This document discusses adapting the roles and profiles design pattern to writing compliance code in Puppet modules. It begins by noting the challenges of writing compliance code, such as it touching many parts of nodes and leading to sprawling code. It then provides an overview of the roles and profiles pattern, which uses simple "front-end" roles/interfaces and more complex "back-end" profiles/implementations. The rest of the document discusses how to apply this pattern when authoring Puppet modules for compliance - including creating interface and implementation classes, using Hiera for configuration, and tools for reducing boilerplate code. It aims to provide a maintainable structure and simplify adapting to new compliance frameworks or requirements.
With the ever-increasing availability of good open source modules, puppet development within an organization can transition to the building of roles and profiles to glue together the modules developed externally, and patches or pull requests to update the modules to meet your needs. However, it is still sometimes necessary to create a module from scratch, and there are different considerations when the module is going to be shared publicly than when developing modules strictly for internal use. If the module is going to be used by people outside your organization you need to consider flexibility, appropriate scoping, and ease of use of the module. This talk will address finding and evaluating existing modules, module development with open sourcing in mind, and effective use of roles and profiles.
Introduction to Puppet Enterprise 10/03/2018Puppet
Register today and learn more about Puppet Enterprise
Join Puppet on Wednesday, 3 October 2018 at 9:00 a.m. PDT for our upcoming webinar, Introduction to Puppet Enterprise.
If you're new to Puppet Enterprise, this is the webinar for you. You'll learn why thousands of companies rely on Puppet to automate the delivery and operation of their software and see it in action with a live demo.
We'll cover how to use Puppet Enterprise to:
Gain situational awareness and drive change with confidence
Orchestrate changes to infrastructure and applications
Continually enforce your desired state and remediate any unexpected changes
Get real-time visibility and reporting to prove compliance
We will also explore our new products, Puppet Discovery and Puppet Pipelines and what’s new in 2018.1 and will leave plenty of time to answer your questions.
Featured Speakers: Abir Majumdar, Sales Engineer, and Anthony Rodriguez, Sales Development.
The presentation about the fundamentals of DevOps workflow and CI/CD practices I presented at Centroida (https://centroida.ai/) as a back-end development intern.
With the ever-increasing availability of good open source modules, puppet development within an organization can transition to the building of roles and profiles to glue together the modules developed externally, and patches or pull requests to update the modules to meet your needs. However, it is still sometimes necessary to create a module from scratch, and there are different considerations when the module is going to be shared publicly than when developing modules strictly for internal use. If the module is going to be used by people outside your organization you need to consider flexibility, appropriate scoping, and ease of use of the module. This talk will address finding and evaluating existing modules, module development with open sourcing in mind, and effective use of roles and profiles.
Introduction to Puppet Enterprise 10/03/2018Puppet
Register today and learn more about Puppet Enterprise
Join Puppet on Wednesday, 3 October 2018 at 9:00 a.m. PDT for our upcoming webinar, Introduction to Puppet Enterprise.
If you're new to Puppet Enterprise, this is the webinar for you. You'll learn why thousands of companies rely on Puppet to automate the delivery and operation of their software and see it in action with a live demo.
We'll cover how to use Puppet Enterprise to:
Gain situational awareness and drive change with confidence
Orchestrate changes to infrastructure and applications
Continually enforce your desired state and remediate any unexpected changes
Get real-time visibility and reporting to prove compliance
We will also explore our new products, Puppet Discovery and Puppet Pipelines and what’s new in 2018.1 and will leave plenty of time to answer your questions.
Featured Speakers: Abir Majumdar, Sales Engineer, and Anthony Rodriguez, Sales Development.
The presentation about the fundamentals of DevOps workflow and CI/CD practices I presented at Centroida (https://centroida.ai/) as a back-end development intern.
Major updates to Puppet Enterprise give you the power to use automation as the bridge to your future, whether that's moving to the cloud or adopting containers in production.
New change reporting and orchestration features make it easy to drive change with confidence, and tools for building and deploying popular cloud and container technologies give you a standard way to automate the delivery and operation of all of your software.
Join us for a webinar to see the latest release in action. You’ll learn about:
Orchestration enhancements to give you even more control to run phased deployments and coordinated roll-outs of change
Corrective change reporting to gain insight into why changes occur across your infrastructure
Tools to automate the build of Docker container images
Integration with VMware's vRealize Suite (vRA/vRO) to enable fully automated, self-service provisioning workflows
Integration with Jenkins to easily enable you to scale your DevOps practice by building continuous delivery pipelines and orchestrating infrastructure deployment
DOES14 - Gary Gruver - Macy's - Transforming Traditional Enterprise Software ...Gene Kim
Gary Gruver, Vice President of QE, Release and Operations, Macy's, at DevOps Enterprise Summit 2014
Transforming Traditional Enterprise Software Development Processes by applying DevOps and Agile Principles at Scale
How to transform traditional Enterprise Software development processes by applying DevOps and Agile principles at scale instead of the more typical approach of scaling scrum. This approach starts with clarity in business objectives for the transformation. Next it highlights the importance of creating an Enterprise level continuous improvement process, which is very different from an aggregation of team level continuous improvement process. One of the most important steps for creating an Agile Enterprise is keeping code releasable across the Enterprise. This presentation will go deep on the fundamentals of Devops, CI, and CD based on what has been found to be successful transforming legacy organizations. The final step will provide a framework for re-thinking the planning process to provide an Enterprise level backlog and long-term commitments.
Major updates to Puppet Enterprise give you the power to use automation as the bridge to your future, whether that's moving to the cloud or adopting containers in production.
New change reporting and orchestration features make it easy to drive change with confidence, and tools for building and deploying popular cloud and container technologies give you a standard way to automate the delivery and operation of all of your software.
Join us for a webinar to see the latest release in action. You’ll learn about:
Orchestration enhancements to give you even more control to run phased deployments and coordinated roll-outs of change
Corrective change reporting to gain insight into why changes occur across your infrastructure
Tools to automate the build of Docker container images
Integration with VMware's vRealize Suite (vRA/vRO) to enable fully automated, self-service provisioning workflows
Integration with Jenkins to easily enable you to scale your DevOps practice by building continuous delivery pipelines and orchestrating infrastructure deployment
Presented by Michael Olson, Sr. Product Marketing Manager, and Grace Andrews, Technical Solutions Engineer.
Continuous Integration as a Way of LifeMelissa Benua
Continuous integration (CI) is a buzzword in software development today. We know it means “run lots of builds,” but having a continuous integration pipeline opens up opportunities well beyond making sure your team's code compiles. What if this pipeline could improve everything from the quality of code reviews to how often and safely you deploy to production and how you monitor your product in the wild? What if CI could provide insights into how automated tests are performing and how to improve them? Melissa Benua describes how to set up a basic CI infrastructure and then transform it into a way of life for development and test teams. Using free or nearly free tools, Melissa walks through a practical approach to making sure your code works—all the time and at every stage of the release train. Come away with practical advice for creating builds and running automation on the fly without spending hundreds of hours or thousands of dollars.
Integration Testing as Validation and MonitoringMelissa Benua
In the world of software-as-a-service, just about anyone with a laptop and an Internet connection can spin up their very own cloud-based web service. Software startups, in particular, are often big on ideas but small on staff. This makes streamlining the traditional develop-test-integrate-deploy-monitor pipeline critically important. Melissa Benua says that an effective way to accomplish this is to reduce the number of different test suites that verify many of the same things for each stage. Melissa explains how teams can avoid this by authoring the right set of tests and using the right frameworks. Drawing on lessons learned in companies both large and small, Melissa shows how teams can drastically slash time spent developing automation, verifying builds for release, and monitoring code in production—without sacrificing availability or reliability.
Sam Guckenheimer - Moving to One Engineering SystemWinOps Conf
This is the story of transforming Microsoft to One Engineering System with a globally distributed 24x7x365 service on the public cloud. We’ll show you round the system that handles the load of some of the most demanding engineering teams in the world and share some stories about how they got there.
Standardizing Jenkins with CloudBees Jenkins TeamDeborah Schalm
Jenkins’ extensibility is one of its greatest strengths, but with it comes with some challenges around inconsistent compatibility, quality, and security in its 1300+ components and integrations.
CloudBees Jenkins Team is a curated Jenkins distribution that gives small organizations and teams a more stable and secure Jenkins foundation for their continuous delivery journey. In this webinar, we covered:
Standardizing a Jenkins environment with CloudBees Jenkins Team
Enabling simple component management using the CloudBees Assurance Program
Performing one-click upgrades to maximize instance stability with Beekeeper Upgrade Assistant
Resolving compliance issues with Beekeeper Upgrade Assistant
Continuous Integration and Continuous Deployment in Enterprise scenarioDavide Benvegnù
The presentation about Continuous Integration and Continuous Deployment during the Microsoft DevOps Breakfast.
General info about CI and CD.
Demo with Visual Studio Team Services (apply also too TFS)
Louisville Software Engineering Meet Up: Continuous Integration Using JenkinsJames Strong
This talk was given at the January 2016 Meetup of the Louisville Software Engineers. In it we discuss how to implement continuous integration in a development environment utilizing Jenkins CI.
In this session, we will learn about Teamcity CI Server. We will look at the different options available and how we can set a CI pipeline using Teamcity.
Jenkins - From Continuous Integration to Continuous DeliveryVirendra Bhalothia
Continuous Delivery is a process that merges Continuous Integration with automated deployment, test, and release; creating a Continuous Delivery solution. Continuous Delivery doesn't mean every change is deployed to production ASAP. It means every change is proven to be deployable at any time.
We would see how we can enable CD with Jenkins.
Please check out The Remote Lab's DevOps offerings: www.slideshare.net/bhalothia/the-remote-lab-devops-offerings
http://theremotelab.io
TechTalk 2021: Peran IT Security dalam Penerapan DevOpsDicodingEvent
Di Indonesia, 19,4% perusahaan sudah mulai menggunakan layanan cloud publik. Stapi sering kali saat perusahan sudah mengadopsi cloud, mereka baru menyadari betapa rumitnya penerapan cloud. Akibatnya, banyak perusahaan yang stuck dalam operasional aplikasi yang baru ini.
Hadirlah DevOps yang memberi layanan lebih cepat dan mendorong inovasi sekaligus meningkatkan produktivitas, komunikasi, dan keterlibatan karyawan. Tapi hadirnya layanan yang lebih cepat membuat risiko dalam penerapan aplikasi meningkat sebesar 53% upaya pencurian data menyasar aplikasi itu sendiri. Oleh karena itu, sangat penting bagi perusahaan untuk mengubah mindset dari menerapkan keamanan untuk kepatuhan ke metode yang lebih proaktif dengan memanfaatkan prinsip-prinsip DevOps dalam tool dan proses keamanan mereka.
Hmm jadi penasaran bagaimana sih memaksimalkan peran keamanan dalam penerapan Devops supaya berjalan dengan lacar? Hal ini akan kita bahas bersama 2 orang pembicara yang expert dibidangnya, yaitu Rei Munisati (Head of IT Security & Risk Compliance, Home Credit Indonesia) dan Taro Lay (Co-Founder Kalama Cyber Security) pada Tech Talk 2021 Live dengan tema "Peran IT Security dalam Penerapan DevOps."
This are the slides of my Visug (Visual Studio User Group) session about how yo can leverage the power of Git with TFS 2013/Visual Studio online and Visual Studio.
Major updates to Puppet Enterprise give you the power to use automation as the bridge to your future, whether that's moving to the cloud or adopting containers in production.
New change reporting and orchestration features make it easy to drive change with confidence, and tools for building and deploying popular cloud and container technologies give you a standard way to automate the delivery and operation of all of your software.
Join us for a webinar to see the latest release in action. You’ll learn about:
Orchestration enhancements to give you even more control to run phased deployments and coordinated roll-outs of change
Corrective change reporting to gain insight into why changes occur across your infrastructure
Tools to automate the build of Docker container images
Integration with VMware's vRealize Suite (vRA/vRO) to enable fully automated, self-service provisioning workflows
Integration with Jenkins to easily enable you to scale your DevOps practice by building continuous delivery pipelines and orchestrating infrastructure deployment
DOES14 - Gary Gruver - Macy's - Transforming Traditional Enterprise Software ...Gene Kim
Gary Gruver, Vice President of QE, Release and Operations, Macy's, at DevOps Enterprise Summit 2014
Transforming Traditional Enterprise Software Development Processes by applying DevOps and Agile Principles at Scale
How to transform traditional Enterprise Software development processes by applying DevOps and Agile principles at scale instead of the more typical approach of scaling scrum. This approach starts with clarity in business objectives for the transformation. Next it highlights the importance of creating an Enterprise level continuous improvement process, which is very different from an aggregation of team level continuous improvement process. One of the most important steps for creating an Agile Enterprise is keeping code releasable across the Enterprise. This presentation will go deep on the fundamentals of Devops, CI, and CD based on what has been found to be successful transforming legacy organizations. The final step will provide a framework for re-thinking the planning process to provide an Enterprise level backlog and long-term commitments.
Major updates to Puppet Enterprise give you the power to use automation as the bridge to your future, whether that's moving to the cloud or adopting containers in production.
New change reporting and orchestration features make it easy to drive change with confidence, and tools for building and deploying popular cloud and container technologies give you a standard way to automate the delivery and operation of all of your software.
Join us for a webinar to see the latest release in action. You’ll learn about:
Orchestration enhancements to give you even more control to run phased deployments and coordinated roll-outs of change
Corrective change reporting to gain insight into why changes occur across your infrastructure
Tools to automate the build of Docker container images
Integration with VMware's vRealize Suite (vRA/vRO) to enable fully automated, self-service provisioning workflows
Integration with Jenkins to easily enable you to scale your DevOps practice by building continuous delivery pipelines and orchestrating infrastructure deployment
Presented by Michael Olson, Sr. Product Marketing Manager, and Grace Andrews, Technical Solutions Engineer.
Continuous Integration as a Way of LifeMelissa Benua
Continuous integration (CI) is a buzzword in software development today. We know it means “run lots of builds,” but having a continuous integration pipeline opens up opportunities well beyond making sure your team's code compiles. What if this pipeline could improve everything from the quality of code reviews to how often and safely you deploy to production and how you monitor your product in the wild? What if CI could provide insights into how automated tests are performing and how to improve them? Melissa Benua describes how to set up a basic CI infrastructure and then transform it into a way of life for development and test teams. Using free or nearly free tools, Melissa walks through a practical approach to making sure your code works—all the time and at every stage of the release train. Come away with practical advice for creating builds and running automation on the fly without spending hundreds of hours or thousands of dollars.
Integration Testing as Validation and MonitoringMelissa Benua
In the world of software-as-a-service, just about anyone with a laptop and an Internet connection can spin up their very own cloud-based web service. Software startups, in particular, are often big on ideas but small on staff. This makes streamlining the traditional develop-test-integrate-deploy-monitor pipeline critically important. Melissa Benua says that an effective way to accomplish this is to reduce the number of different test suites that verify many of the same things for each stage. Melissa explains how teams can avoid this by authoring the right set of tests and using the right frameworks. Drawing on lessons learned in companies both large and small, Melissa shows how teams can drastically slash time spent developing automation, verifying builds for release, and monitoring code in production—without sacrificing availability or reliability.
Sam Guckenheimer - Moving to One Engineering SystemWinOps Conf
This is the story of transforming Microsoft to One Engineering System with a globally distributed 24x7x365 service on the public cloud. We’ll show you round the system that handles the load of some of the most demanding engineering teams in the world and share some stories about how they got there.
Standardizing Jenkins with CloudBees Jenkins TeamDeborah Schalm
Jenkins’ extensibility is one of its greatest strengths, but with it comes with some challenges around inconsistent compatibility, quality, and security in its 1300+ components and integrations.
CloudBees Jenkins Team is a curated Jenkins distribution that gives small organizations and teams a more stable and secure Jenkins foundation for their continuous delivery journey. In this webinar, we covered:
Standardizing a Jenkins environment with CloudBees Jenkins Team
Enabling simple component management using the CloudBees Assurance Program
Performing one-click upgrades to maximize instance stability with Beekeeper Upgrade Assistant
Resolving compliance issues with Beekeeper Upgrade Assistant
Continuous Integration and Continuous Deployment in Enterprise scenarioDavide Benvegnù
The presentation about Continuous Integration and Continuous Deployment during the Microsoft DevOps Breakfast.
General info about CI and CD.
Demo with Visual Studio Team Services (apply also too TFS)
Louisville Software Engineering Meet Up: Continuous Integration Using JenkinsJames Strong
This talk was given at the January 2016 Meetup of the Louisville Software Engineers. In it we discuss how to implement continuous integration in a development environment utilizing Jenkins CI.
In this session, we will learn about Teamcity CI Server. We will look at the different options available and how we can set a CI pipeline using Teamcity.
Jenkins - From Continuous Integration to Continuous DeliveryVirendra Bhalothia
Continuous Delivery is a process that merges Continuous Integration with automated deployment, test, and release; creating a Continuous Delivery solution. Continuous Delivery doesn't mean every change is deployed to production ASAP. It means every change is proven to be deployable at any time.
We would see how we can enable CD with Jenkins.
Please check out The Remote Lab's DevOps offerings: www.slideshare.net/bhalothia/the-remote-lab-devops-offerings
http://theremotelab.io
TechTalk 2021: Peran IT Security dalam Penerapan DevOpsDicodingEvent
Di Indonesia, 19,4% perusahaan sudah mulai menggunakan layanan cloud publik. Stapi sering kali saat perusahan sudah mengadopsi cloud, mereka baru menyadari betapa rumitnya penerapan cloud. Akibatnya, banyak perusahaan yang stuck dalam operasional aplikasi yang baru ini.
Hadirlah DevOps yang memberi layanan lebih cepat dan mendorong inovasi sekaligus meningkatkan produktivitas, komunikasi, dan keterlibatan karyawan. Tapi hadirnya layanan yang lebih cepat membuat risiko dalam penerapan aplikasi meningkat sebesar 53% upaya pencurian data menyasar aplikasi itu sendiri. Oleh karena itu, sangat penting bagi perusahaan untuk mengubah mindset dari menerapkan keamanan untuk kepatuhan ke metode yang lebih proaktif dengan memanfaatkan prinsip-prinsip DevOps dalam tool dan proses keamanan mereka.
Hmm jadi penasaran bagaimana sih memaksimalkan peran keamanan dalam penerapan Devops supaya berjalan dengan lacar? Hal ini akan kita bahas bersama 2 orang pembicara yang expert dibidangnya, yaitu Rei Munisati (Head of IT Security & Risk Compliance, Home Credit Indonesia) dan Taro Lay (Co-Founder Kalama Cyber Security) pada Tech Talk 2021 Live dengan tema "Peran IT Security dalam Penerapan DevOps."
This are the slides of my Visug (Visual Studio User Group) session about how yo can leverage the power of Git with TFS 2013/Visual Studio online and Visual Studio.
Software Architecture and Architectors: useless VS valuableComsysto Reply GmbH
Abstract:
This talk introduces definitions of system architecture and proposes a way to achieve "good enough" architecture covers project requirements
Andrei will show several cases from real projects, where wrong, missing or over-sophisticated architecture decisions really hurt the development teams:
Painful sharing: do shared modules increase reusability or will be the source of problems?
Non-extensible extensibility: too sophisticated configuration hurts
Over fine-grained: incorrect splitting to microservices can make life even harder as with monolith
Cargo cult: blindly following patterns and rules can produce an unmaintainable system
Freestyle architecture: what happens if teams completely ignore architecture
Improve with less intelligence: smart endpoint and dumb pipes
We are looking forward to meet many of you in person and have great discussions around this topic!
https://www.meetup.com/de-DE/meetup-group-tfyvuydp/
XP teams try to keep systems fully integrated at all times, and shorten the feedback cycle to minutes and hours instead of weeks or months. The sooner you know, the sooner you can adapt.
Watch our record for the webinar "Continuous Integration" to explore how Azure DevOps helps us in achieving continuous feedback using continuous integration.
Build software like a bag of marbles, not a castle of LEGO®Hannes Lowette
If you have ever played with LEGO®, you will know that adding, removing or changing features of a completed castle isn’t as easy as it seems. You will have to deconstruct large parts to get to where you want to be, to build it all up again afterwards. Unfortunately, our software is often built the same way. Wouldn’t it be better if our software behaved like a bag of marbles? So you can just add, remove or replace them at will?
Most of us have taken different approaches to building software: a big monolith, a collection of services, a bus architecture, etc. But whatever your large scale architecture is, at the granular level (a single service or host), you will probably still end up with tightly couple code. Adding functionality means making changes to every layer, service or component involved. It gets even harder if you want to enable or disable features for certain deployments: you’ll need to wrap code in feature flags, write custom DB migration scripts, etc. There has to be a better way!
So what if you think of functionality as loose feature assemblies? We can construct our code in such a way that adding a feature is as simple as adding the assembly to your deployment, and removing it is done by just deleting the file. We would open the door for so many scenarios!
In this talk, I will explain how to tackle the following parts of your application to achieve this goal: WebAPI, Entity Framework, Onion Architecture, IoC and database migrations. And most of all, when you would want to do this. Because… ‘it depends’.
Improving The Quality of Existing SoftwareSteven Smith
Presented at DevReach 2013.
As developers, most of our time is spent working on existing software. Sure, occasionally we get the chance to fire up a new Solution in Visual Studio, and that can be exciting. But after the first day, we find ourselves once more having to deal with the work we did yesterday. And today, we know more than we did yesterday, so there are things we’d do differently, if we had it to do over.
Over time, software rots. If we’re not diligent, our beautiful code can degrade into a worthless mess. Keeping our code in working condition is no different than changing the oil in our car – it’s preventive maintenance. In this session, Steve will look at some common places to look for signs of degradation in existing applications, and steps to take to improve the code. Examples will use C# and primarily ASP.NET.
This presentation is a part of the COP2271C college level course taught at the Florida Polytechnic University located in Lakeland Florida. The purpose of this course is to introduce Freshmen students to both the process of software development and to the Python language.
The course is one semester in length and meets for 2 hours twice a week. The Instructor is Dr. Jim Anderson.
A video of Dr. Anderson using these slides is available on YouTube at:
https://youtu.be/KcFCcCsn6mM
Abstract
The idea of this talk is to help development teams to make correct architectural decisions.
Andrei will highlight the basic architectural principles and show ways to achieve architecture that is good enough to cover the project requirements and evolve in the future.
He will also present several cases from real projects, where wrong, missing, or over-sophisticated architecture decisions really hurt the development teams:
- Painful sharing: do shared modules increase reusability or will be the source of problems?
- Microservices are the solution to every problem!
- Non-extensible extensibility: too sophisticated configuration hurts
- Over fine-grained: incorrect splitting to Microservices can make life even harder as with monolith
- Convey horizontal split: how organizational driven split can jeopardise the architecture
- Model-driven: central responsibility blocks and limits the team
- Cargo cult: blindly following patterns and rule can produce an unmaintainable system
- Freestyle architecture: what happens if teams completely ignore architecture
- Improve with less intelligence: smart endpoint and dumb pipes
Abstract
The idea of this talk is to help development teams to make correct architectural decisions.
Andrei will highlight the basic architectural principles and show ways to achieve architecture that is good enough to cover the project requirements and evolve in the future.
He will also present several cases from real projects, where wrong, missing, or over-sophisticated architecture decisions really hurt the development teams:
- Painful sharing: do shared modules increase reusability or will be the source of problems?
- Microservices are the solution to every problem!
- Non-extensible extensibility: too sophisticated configuration hurts
- Over fine-grained: incorrect splitting to Microservices can make life even harder as with monolith
- Convey horizontal split: how organizational driven split can jeopardise the architecture
- Model-driven: central responsibility blocks and limits the team
- Cargo cult: blindly following patterns and rule can produce an unmaintainable system
- Freestyle architecture: what happens if teams completely ignore architecture
- Improve with less intelligence: smart endpoint and dumb pipes
How do we integrate agile delivery with the complexities of the legacy enterprise environment?
Agile is fast moving and takes no prisoners, yet in an enterprise system delivery context the agile delivery could be be dependent on the legacy un-agile enterprise that holds the data and business processing logic.
How are these diverse elements integrated?
This is one person's point of view...
This presentation is part of one of my webinar in clean code webinar series. The contents are slightly edited to share the information in public domain. In this presentation, I tried to provide detailed introduction to code refactoring practice.
This presentation will be useful for software architects/Managers,developers and QAs. Do share your feedback in comments.
Similar to Applying Roles and Profiles method to compliance code (20)
Automating it management with Puppet + ServiceNowPuppet
As the leading IT Service Management and IT Operations Management platform in the marketplace, ServiceNow is used by many organizations to address everything from self service IT requests to Change, Incident and Problem Management. The strength of the platform is in the workflows and processes that are built around the shared data model, represented in the CMDB. This provides the ‘single source of truth’ for the organization.
Puppet Enterprise is a leading automation platform focused on the IT Configuration Management and Compliance space. Puppet Enterprise has a unique perspective on the state of systems being managed, constantly being updated and kept accurate as part of the regular Puppet operation. Puppet Enterprise is the automation engine ensuring that the environment stays consistent and in compliance.
In this webinar, we will explore how to maximize the value of both solutions, with Puppet Enterprise automating the actions required to drive a change, and ServiceNow governing the process around that change, from definition to approval. We will introduce and demonstrate several published integration points between the two solutions, in the areas of Self-Service Infrastructure, Enriched Change Management and Automated Incident Registration.
Simplified Patch Management with Puppet - Oct. 2020Puppet
Does your company struggle with patching systems? If so, you’re not alone — most organizations have attempted to solve this issue by cobbling together multiple tools, processes, and different teams, which can make an already complicated issue worse.
Puppet helps keep hosts healthy, secure and compliant by replacing time-consuming and error prone patching processes with Puppet’s automated patching solution.
Join this webinar to learn how to do the following with Puppet:
Eliminate manual patching processes with pre-built patching automation for Windows and Linux systems.
Gain visibility into patching status across your estate regardless of OS with new patching solution from the PE console.
Ensure your systems are compliant and patched in a healthy state
How Puppet Enterprise makes patch management easy across your Windows and Linux operating systems.
Presented by: Margaret Lee, Product Manager, Puppet, and Ajay Sridhar, Sr. Sales Engineer, Puppet.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Applying Roles and Profiles method to compliance code
1. Applying the Roles & Profiles
Method to Compliance Code
Heston Snodgrass,
Sr. Services Delivery Engineer
March 25, 2021
2. 2
Agenda
• Writing Compliance Code is Hard
• Overview of Roles & Profiles and the Facade
Pattern
• Adapting These Patterns to Compliance Code
• Unique Hiera Interfaces
• Handling Boilerplate
• Q&A
3. 3
Writing Compliance Code is
Hard
• Code touches many parts of the node
• Can lead to a sprawling, tightly-coupled code base
• Auditing and maintaining this code can be difficult
• A lot of overlap between compliance frameworks
• Dreaded “spaghetti code”
Image: Yeh Xintong, unsplash.com
4. Design patterns are problem-solving templates for your code
• The roles & profiles method is a design pattern
• It takes inspiration from the facade pattern detailed in the “Gang of Four” book¹
• a facade is an object that serves as a front-facing interface masking more complex underlying or
structural code²
• Roles are the simple “front-end” facades, or interfaces, and profiles are the complex, “back-end”
implementations
4
Not just for software engineering interviews
Software Design Patterns
1. Design Patterns: Elements of Reusable Object-Oriented Software by Erich Gamma, Richard
Helm, Ralph Johnson, and John Vlissides
2. https://en.wikipedia.org/wiki/Facade_pattern
5. 5
A Picture is Worth a Thousand Roles & Profiles
https://puppet.com/docs/pe/2019.8/osp/the_roles_and_profiles_method.html
6. Adapting
Roles &
Profiles to
Modules
There are two fundamental concepts for
adapting roles & profiles to a module:
• Interfaces - Simple Puppet classes that are interacted with
• Implementations - More complex Puppet classes / defined types
that are either declared or included by interfaces
Interfaces and implementations should be kept separate
Finally, remember to document all of your code thoroughly
6
7. 7
I’m the Interface, so That’s
What You Call Me
• Interfaces are simple and homogenized
• Interfaces names relate directly to a compliance
framework
• Interfaces only declare or include implementations
• Interfaces pass all needed parameters
Image: Pierre Chatel, unsplash.com
8. 8
That Implementation Really
Tied the Room Together
• Implementations are single-purpose and
self-contained
• Implementations DO NOT have framework-specific
data
• Exceptions can be made for default values
• Implementations are as complex as necessary
• Implementations are reusable
Image: Ant Rozetsky, unsplash.com
10. 10
This is our Compliance
Module
Simple, straight-forward, and WE know what it does.
However, I have a few questions:
• What CIS controls does this module enforce?
• Does this module enforce the CIS control “Ensure
mounting of UDF filesystem is disabled”?
• Not all nodes that need to be CIS compliant need
SSH and rsyslog configuration, is this possible?
This overly simplistic and incomplete CIS compliance
module still has fundamental issues with it. So what can
we do about all this?
11. • To adapt the roles & profiles method to our module we’ll need to refactor it
• First, we create two subdirectories in our manifests directory:
• manifests/interfaces
• manifests/implementations
• Next, we split up the implementation code into separate, self-contained classes / defined types
• Implementations are created in manifests/implementations
11
Refactoring, It’s What’s for Dinner
12. • Now, we need to create the interfaces for this code
• Interfaces are created in manifests/interfaces
• We will use the CIS control names as the interface class names
12
Let There be Interfaces
13. • Now we create an init.pp for our module. I like to refer to init.pp as the module interface
• The simplest way to do this is to just include all of our interfaces
• Standard Hiera configuration
• No scope issues from resource-like class declarations
• We could also treat init.pp just like our other interface classes and parameterize it
• This simplifies our Hiera config
• We can configure our compliance module entirely from the classifier
• Use what works best for you. Experiment and focus on configuration, maintainability, and auditability.
• Keep it as simple as feasibly possible for what you want to accomplish
13
The Module Interface
15. A New
Compliance
Framework
has Appeared!
By using our adapted roles & profiles pattern,
change is easy
• Quickly adapt to compliance framework changes
– New compliance framework, new interfaces
– Framework control names change, update interfaces
• Refactoring and maintaining the code is easier
– Backend changes don’t necessarily impact the front end
• Configuring the code now aligns directly with the controls we are
enforcing
– Makes life easier for auditors
• Onboarding new team members is easier
– Code is in small, digestible pieces
– Maps directly to the compliance framework
15
16. 16
Whole Lotta Boilerplate
One downside with this pattern is that there is a good
amount of boilerplate code. Fortunately, there’s some
tooling that can help:
• Custom PDK templates
– Uses a familiar tool
– Documented well
– Can be complex to implement generation of custom classes
• https://github.com/hsnodgrass/abide_dev_utils
– Used by the Puppet SSE team
– Works from ERB templates stored directly in your module
– I like a bit of self-promotion
17. Thank you.
And now time for our Q&A!
My contact info:
- Email: heston.snodgrass@puppet.com
- Community Slack: @Heston Snodgrass