Docker Con...
Flink Forward Berlin 2017: Dominik Bruhn - Deploying Flink Jobs as Docker Con...Flink Forward
 
Reproducibility in artificial intelligence
Reproducibility in artificial intelligenceReproducibility in artificial intelligence
Reproducibility in artificial intelligenceCarlos Toxtli
 
Embedded linux build systems
Embedded linux build systems Embedded linux build systems
Embedded linux build systems Mender.io
 
Building Emmbedded Linux with Yocto project
Building Emmbedded Linux with Yocto projectBuilding Emmbedded Linux with Yocto project
Building Emmbedded Linux with Yocto projecttwcoimbatore
 
Vagrant crash course
Vagrant crash courseVagrant crash course
Vagrant crash courseMarcus Deglos
 
Yocto and IoT - a retrospective
Yocto and IoT - a retrospectiveYocto and IoT - a retrospective
Yocto and IoT - a retrospectiveOpen-RnD
 
The Android Build System - Android Marshmallow
The Android Build System - Android MarshmallowThe Android Build System - Android Marshmallow
The Android Build System - Android MarshmallowRon Munitz
 
FOSDEM 2017: GitLab CI
FOSDEM 2017: GitLab CIFOSDEM 2017: GitLab CI
FOSDEM 2017: GitLab CIOlinData
 
Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...
Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...
Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...Chocolatey Software
 
Provision and Manage Servers w/Otter, DSC, Git, and Chocolatey
Provision and Manage Servers w/Otter, DSC, Git, and ChocolateyProvision and Manage Servers w/Otter, DSC, Git, and Chocolatey
Provision and Manage Servers w/Otter, DSC, Git, and ChocolateyChocolatey Software
 

More Related Content

Similar to WinOps in a Secure Environment

NJEdgeCon2018-Automating-Package-Management-in-Windows-with-Chocolatey
NJEdgeCon2018-Automating-Package-Management-in-Windows-with-ChocolateyNJEdgeCon2018-Automating-Package-Management-in-Windows-with-Chocolatey
NJEdgeCon2018-Automating-Package-Management-in-Windows-with-ChocolateyDan Franciscus
 
Symfony under control. Continuous Integration and Automated Deployments in Sy...
Symfony under control. Continuous Integration and Automated Deployments in Sy...Symfony under control. Continuous Integration and Automated Deployments in Sy...
Symfony under control. Continuous Integration and Automated Deployments in Sy...Max Romanovsky
 
Symfony Under Control by Maxim Romanovsky
Symfony Under Control by Maxim RomanovskySymfony Under Control by Maxim Romanovsky
Symfony Under Control by Maxim Romanovskyphp-user-group-minsk
 
Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...
Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...
Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...Puppet
 
IoT: Contrasting Yocto/Buildroot to binary OSes
IoT: Contrasting Yocto/Buildroot to binary OSesIoT: Contrasting Yocto/Buildroot to binary OSes
IoT: Contrasting Yocto/Buildroot to binary OSesMender.io
 
Embedded Linux Build Systems - Texas Linux Fest 2018
Embedded Linux Build Systems - Texas Linux Fest 2018Embedded Linux Build Systems - Texas Linux Fest 2018
Embedded Linux Build Systems - Texas Linux Fest 2018Mender.io
 
Strategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and imagesStrategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and imagesMender.io
 
Magento Docker Setup.pdf
Magento Docker Setup.pdfMagento Docker Setup.pdf
Magento Docker Setup.pdfAbid Malik
 
Yocto - Embedded Linux Distribution Maker
Yocto - Embedded Linux Distribution MakerYocto - Embedded Linux Distribution Maker
Yocto - Embedded Linux Distribution MakerSherif Mousa
 
The 10 Commandments of Release Engineering
The 10 Commandments of Release EngineeringThe 10 Commandments of Release Engineering
The 10 Commandments of Release EngineeringSolano Labs
 
Yocto Project : Custom Embedded Linux Distribution
Yocto Project : Custom Embedded Linux DistributionYocto Project : Custom Embedded Linux Distribution
Yocto Project : Custom Embedded Linux Distributionemertxemarketing
 
Gitlab Commit: How Containerized GitLab CI Pipelines Can Help You Streamline ...
Gitlab Commit: How Containerized GitLab CI Pipelines Can Help You Streamline ...Gitlab Commit: How Containerized GitLab CI Pipelines Can Help You Streamline ...
Gitlab Commit: How Containerized GitLab CI Pipelines Can Help You Streamline ...Nico Meisenzahl
 
Flink Forward Berlin 2017: Dominik Bruhn - Deploying Flink Jobs as Docker Con...
Flink Forward Berlin 2017: Dominik Bruhn - Deploying Flink Jobs as Docker Con...Flink Forward Berlin 2017: Dominik Bruhn - Deploying Flink Jobs as Docker Con...
Flink Forward Berlin 2017: Dominik Bruhn - Deploying Flink Jobs as Docker Con...Flink Forward
 
Reproducibility in artificial intelligence
Reproducibility in artificial intelligenceReproducibility in artificial intelligence
Reproducibility in artificial intelligenceCarlos Toxtli
 
Embedded linux build systems
Embedded linux build systems Embedded linux build systems
Embedded linux build systems Mender.io
 
Building Emmbedded Linux with Yocto project
Building Emmbedded Linux with Yocto projectBuilding Emmbedded Linux with Yocto project
Building Emmbedded Linux with Yocto projecttwcoimbatore
 
Vagrant crash course
Vagrant crash courseVagrant crash course
Vagrant crash courseMarcus Deglos
 
Yocto and IoT - a retrospective
Yocto and IoT - a retrospectiveYocto and IoT - a retrospective
Yocto and IoT - a retrospectiveOpen-RnD
 
The Android Build System - Android Marshmallow
The Android Build System - Android MarshmallowThe Android Build System - Android Marshmallow
The Android Build System - Android MarshmallowRon Munitz
 
FOSDEM 2017: GitLab CI
FOSDEM 2017: GitLab CIFOSDEM 2017: GitLab CI
FOSDEM 2017: GitLab CIOlinData
 

Similar to WinOps in a Secure Environment (20)

NJEdgeCon2018-Automating-Package-Management-in-Windows-with-Chocolatey
NJEdgeCon2018-Automating-Package-Management-in-Windows-with-ChocolateyNJEdgeCon2018-Automating-Package-Management-in-Windows-with-Chocolatey
NJEdgeCon2018-Automating-Package-Management-in-Windows-with-Chocolatey
 
Symfony under control. Continuous Integration and Automated Deployments in Sy...
Symfony under control. Continuous Integration and Automated Deployments in Sy...Symfony under control. Continuous Integration and Automated Deployments in Sy...
Symfony under control. Continuous Integration and Automated Deployments in Sy...
 
Symfony Under Control by Maxim Romanovsky
Symfony Under Control by Maxim RomanovskySymfony Under Control by Maxim Romanovsky
Symfony Under Control by Maxim Romanovsky
 
Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...
Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...
Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...
 
IoT: Contrasting Yocto/Buildroot to binary OSes
IoT: Contrasting Yocto/Buildroot to binary OSesIoT: Contrasting Yocto/Buildroot to binary OSes
IoT: Contrasting Yocto/Buildroot to binary OSes
 
Embedded Linux Build Systems - Texas Linux Fest 2018
Embedded Linux Build Systems - Texas Linux Fest 2018Embedded Linux Build Systems - Texas Linux Fest 2018
Embedded Linux Build Systems - Texas Linux Fest 2018
 
Strategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and imagesStrategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and images
 
Magento Docker Setup.pdf
Magento Docker Setup.pdfMagento Docker Setup.pdf
Magento Docker Setup.pdf
 
Yocto - Embedded Linux Distribution Maker
Yocto - Embedded Linux Distribution MakerYocto - Embedded Linux Distribution Maker
Yocto - Embedded Linux Distribution Maker
 
The 10 Commandments of Release Engineering
The 10 Commandments of Release EngineeringThe 10 Commandments of Release Engineering
The 10 Commandments of Release Engineering
 
Yocto Project : Custom Embedded Linux Distribution
Yocto Project : Custom Embedded Linux DistributionYocto Project : Custom Embedded Linux Distribution
Yocto Project : Custom Embedded Linux Distribution
 
Gitlab Commit: How Containerized GitLab CI Pipelines Can Help You Streamline ...
Gitlab Commit: How Containerized GitLab CI Pipelines Can Help You Streamline ...Gitlab Commit: How Containerized GitLab CI Pipelines Can Help You Streamline ...
Gitlab Commit: How Containerized GitLab CI Pipelines Can Help You Streamline ...
 
Flink Forward Berlin 2017: Dominik Bruhn - Deploying Flink Jobs as Docker Con...
Flink Forward Berlin 2017: Dominik Bruhn - Deploying Flink Jobs as Docker Con...Flink Forward Berlin 2017: Dominik Bruhn - Deploying Flink Jobs as Docker Con...
Flink Forward Berlin 2017: Dominik Bruhn - Deploying Flink Jobs as Docker Con...
 
Reproducibility in artificial intelligence
Reproducibility in artificial intelligenceReproducibility in artificial intelligence
Reproducibility in artificial intelligence
 
Embedded linux build systems
Embedded linux build systems Embedded linux build systems
Embedded linux build systems
 
Building Emmbedded Linux with Yocto project
Building Emmbedded Linux with Yocto projectBuilding Emmbedded Linux with Yocto project
Building Emmbedded Linux with Yocto project
 
Vagrant crash course
Vagrant crash courseVagrant crash course
Vagrant crash course
 
Yocto and IoT - a retrospective
Yocto and IoT - a retrospectiveYocto and IoT - a retrospective
Yocto and IoT - a retrospective
 
The Android Build System - Android Marshmallow
The Android Build System - Android MarshmallowThe Android Build System - Android Marshmallow
The Android Build System - Android Marshmallow
 
FOSDEM 2017: GitLab CI
FOSDEM 2017: GitLab CIFOSDEM 2017: GitLab CI
FOSDEM 2017: GitLab CI
 

More from Chocolatey Software

Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...
Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...
Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...Chocolatey Software
 
Provision and Manage Servers w/Otter, DSC, Git, and Chocolatey
Provision and Manage Servers w/Otter, DSC, Git, and ChocolateyProvision and Manage Servers w/Otter, DSC, Git, and Chocolatey
Provision and Manage Servers w/Otter, DSC, Git, and ChocolateyChocolatey Software
 
Docker - A Container Full of Chocolatey
Docker - A Container Full of ChocolateyDocker - A Container Full of Chocolatey
Docker - A Container Full of ChocolateyChocolatey Software
 
Killing Golden Images In Your Infrastructure Setups
Killing Golden Images In Your Infrastructure SetupsKilling Golden Images In Your Infrastructure Setups
Killing Golden Images In Your Infrastructure SetupsChocolatey Software
 
Maintenance Mode: Leveraging Chef to Schedule Patching, Reboot, etc.
Maintenance Mode: Leveraging Chef to Schedule Patching, Reboot, etc.Maintenance Mode: Leveraging Chef to Schedule Patching, Reboot, etc.
Maintenance Mode: Leveraging Chef to Schedule Patching, Reboot, etc.Chocolatey Software
 
Wardley Maps Saved The Day: How Stack Overflow Enterprise automated all the t...
Wardley Maps Saved The Day: How Stack Overflow Enterprise automated all the t...Wardley Maps Saved The Day: How Stack Overflow Enterprise automated all the t...
Wardley Maps Saved The Day: How Stack Overflow Enterprise automated all the t...Chocolatey Software
 
The Future of Windows Automation
The Future of Windows AutomationThe Future of Windows Automation
The Future of Windows AutomationChocolatey Software
 
Improving Infrastructure Quality
Improving Infrastructure QualityImproving Infrastructure Quality
Improving Infrastructure QualityChocolatey Software
 
Ensuring Compliant, Consistent Systems w/Chef, InSpec, and Chocolatey
Ensuring Compliant, Consistent Systems w/Chef, InSpec, and ChocolateyEnsuring Compliant, Consistent Systems w/Chef, InSpec, and Chocolatey
Ensuring Compliant, Consistent Systems w/Chef, InSpec, and ChocolateyChocolatey Software
 
Bootstrapping a New Machine in 1 Click
Bootstrapping a New Machine in 1 ClickBootstrapping a New Machine in 1 Click
Bootstrapping a New Machine in 1 ClickChocolatey Software
 
Chef + Chocolatey: Sweet Recipes
Chef + Chocolatey: Sweet RecipesChef + Chocolatey: Sweet Recipes
Chef + Chocolatey: Sweet RecipesChocolatey Software
 
10 Things I Hate About You - Taming Windows w/Ansible
10 Things I Hate About You - Taming Windows w/Ansible10 Things I Hate About You - Taming Windows w/Ansible
10 Things I Hate About You - Taming Windows w/AnsibleChocolatey Software
 

More from Chocolatey Software (13)

Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...
Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...
Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...
 
Provision and Manage Servers w/Otter, DSC, Git, and Chocolatey
Provision and Manage Servers w/Otter, DSC, Git, and ChocolateyProvision and Manage Servers w/Otter, DSC, Git, and Chocolatey
Provision and Manage Servers w/Otter, DSC, Git, and Chocolatey
 
Docker - A Container Full of Chocolatey
Docker - A Container Full of ChocolateyDocker - A Container Full of Chocolatey
Docker - A Container Full of Chocolatey
 
Killing Golden Images In Your Infrastructure Setups
Killing Golden Images In Your Infrastructure SetupsKilling Golden Images In Your Infrastructure Setups
Killing Golden Images In Your Infrastructure Setups
 
Maintenance Mode: Leveraging Chef to Schedule Patching, Reboot, etc.
Maintenance Mode: Leveraging Chef to Schedule Patching, Reboot, etc.Maintenance Mode: Leveraging Chef to Schedule Patching, Reboot, etc.
Maintenance Mode: Leveraging Chef to Schedule Patching, Reboot, etc.
 
Wardley Maps Saved The Day: How Stack Overflow Enterprise automated all the t...
Wardley Maps Saved The Day: How Stack Overflow Enterprise automated all the t...Wardley Maps Saved The Day: How Stack Overflow Enterprise automated all the t...
Wardley Maps Saved The Day: How Stack Overflow Enterprise automated all the t...
 
The Future of Windows Automation
The Future of Windows AutomationThe Future of Windows Automation
The Future of Windows Automation
 
Improving Infrastructure Quality
Improving Infrastructure QualityImproving Infrastructure Quality
Improving Infrastructure Quality
 
Ensuring Compliant, Consistent Systems w/Chef, InSpec, and Chocolatey
Ensuring Compliant, Consistent Systems w/Chef, InSpec, and ChocolateyEnsuring Compliant, Consistent Systems w/Chef, InSpec, and Chocolatey
Ensuring Compliant, Consistent Systems w/Chef, InSpec, and Chocolatey
 
Bootstrapping a New Machine in 1 Click
Bootstrapping a New Machine in 1 ClickBootstrapping a New Machine in 1 Click
Bootstrapping a New Machine in 1 Click
 
Chocolatey and Puppet at Yelp
Chocolatey and Puppet at YelpChocolatey and Puppet at Yelp
Chocolatey and Puppet at Yelp
 
Chef + Chocolatey: Sweet Recipes
Chef + Chocolatey: Sweet RecipesChef + Chocolatey: Sweet Recipes
Chef + Chocolatey: Sweet Recipes
 
10 Things I Hate About You - Taming Windows w/Ansible
10 Things I Hate About You - Taming Windows w/Ansible10 Things I Hate About You - Taming Windows w/Ansible
10 Things I Hate About You - Taming Windows w/Ansible
 

Recently uploaded

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 

WinOps in a Secure Environment

  • 1. A sweet Conference focused on Windows Automation (WinOps)
  • 2. WinOps in a Secure Environment Dwight Bragdon, IT Sec Engr, Sr Staff Qualcomm
  • 3. Before we begin… ● Who am I? ○ Dwight Bragdon – IT Security Engineer, Sr. Staff ● What do I do? ○ Microsoft Stack, VMware, Citrix, Nutanix, etc… ● Why should you listen to me? ○ Great question!
  • 4. Environment Overview • Network 1 “non-secure” • Internet Connected • Users are local admins • Corporate Business Productivity • “Wild West” • Network 2 “Secure Enclave” • Non-Internet Connected • Users are not local admins • Business/Mission Productivity • Windows Security Baselins/STIGs applied. • Carbon Black High Enforcement
  • 5. Solutions Chocolatey for Business (C4B) Gerrit ● Honorable Mentions: ○ SCCM ○ GPO ○ Task Scheduler
  • 6. Workflow Overview Gerrit List of packages to internalize Choco- Internalize PowerShell Script Jenkins Merged changes start internalization job. Internalization job also run on a schedule. (C4B) FileShare Pushes Internalized packages to file share after internalization job runs Jenkins Artifactory Custom Package Puppet Puppet Enforced settings Choco Packages AdHoc Chocolatey Packages Self-Service/Background Service (C4B) Pulls Internalized packages brought in from the outside , pushes packages to Artifactory Package Builder (C4B) FileShare Internet Connected Non-Internet/Secure Enclave
  • 7. Gerrit/Source Control Choco-Internlize.ps1 foreach ($package in get-content choco-pkg-list.txt) { Write-Output "Internalizing $package" Write-Output "------------------------------------------------------------------------" C:ProgramDatachocolateybinchoco.exe download --internalize locale=en-US $package --no-progress Write-Output "------------------------------------------------------------------------" Write-Output "" } choco-pkg-list.txt chocolatey chocolatey-agent chocolatey-core.extension chocolateygui firefox googlechrome pester winscp etc… Gerrit List of packages to internalize Choco- Internalize PowerShell Script
  • 8. Workflow Overview Gerrit List of packages to internalize Choco- Internalize PowerShell Script Jenkins Merged changes start internalization job. Internalization job also run on a schedule. (C4B) FileShare Pushes Internalized packages to file share after internalization job runs Jenkins Artifactory Custom Package Puppet Puppet Enforced settings Choco Packages AdHoc Chocolatey Packages Self-Service/Background Service (C4B) Pulls Internalized packages brought in from the outside , pushes packages to Artifactory Package Builder (C4B) FileShare Internet Connected Non-Internet/Secure Enclave
  • 9. (external) ● Build Periodically – Daily, Weekly ● Build on Trigger – Gerrit Change Merged ● Build Step: ○ Run PowerShell command ○ Uploads choco packages to file share Gerrit Jenkins FileShare
  • 10. Workflow Overview Gerrit List of packages to internalize Choco- Internalize PowerShell Script Jenkins Merged changes start internalization job. Internalization job also run on a schedule. (C4B) FileShare Pushes Internalized packages to file share after internalization job runs Jenkins Artifactory Custom Package Puppet Puppet Enforced settings Choco Packages AdHoc Chocolatey Packages Self-Service/Background Service (C4B) Pulls Internalized packages brought in from the outside , pushes packages to Artifactory Package Builder (C4B) FileShare Internet Connected Non-Internet/Secure Enclave
  • 11. Package Transfer FileShare FileShare ● Transfer files from external file share to non-internet connected file share ● Can be automated: ○ One-way snapmirror (Netapp) ○ Secure one-way transfers using data diodes ○ Other ● Can be manual ○ Sneakernet
  • 12. Workflow Overview Gerrit List of packages to internalize Choco- Internalize PowerShell Script Jenkins Merged changes start internalization job. Internalization job also run on a schedule. (C4B) FileShare Pushes Internalized packages to file share after internalization job runs Jenkins Artifactory Custom Package Puppet Puppet Enforced settings Choco Packages AdHoc Chocolatey Packages Self-Service/Background Service (C4B) Pulls Internalized packages brought in from the outside , pushes packages to Artifactory Package Builder (C4B) FileShare Internet Connected Non-Internet/Secure Enclave
  • 13. (internal) ● Build Periodically – Daily, Weekly ● Build Step: ○ Upload choco packages from file share to Artifactory Jenkins Artifactory FileShare
  • 14. Workflow Overview Gerrit List of packages to internalize Choco- Internalize PowerShell Script Jenkins Merged changes start internalization job. Internalization job also run on a schedule. (C4B) FileShare Pushes Internalized packages to file share after internalization job runs Jenkins Artifactory Custom Package Puppet Puppet Enforced settings Choco Packages AdHoc Chocolatey Packages Self-Service/Background Service (C4B) Pulls Internalized packages brought in from the outside , pushes packages to Artifactory Package Builder (C4B) FileShare Internet Connected Non-Internet/Secure Enclave
  • 15. browsers.pp class profile::browsers { require profile::chocolatey # Ensures latest Firefox package { 'firefox': ensure => latest, } # Ensures latest Google Chrome package { 'googlechrome': ensure => latest, } } workstation.pp class role::workstation { include profile::browsers } Artifactory Puppet Puppet Enforced settings Choco Packages
  • 16. Ad Hoc installs prereq ● Chocolatey Agent ● Background Service ○ Use Puppet!
  • 17. Ad Hoc installs ● “Self-Service” choco installs ○ Chocolatey GUI ○ Command Line ○ Carbon Black approved!
  • 18. Workflow Overview Gerrit List of packages to internalize Choco- Internalize PowerShell Script Jenkins Merged changes start internalization job. Internalization job also run on a schedule. (C4B) FileShare Pushes Internalized packages to file share after internalization job runs Jenkins Artifactory Custom Package Puppet Puppet Enforced settings Choco Packages AdHoc Chocolatey Packages Self-Service/Background Service (C4B) Pulls Internalized packages brought in from the outside , pushes packages to Artifactory Package Builder (C4B) FileShare Internet Connected Non-Internet/Secure Enclave
  • 19. Custom Packages ● Custom packages ○ Custom application ○ Different install arguments ● Use Package Builder (C4B) ○ Command Line ○ GUI ● Non-Admins can create packages ○ C:ProgramdataChocolateytemplatesNewFileInstaller needs to be present Artifactory Custom Package
  • 20. Workflow Overview Gerrit List of packages to internalize Choco- Internalize PowerShell Script Jenkins Merged changes start internalization job. Internalization job also run on a schedule. (C4B) FileShare Pushes Internalized packages to file share after internalization job runs Jenkins Artifactory Custom Package Puppet Puppet Enforced settings Choco Packages AdHoc Chocolatey Packages Self-Service/Background Service (C4B) Pulls Internalized packages brought in from the outside , pushes packages to Artifactory Package Builder (C4B) FileShare Internet Connected Non-Internet/Secure Enclave
  • 21. Updates ● Puppet: ○ Ensure => latest ● Ad Hoc installs: ○ “cup all –y” scheduled task created via GPO or Puppet
  • 22. Limitations ● If enforcing background service ○ Users and Puppet cannot call a custom source ● Ad-Hoc Installs: ○ Pinning versions ○ Uninstalling
  • 23. Key Takeaways ● Use WinOps to enable everyone ● C4B enables users - without sacrificing security