1. CASe STudy
LOS ALAMOS
NATIONAL LAbORATORy
Los ALAmos uses PuPPet to gAin
“Prior to using Puppet, visibiLity into their dePLoyed mAc
managing the Mac OS X systems
in our net work was a challenge.
os X environment And meet
There was a real lack of visibility nist stAndArds
into b oth the numb er of Mac s on Los Alamos National Laboratory is one of the world’s
the network and their configuration. premier research organizations and is engaged in
strategic science on behalf of national security. Los
Pu p p e t h as m a d e a real di f f e re n ce
Alamos’ networks not only employ a wide variety of
to our administrators who were devices and operating systems, they are also held
previously having to walk to each Mac to strict security guidelines for the configuration and
and service it individually.” security software on all of their systems, including systems
running Mac OS X. Puppet helps support hundreds of
—Allan Marcus, Solutions Architect, Macs, gains visibility into the devices on their networks and
Los Alamos National Laboratory ensures that they meet security standards for those systems
stArting environment
• Over 1700 Mac desktops, that checked in on a regular basis, were
being managed. That number continues to grow.
• There was a complete lack of visibility into the actual number of
Macs on the network. There were over 3,400 Macs registered but
many of these systems were no longer active.
• Requirements for least privilege on desktops caused problems
because of the need to update software and antivirus. The
need to update software was often given as a reason to grant
Reductive Labs
administrative rights to individual users.
www.reductivelabs.com
• Prior to using Puppet they weren’t using any institutional
tel: 503.805.9065
administrative tools to manage Macs. It was highly manual and a
twitter: @reductivelabs
time intensive process.
2. CASe STudy
Key objectives for PuPPet dePLoyment
• gain visibility – They needed to understand the number of
Macs on their network, their configuration, and whether they met
security requirements.
• Configuration Management – Los Alamos is governed by
NIST Special Publication 800-53 which has requirements for
configuration management controls of all desktop assets.
• enforcement of Least Privilege – NIST Special Publication
800-53 has requirements for enforcing the most restrictive set of
rights needed by users. without Puppet, users often requested
“we have strong and required administrative privileges in order to regularly update
requirements for their Symantec security software on their Macs.
implementing a benefits obtAined
secure network.
• enhanced visibility – After deploying Puppet, they were able to
Not only did see information about the Macs connected to the network.
Puppet help • Improved efficiency – The use of Puppet has dramatically
us meet NIST improved their ability to administer and update their Macs on their
requirements network, a previously manual process.
for configuration • Adherence to Compliance Standards – Puppet allowed
Los Alamos to meet NIST standards for both configuration
management and
management and least privileges guidelines.
least privilege, • Accelerated Troubleshooting – with the enhanced visibility has
the Puppet come the benefit of accelerated troubleshooting. field technicians
architetcure itself now have the configuration information available to them to
proved to be remotely identify problems and prioritize updates.
extremely secure.”
Why PuPPet?
—Allan Marcus, Solutions • Cross Platform Support – Los Alamos started using Puppet to
Architect, Los Alamos support their Mac OS X environment, but Puppet’s cross platform
National Lab
support for other versions of unix was important in their decision.
They are currently exploring expanding their use of Puppet to
include their Linux systems, as well.
• Open Source Solution – Cost was important in their choice of
Puppet, as it provided the most cost effective solution to both
meet their key objectives without a capital budgeting process.
In addition, Los Alamos has found the open source community
helpful in addressing any issues that surface.
• Highly secure architecture – before they moved forward with
Puppet, Los Alamos had their security experts test the software
for adherence to their rigorous security standards. Their security
Reductive Labs experts were impressed with how secure Puppet was.
www.reductivelabs.com
tel: 503.805.9065
twitter: @reductivelabs
LOS ALAMOS NATIONAL LAbORATORy • LOS ALAMOS, NM • www.LANL.gOv