SlideShare a Scribd company logo

Puppetcamp East, Windows Without GPOs, John Rogers, SwissRe

Download as PPTX, PDF
Puppet
Puppet

This document summarizes a presentation on Puppet Camp 2020 and managing Windows servers without GPOs. It discusses the current environment using Puppet Open Source v6.2 and Puppet Agent 6.11.1 to manage Windows 2008 R2 through 2019 and Linux servers. It outlines the challenges faced in moving from traditional Windows management to Puppet, including steep learning curves and lack of Windows modules. Key steps taken included rolling out Puppet agents, developing GPO and local security policy modules, and using Chocolatey/ProGet for software management.

Technology
1 of 24
Puppet Camp 2020 Windows without GPOs John Rogers, March 2020
John Rogers | March 2020 Who are we The Swiss Re Group is one of the world's leading providers of reinsurance, insurance and other forms of insurance- based risk transfer, working to make the world more resilient. The aim of the Swiss Re Group is to enable society to thrive and progress, creating new opportunities and solutions for its clients. www.swissre.com 2John Rogers | March 2020
John Rogers | March 2020 Our Current Environment • 2 separate puppet universes, one for puppet code development and one for production • 1 PuppetDB, 1 PuppetCA, 4 Puppet Masters, 1 CMDB • Puppet Open Source v6.2 • Puppet Agent 6.11.1 • Windows 2008 R2 – Windows 2019 • Ubuntu, RedHat, SLES 3John Rogers | March 2020
John Rogers | March 2020 4
John Rogers | March 2020 Cool Factoids • Customer managed git repos. Customers can write their own puppet code • Control repo for public modules. Customer can see what is available without needing access to our git repo • End to End automation. Cloud Portal -> Microservice -> CMDB -> Server Provisioning -> Puppet Run 5John Rogers | March 2020
John Rogers | March 2020 Windows Before Puppet • Traditional: Microsoft OS, Microsoft Tools • GPOs. Always a trade-off between security and flexibility • SCCM for software deployment • SCOM for monitoring • No centralized logging • No self service • Put in a ticket 6John Rogers | March 2020
John Rogers | March 2020 The Vision • Automation • Infrastructure as Code • Services/API • Self-Service • DevOps • Hybrid Cloud • Security 7John Rogers | March 2020
John Rogers | March 2020 Why Puppet • The Unix Team was already using puppet • Existing Infrastructure • Existing code and change management processes • one configuration management tools was preferable to two or more • Puppet is highly flexible and extensible 8John Rogers | March 2020
John Rogers | March 2020 The Challenges • Culture • Steep Learning Curve (Puppet DL, Ruby, Scripting, GIT) • Puppet isn’t Windows (why choose a non Microsoft tool) • Microsoft is Microsoft (why choose a non Microsoft tool) • Lack of modules • Performance (DSC no instantiation, powershell processes) 9John Rogers | March 2020
John Rogers | March 2020 The How • Rollout of puppet agents on all Windows Servers • Green field approach for Windows 2016 • Holistic approach • GPO Module • Local Security Policy Module • Chocolatey/Proget • PackerIO 10John Rogers | March 2020
John Rogers | March 2020 GPO Module 11 Preparation • Parse ADMX files into JSON lookup table • Use the CIS policy files to get default CIS settings for the OS • Parse the registry.pol file from the CIS standard to generate the manifest files Agent Run • Provider instantiates current registry.pol files • Provider performs normal create/update/destroy processes and updates hash in memory • Provider writes registry.pol file and runs lgpo.exe to appy settings
John Rogers | March 2020 12
John Rogers | March 2020 13
John Rogers | March 2020 14
John Rogers | March 2020 15
John Rogers | March 2020 Local Security Policy Module 16 • The module was written to originally help us to manage the User Rights Assignments for Windows • 3 providers and 4 types • Custom define to search hiera to combine default settings with required settings for role, host, etc • Expanded to include the rest of the secedit.exe functionality • Used the concat module as a basis for the so_privilegerights_fragment functionality so profiles can inject user right assignments into the catalog • https://github.com/johnrogers00/securityoptions
John Rogers | March 2020 17
John Rogers | March 2020 Chocolatey/ProGet 18 • Along with PowerShell package manager using ProGet to provide Software Feeds • Now packages can be installed manually or through puppet
John Rogers | March 2020 19
John Rogers | March 2020 PackerIO 20 • Using PackerIO to build multiple images for on premise and private cloud infrastructure • Puppet role for packer. – All settings that can be done without a domain are set – pluginsync runs for the first time – initial patching of server – speeds up deployment time of newly provisioned server
John Rogers | March 2020 The Future • Automated IT Exceptions • Rewrite Modules (Module Hiera) • Utilize Powershell Lib • multiversion(build) support 21John Rogers | March 2020
John Rogers | March 2020 Special Thanks 22 Raffaela Wüst raffaela.wuest@copebit.ch Andreas Zuber zuber@puzzle.ch Raphaël Pinson raphael.pinson@camptocamp.com
John Rogers | March 2020 • acl • auditpol • chocolatey • iis • reboot • registry • scheduled_task • telegraf • transition • windows_env • Windows_firewall • windows_smb • swissre/windowsupdate • swissre/gpo • swissre/securityoptions • swissre/windowsnetwork • swissre/service_acl • swissre/srdiskutility • swissre/srlanguage • swissre/meltdownspectre Modules we use for Windows 23
John Rogers | March 2020 24 Legal notice ©2019 Swiss Re. All rights reserved. You may use this presentation for private or internal purposes but note that any copyright or other proprietary notices must not be removed. You are not permitted to create any modifications or derivative works of this presentation, or to use it for commercial or other public purposes, without the prior written permission of Swiss Re. The information and opinions contained in the presentation are provided as at the date of the presentation and may change. Although the information used was taken from reliable sources, Swiss Re does not accept any responsibility for its accuracy or comprehensiveness or its updating. All liability for the accuracy and completeness of the information or for any damage or loss resulting from its use is expressly excluded.

Recommended

The Business Value of Modernizing your Windows Infrastructure and Bringing Li...
The Business Value of Modernizing your Windows Infrastructure and Bringing Li...The Business Value of Modernizing your Windows Infrastructure and Bringing Li...
The Business Value of Modernizing your Windows Infrastructure and Bringing Li...
Puppet
 
Puppet Camp East, Converting Group Policy settings to Puppet manifests, Shane...
Puppet Camp East, Converting Group Policy settings to Puppet manifests, Shane...Puppet Camp East, Converting Group Policy settings to Puppet manifests, Shane...
Puppet Camp East, Converting Group Policy settings to Puppet manifests, Shane...
Puppet
 
DevOps Workflows in the Windows Ecosystem - 21 April 2020
DevOps Workflows in the Windows Ecosystem - 21 April 2020 DevOps Workflows in the Windows Ecosystem - 21 April 2020
DevOps Workflows in the Windows Ecosystem - 21 April 2020
Puppet
 
Puppet Camp East, A New Cloud Operating Model, Ranjit Viswakumar, Hashicorp
Puppet Camp East, A New Cloud Operating Model, Ranjit Viswakumar, HashicorpPuppet Camp East, A New Cloud Operating Model, Ranjit Viswakumar, Hashicorp
Puppet Camp East, A New Cloud Operating Model, Ranjit Viswakumar, Hashicorp
Puppet
 
DevOps Workflows in the Windows Ecosystem - April 21
DevOps Workflows in the Windows Ecosystem - April 21 DevOps Workflows in the Windows Ecosystem - April 21
DevOps Workflows in the Windows Ecosystem - April 21
Puppet
 
Empowering Automation for Everyone 05/29/2019
Empowering Automation for Everyone 05/29/2019Empowering Automation for Everyone 05/29/2019
Empowering Automation for Everyone 05/29/2019
Puppet
 
Puppet + Diaxon: Getting to the next stage of DevOps evolution
Puppet + Diaxon: Getting to the next stage of DevOps evolutionPuppet + Diaxon: Getting to the next stage of DevOps evolution
Puppet + Diaxon: Getting to the next stage of DevOps evolution
Puppet
 
Leveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeployLeveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and Deploy
Serena Software
 

Recommended

The Business Value of Modernizing your Windows Infrastructure and Bringing Li...
The Business Value of Modernizing your Windows Infrastructure and Bringing Li...The Business Value of Modernizing your Windows Infrastructure and Bringing Li...
The Business Value of Modernizing your Windows Infrastructure and Bringing Li...
Puppet
 
Puppet Camp East, Converting Group Policy settings to Puppet manifests, Shane...
Puppet Camp East, Converting Group Policy settings to Puppet manifests, Shane...Puppet Camp East, Converting Group Policy settings to Puppet manifests, Shane...
Puppet Camp East, Converting Group Policy settings to Puppet manifests, Shane...
Puppet
 
DevOps Workflows in the Windows Ecosystem - 21 April 2020
DevOps Workflows in the Windows Ecosystem - 21 April 2020 DevOps Workflows in the Windows Ecosystem - 21 April 2020
DevOps Workflows in the Windows Ecosystem - 21 April 2020
Puppet
 
Puppet Camp East, A New Cloud Operating Model, Ranjit Viswakumar, Hashicorp
Puppet Camp East, A New Cloud Operating Model, Ranjit Viswakumar, HashicorpPuppet Camp East, A New Cloud Operating Model, Ranjit Viswakumar, Hashicorp
Puppet Camp East, A New Cloud Operating Model, Ranjit Viswakumar, Hashicorp
Puppet
 
DevOps Workflows in the Windows Ecosystem - April 21
DevOps Workflows in the Windows Ecosystem - April 21 DevOps Workflows in the Windows Ecosystem - April 21
DevOps Workflows in the Windows Ecosystem - April 21
Puppet
 
Empowering Automation for Everyone 05/29/2019
Empowering Automation for Everyone 05/29/2019Empowering Automation for Everyone 05/29/2019
Empowering Automation for Everyone 05/29/2019
Puppet
 
Puppet + Diaxon: Getting to the next stage of DevOps evolution
Puppet + Diaxon: Getting to the next stage of DevOps evolutionPuppet + Diaxon: Getting to the next stage of DevOps evolution
Puppet + Diaxon: Getting to the next stage of DevOps evolution
Puppet
 
Leveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeployLeveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and Deploy
Serena Software
 
The Value of Puppet Enterprise
The Value of Puppet EnterpriseThe Value of Puppet Enterprise
The Value of Puppet Enterprise
Puppet
 
DevOps Monitoring and Alerting
DevOps Monitoring and AlertingDevOps Monitoring and Alerting
DevOps Monitoring and Alerting
Khairul Zebua
 
Training Webinars - Secret hacks for OutSystems 10
Training Webinars - Secret hacks for OutSystems 10Training Webinars - Secret hacks for OutSystems 10
Training Webinars - Secret hacks for OutSystems 10
OutSystems
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
Puppet
 
Controlled Evolution with Puppet and AWS
Controlled Evolution with Puppet and AWSControlled Evolution with Puppet and AWS
Controlled Evolution with Puppet and AWS
Puppet
 
The DevOps Playbook: How to Start, Scale, and Succeed
The DevOps Playbook: How to Start, Scale, and SucceedThe DevOps Playbook: How to Start, Scale, and Succeed
The DevOps Playbook: How to Start, Scale, and Succeed
Puppet
 
Continuous Delivery & the Database - the Final Frontier
Continuous Delivery & the Database - the Final FrontierContinuous Delivery & the Database - the Final Frontier
Continuous Delivery & the Database - the Final Frontier
XebiaLabs
 
Continuous Delivery & the Database- The Final Frontier
Continuous Delivery & the Database- The Final FrontierContinuous Delivery & the Database- The Final Frontier
Continuous Delivery & the Database- The Final Frontier
DBmaestro - Database DevOps
 
Centralized Secure Vault with Dimensions CM
Centralized Secure Vault with Dimensions CMCentralized Secure Vault with Dimensions CM
Centralized Secure Vault with Dimensions CM
Serena Software
 
Measuring Performance: See the Science of DevOps Measurement in Action
Measuring Performance: See the Science of DevOps Measurement in ActionMeasuring Performance: See the Science of DevOps Measurement in Action
Measuring Performance: See the Science of DevOps Measurement in Action
XebiaLabs
 
Introduction to Puppet Enterprise 2016.2
Introduction to Puppet Enterprise 2016.2Introduction to Puppet Enterprise 2016.2
Introduction to Puppet Enterprise 2016.2
Puppet
 
In (database) automation we trust
In (database) automation we trustIn (database) automation we trust
In (database) automation we trust
DBmaestro - Database DevOps
 
DBmaestro's State of the Database Continuous Delivery Survey- Findings Revealed
DBmaestro's State of the Database Continuous Delivery Survey- Findings RevealedDBmaestro's State of the Database Continuous Delivery Survey- Findings Revealed
DBmaestro's State of the Database Continuous Delivery Survey- Findings Revealed
DBmaestro - Database DevOps
 
Challenges and Best Practices of Database Continuous Delivery
Challenges and Best Practices of Database Continuous DeliveryChallenges and Best Practices of Database Continuous Delivery
Challenges and Best Practices of Database Continuous Delivery
DBmaestro - Database DevOps
 
Build a Bridge Between CI/CD and ITSM w/ Quint Technology
Build a Bridge Between CI/CD and ITSM w/ Quint TechnologyBuild a Bridge Between CI/CD and ITSM w/ Quint Technology
Build a Bridge Between CI/CD and ITSM w/ Quint Technology
XebiaLabs
 
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
XebiaLabs
 
The Future of Change Management and DevOps for Dummies
The Future of Change Management and DevOps for DummiesThe Future of Change Management and DevOps for Dummies
The Future of Change Management and DevOps for Dummies
DBmaestro - Database DevOps
 
Innovation in Action - #MFSummit2017
Innovation in Action - #MFSummit2017Innovation in Action - #MFSummit2017
Innovation in Action - #MFSummit2017
Micro Focus
 
Edit Privacy Settings Analytics FREE Collect Leads Micro Focus DevOps Drive-i...
Edit Privacy Settings Analytics FREE Collect Leads Micro Focus DevOps Drive-i...Edit Privacy Settings Analytics FREE Collect Leads Micro Focus DevOps Drive-i...
Edit Privacy Settings Analytics FREE Collect Leads Micro Focus DevOps Drive-i...
Serena Software
 
Empower Devs, Simplify Ops, and Accelerate your Digital Transformation
Empower Devs, Simplify Ops, and Accelerate your Digital TransformationEmpower Devs, Simplify Ops, and Accelerate your Digital Transformation
Empower Devs, Simplify Ops, and Accelerate your Digital Transformation
Rundeck
 
Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018
Mender.io
 
Node.js what's next (Index 2018)
Node.js what's next (Index 2018)Node.js what's next (Index 2018)
Node.js what's next (Index 2018)
Gibson Fahnestock
 

More Related Content

What's hot

The Value of Puppet Enterprise
The Value of Puppet EnterpriseThe Value of Puppet Enterprise
The Value of Puppet Enterprise
Puppet
 
DevOps Monitoring and Alerting
DevOps Monitoring and AlertingDevOps Monitoring and Alerting
DevOps Monitoring and Alerting
Khairul Zebua
 
Training Webinars - Secret hacks for OutSystems 10
Training Webinars - Secret hacks for OutSystems 10Training Webinars - Secret hacks for OutSystems 10
Training Webinars - Secret hacks for OutSystems 10
OutSystems
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
Puppet
 
Controlled Evolution with Puppet and AWS
Controlled Evolution with Puppet and AWSControlled Evolution with Puppet and AWS
Controlled Evolution with Puppet and AWS
Puppet
 
The DevOps Playbook: How to Start, Scale, and Succeed
The DevOps Playbook: How to Start, Scale, and SucceedThe DevOps Playbook: How to Start, Scale, and Succeed
The DevOps Playbook: How to Start, Scale, and Succeed
Puppet
 
Continuous Delivery & the Database - the Final Frontier
Continuous Delivery & the Database - the Final FrontierContinuous Delivery & the Database - the Final Frontier
Continuous Delivery & the Database - the Final Frontier
XebiaLabs
 
Continuous Delivery & the Database- The Final Frontier
Continuous Delivery & the Database- The Final FrontierContinuous Delivery & the Database- The Final Frontier
Continuous Delivery & the Database- The Final Frontier
DBmaestro - Database DevOps
 
Centralized Secure Vault with Dimensions CM
Centralized Secure Vault with Dimensions CMCentralized Secure Vault with Dimensions CM
Centralized Secure Vault with Dimensions CM
Serena Software
 
Measuring Performance: See the Science of DevOps Measurement in Action
Measuring Performance: See the Science of DevOps Measurement in ActionMeasuring Performance: See the Science of DevOps Measurement in Action
Measuring Performance: See the Science of DevOps Measurement in Action
XebiaLabs
 
Introduction to Puppet Enterprise 2016.2
Introduction to Puppet Enterprise 2016.2Introduction to Puppet Enterprise 2016.2
Introduction to Puppet Enterprise 2016.2
Puppet
 
In (database) automation we trust
In (database) automation we trustIn (database) automation we trust
In (database) automation we trust
DBmaestro - Database DevOps
 
DBmaestro's State of the Database Continuous Delivery Survey- Findings Revealed
DBmaestro's State of the Database Continuous Delivery Survey- Findings RevealedDBmaestro's State of the Database Continuous Delivery Survey- Findings Revealed
DBmaestro's State of the Database Continuous Delivery Survey- Findings Revealed
DBmaestro - Database DevOps
 
Challenges and Best Practices of Database Continuous Delivery
Challenges and Best Practices of Database Continuous DeliveryChallenges and Best Practices of Database Continuous Delivery
Challenges and Best Practices of Database Continuous Delivery
DBmaestro - Database DevOps
 
Build a Bridge Between CI/CD and ITSM w/ Quint Technology
Build a Bridge Between CI/CD and ITSM w/ Quint TechnologyBuild a Bridge Between CI/CD and ITSM w/ Quint Technology
Build a Bridge Between CI/CD and ITSM w/ Quint Technology
XebiaLabs
 
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
XebiaLabs
 
The Future of Change Management and DevOps for Dummies
The Future of Change Management and DevOps for DummiesThe Future of Change Management and DevOps for Dummies
The Future of Change Management and DevOps for Dummies
DBmaestro - Database DevOps
 
Innovation in Action - #MFSummit2017
Innovation in Action - #MFSummit2017Innovation in Action - #MFSummit2017
Innovation in Action - #MFSummit2017
Micro Focus
 
Edit Privacy Settings Analytics FREE Collect Leads Micro Focus DevOps Drive-i...
Edit Privacy Settings Analytics FREE Collect Leads Micro Focus DevOps Drive-i...Edit Privacy Settings Analytics FREE Collect Leads Micro Focus DevOps Drive-i...
Edit Privacy Settings Analytics FREE Collect Leads Micro Focus DevOps Drive-i...
Serena Software
 
Empower Devs, Simplify Ops, and Accelerate your Digital Transformation
Empower Devs, Simplify Ops, and Accelerate your Digital TransformationEmpower Devs, Simplify Ops, and Accelerate your Digital Transformation
Empower Devs, Simplify Ops, and Accelerate your Digital Transformation
Rundeck
 

What's hot (20)

The Value of Puppet Enterprise
The Value of Puppet EnterpriseThe Value of Puppet Enterprise
The Value of Puppet Enterprise
 
DevOps Monitoring and Alerting
DevOps Monitoring and AlertingDevOps Monitoring and Alerting
DevOps Monitoring and Alerting
 
Training Webinars - Secret hacks for OutSystems 10
Training Webinars - Secret hacks for OutSystems 10Training Webinars - Secret hacks for OutSystems 10
Training Webinars - Secret hacks for OutSystems 10
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
 
Controlled Evolution with Puppet and AWS
Controlled Evolution with Puppet and AWSControlled Evolution with Puppet and AWS
Controlled Evolution with Puppet and AWS
 
The DevOps Playbook: How to Start, Scale, and Succeed
The DevOps Playbook: How to Start, Scale, and SucceedThe DevOps Playbook: How to Start, Scale, and Succeed
The DevOps Playbook: How to Start, Scale, and Succeed
 
Continuous Delivery & the Database - the Final Frontier
Continuous Delivery & the Database - the Final FrontierContinuous Delivery & the Database - the Final Frontier
Continuous Delivery & the Database - the Final Frontier
 
Continuous Delivery & the Database- The Final Frontier
Continuous Delivery & the Database- The Final FrontierContinuous Delivery & the Database- The Final Frontier
Continuous Delivery & the Database- The Final Frontier
 
Centralized Secure Vault with Dimensions CM
Centralized Secure Vault with Dimensions CMCentralized Secure Vault with Dimensions CM
Centralized Secure Vault with Dimensions CM
 
Measuring Performance: See the Science of DevOps Measurement in Action
Measuring Performance: See the Science of DevOps Measurement in ActionMeasuring Performance: See the Science of DevOps Measurement in Action
Measuring Performance: See the Science of DevOps Measurement in Action
 
Introduction to Puppet Enterprise 2016.2
Introduction to Puppet Enterprise 2016.2Introduction to Puppet Enterprise 2016.2
Introduction to Puppet Enterprise 2016.2
 
In (database) automation we trust
In (database) automation we trustIn (database) automation we trust
In (database) automation we trust
 
DBmaestro's State of the Database Continuous Delivery Survey- Findings Revealed
DBmaestro's State of the Database Continuous Delivery Survey- Findings RevealedDBmaestro's State of the Database Continuous Delivery Survey- Findings Revealed
DBmaestro's State of the Database Continuous Delivery Survey- Findings Revealed
 
Challenges and Best Practices of Database Continuous Delivery
Challenges and Best Practices of Database Continuous DeliveryChallenges and Best Practices of Database Continuous Delivery
Challenges and Best Practices of Database Continuous Delivery
 
Build a Bridge Between CI/CD and ITSM w/ Quint Technology
Build a Bridge Between CI/CD and ITSM w/ Quint TechnologyBuild a Bridge Between CI/CD and ITSM w/ Quint Technology
Build a Bridge Between CI/CD and ITSM w/ Quint Technology
 
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
 
The Future of Change Management and DevOps for Dummies
The Future of Change Management and DevOps for DummiesThe Future of Change Management and DevOps for Dummies
The Future of Change Management and DevOps for Dummies
 
Innovation in Action - #MFSummit2017
Innovation in Action - #MFSummit2017Innovation in Action - #MFSummit2017
Innovation in Action - #MFSummit2017
 
Edit Privacy Settings Analytics FREE Collect Leads Micro Focus DevOps Drive-i...
Edit Privacy Settings Analytics FREE Collect Leads Micro Focus DevOps Drive-i...Edit Privacy Settings Analytics FREE Collect Leads Micro Focus DevOps Drive-i...
Edit Privacy Settings Analytics FREE Collect Leads Micro Focus DevOps Drive-i...
 
Empower Devs, Simplify Ops, and Accelerate your Digital Transformation
Empower Devs, Simplify Ops, and Accelerate your Digital TransformationEmpower Devs, Simplify Ops, and Accelerate your Digital Transformation
Empower Devs, Simplify Ops, and Accelerate your Digital Transformation
 

Similar to Puppetcamp East, Windows Without GPOs, John Rogers, SwissRe

Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018
Mender.io
 
Node.js what's next (Index 2018)
Node.js what's next (Index 2018)Node.js what's next (Index 2018)
Node.js what's next (Index 2018)
Gibson Fahnestock
 
Leveraging Docker for Hadoop build automation and Big Data stack provisioning
Leveraging Docker for Hadoop build automation and Big Data stack provisioningLeveraging Docker for Hadoop build automation and Big Data stack provisioning
Leveraging Docker for Hadoop build automation and Big Data stack provisioning
DataWorks Summit
 
Leveraging docker for hadoop build automation and big data stack provisioning
Leveraging docker for hadoop build automation and big data stack provisioningLeveraging docker for hadoop build automation and big data stack provisioning
Leveraging docker for hadoop build automation and big data stack provisioning
Evans Ye
 
IoT is Something to Figure Out
IoT is Something to Figure OutIoT is Something to Figure Out
IoT is Something to Figure Out
Peter Hoddie
 
Summit 16: NetIDE: Integrating and Orchestrating SDN Controllers
Summit 16: NetIDE: Integrating and Orchestrating SDN ControllersSummit 16: NetIDE: Integrating and Orchestrating SDN Controllers
Summit 16: NetIDE: Integrating and Orchestrating SDN Controllers
OPNFV
 
IoT: Contrasting Yocto/Buildroot to binary OSes
IoT: Contrasting Yocto/Buildroot to binary OSesIoT: Contrasting Yocto/Buildroot to binary OSes
IoT: Contrasting Yocto/Buildroot to binary OSes
Mender.io
 
Quick prototyping using Gadgeteer, Raspberry Pi + Fez Cream
Quick prototyping using Gadgeteer, Raspberry Pi + Fez CreamQuick prototyping using Gadgeteer, Raspberry Pi + Fez Cream
Quick prototyping using Gadgeteer, Raspberry Pi + Fez Cream
Mif Masterz
 
Developing NuGet
Developing NuGetDeveloping NuGet
Developing NuGet
Jeff Handley
 
IoT Development from Prototype to Production
IoT Development from Prototype to ProductionIoT Development from Prototype to Production
IoT Development from Prototype to Production
Mender.io
 
Iot development from prototype to production
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to production
Mender.io
 
Python_basics_tuples_sets_lists_control_loops.ppt
Python_basics_tuples_sets_lists_control_loops.pptPython_basics_tuples_sets_lists_control_loops.ppt
Python_basics_tuples_sets_lists_control_loops.ppt
VGaneshKarthikeyan
 
Real-time analysis using an in-memory data grid - Cloud Expo 2013
Real-time analysis using an in-memory data grid - Cloud Expo 2013Real-time analysis using an in-memory data grid - Cloud Expo 2013
Real-time analysis using an in-memory data grid - Cloud Expo 2013
ScaleOut Software
 
Yocto Project Linux as a platform for embedded system design
Yocto Project Linux as a platform for embedded system designYocto Project Linux as a platform for embedded system design
Yocto Project Linux as a platform for embedded system design
Alex Gonzalez
 
Sydney Drupal News May 2012
Sydney Drupal News May 2012Sydney Drupal News May 2012
Sydney Drupal News May 2012Ryan Cross
 
Everyone wants (someone else) to do it: writing documentation for open source...
Everyone wants (someone else) to do it: writing documentation for open source...Everyone wants (someone else) to do it: writing documentation for open source...
Everyone wants (someone else) to do it: writing documentation for open source...
Jody Garnett
 
Better, Faster, Easier: How to Make Git Really Work in the Enterprise
Better, Faster, Easier: How to Make Git Really Work in the EnterpriseBetter, Faster, Easier: How to Make Git Really Work in the Enterprise
Better, Faster, Easier: How to Make Git Really Work in the Enterprise
Perforce
 
Zephyr Introduction - Nordic Webinar - Sept. 24.pdf
Zephyr Introduction - Nordic Webinar - Sept. 24.pdfZephyr Introduction - Nordic Webinar - Sept. 24.pdf
Zephyr Introduction - Nordic Webinar - Sept. 24.pdf
AswathRangaraj1
 
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
ForgeRock
 
The Five Stages of Enterprise Jupyter Deployment
The Five Stages of Enterprise Jupyter DeploymentThe Five Stages of Enterprise Jupyter Deployment
The Five Stages of Enterprise Jupyter Deployment
Frederick Reiss
 

Similar to Puppetcamp East, Windows Without GPOs, John Rogers, SwissRe (20)

Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018
 
Node.js what's next (Index 2018)
Node.js what's next (Index 2018)Node.js what's next (Index 2018)
Node.js what's next (Index 2018)
 
Leveraging Docker for Hadoop build automation and Big Data stack provisioning
Leveraging Docker for Hadoop build automation and Big Data stack provisioningLeveraging Docker for Hadoop build automation and Big Data stack provisioning
Leveraging Docker for Hadoop build automation and Big Data stack provisioning
 
Leveraging docker for hadoop build automation and big data stack provisioning
Leveraging docker for hadoop build automation and big data stack provisioningLeveraging docker for hadoop build automation and big data stack provisioning
Leveraging docker for hadoop build automation and big data stack provisioning
 
IoT is Something to Figure Out
IoT is Something to Figure OutIoT is Something to Figure Out
IoT is Something to Figure Out
 
Summit 16: NetIDE: Integrating and Orchestrating SDN Controllers
Summit 16: NetIDE: Integrating and Orchestrating SDN ControllersSummit 16: NetIDE: Integrating and Orchestrating SDN Controllers
Summit 16: NetIDE: Integrating and Orchestrating SDN Controllers
 
IoT: Contrasting Yocto/Buildroot to binary OSes
IoT: Contrasting Yocto/Buildroot to binary OSesIoT: Contrasting Yocto/Buildroot to binary OSes
IoT: Contrasting Yocto/Buildroot to binary OSes
 
Quick prototyping using Gadgeteer, Raspberry Pi + Fez Cream
Quick prototyping using Gadgeteer, Raspberry Pi + Fez CreamQuick prototyping using Gadgeteer, Raspberry Pi + Fez Cream
Quick prototyping using Gadgeteer, Raspberry Pi + Fez Cream
 
Developing NuGet
Developing NuGetDeveloping NuGet
Developing NuGet
 
IoT Development from Prototype to Production
IoT Development from Prototype to ProductionIoT Development from Prototype to Production
IoT Development from Prototype to Production
 
Iot development from prototype to production
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to production
 
Python_basics_tuples_sets_lists_control_loops.ppt
Python_basics_tuples_sets_lists_control_loops.pptPython_basics_tuples_sets_lists_control_loops.ppt
Python_basics_tuples_sets_lists_control_loops.ppt
 
Real-time analysis using an in-memory data grid - Cloud Expo 2013
Real-time analysis using an in-memory data grid - Cloud Expo 2013Real-time analysis using an in-memory data grid - Cloud Expo 2013
Real-time analysis using an in-memory data grid - Cloud Expo 2013
 
Yocto Project Linux as a platform for embedded system design
Yocto Project Linux as a platform for embedded system designYocto Project Linux as a platform for embedded system design
Yocto Project Linux as a platform for embedded system design
 
Sydney Drupal News May 2012
Sydney Drupal News May 2012Sydney Drupal News May 2012
Sydney Drupal News May 2012
 
Everyone wants (someone else) to do it: writing documentation for open source...
Everyone wants (someone else) to do it: writing documentation for open source...Everyone wants (someone else) to do it: writing documentation for open source...
Everyone wants (someone else) to do it: writing documentation for open source...
 
Better, Faster, Easier: How to Make Git Really Work in the Enterprise
Better, Faster, Easier: How to Make Git Really Work in the EnterpriseBetter, Faster, Easier: How to Make Git Really Work in the Enterprise
Better, Faster, Easier: How to Make Git Really Work in the Enterprise
 
Zephyr Introduction - Nordic Webinar - Sept. 24.pdf
Zephyr Introduction - Nordic Webinar - Sept. 24.pdfZephyr Introduction - Nordic Webinar - Sept. 24.pdf
Zephyr Introduction - Nordic Webinar - Sept. 24.pdf
 
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
 
The Five Stages of Enterprise Jupyter Deployment
The Five Stages of Enterprise Jupyter DeploymentThe Five Stages of Enterprise Jupyter Deployment
The Five Stages of Enterprise Jupyter Deployment
 

More from Puppet

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
Puppet
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyaml
Puppet
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
Puppet
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscode
Puppet
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
Puppet
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
Puppet
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
Puppet
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
Puppet
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
Puppet
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden Windows
Puppet
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
Puppet
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppet
Puppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael Pinson
Puppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
Puppet
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping ground
Puppet
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software
Puppet
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User Group
Puppet
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
Puppet
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
Puppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
Puppet
 

More from Puppet (20)

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyaml
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscode
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden Windows
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael Pinson
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping ground
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User Group
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 

Recently uploaded

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 

Recently uploaded (20)

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 

Puppetcamp East, Windows Without GPOs, John Rogers, SwissRe

  • 1. Puppet Camp 2020 Windows without GPOs John Rogers, March 2020
  • 2. John Rogers | March 2020 Who are we The Swiss Re Group is one of the world's leading providers of reinsurance, insurance and other forms of insurance- based risk transfer, working to make the world more resilient. The aim of the Swiss Re Group is to enable society to thrive and progress, creating new opportunities and solutions for its clients. www.swissre.com 2John Rogers | March 2020
  • 3. John Rogers | March 2020 Our Current Environment • 2 separate puppet universes, one for puppet code development and one for production • 1 PuppetDB, 1 PuppetCA, 4 Puppet Masters, 1 CMDB • Puppet Open Source v6.2 • Puppet Agent 6.11.1 • Windows 2008 R2 – Windows 2019 • Ubuntu, RedHat, SLES 3John Rogers | March 2020
  • 4. John Rogers | March 2020 4
  • 5. John Rogers | March 2020 Cool Factoids • Customer managed git repos. Customers can write their own puppet code • Control repo for public modules. Customer can see what is available without needing access to our git repo • End to End automation. Cloud Portal -> Microservice -> CMDB -> Server Provisioning -> Puppet Run 5John Rogers | March 2020
  • 6. John Rogers | March 2020 Windows Before Puppet • Traditional: Microsoft OS, Microsoft Tools • GPOs. Always a trade-off between security and flexibility • SCCM for software deployment • SCOM for monitoring • No centralized logging • No self service • Put in a ticket 6John Rogers | March 2020
  • 7. John Rogers | March 2020 The Vision • Automation • Infrastructure as Code • Services/API • Self-Service • DevOps • Hybrid Cloud • Security 7John Rogers | March 2020
  • 8. John Rogers | March 2020 Why Puppet • The Unix Team was already using puppet • Existing Infrastructure • Existing code and change management processes • one configuration management tools was preferable to two or more • Puppet is highly flexible and extensible 8John Rogers | March 2020
  • 9. John Rogers | March 2020 The Challenges • Culture • Steep Learning Curve (Puppet DL, Ruby, Scripting, GIT) • Puppet isn’t Windows (why choose a non Microsoft tool) • Microsoft is Microsoft (why choose a non Microsoft tool) • Lack of modules • Performance (DSC no instantiation, powershell processes) 9John Rogers | March 2020
  • 10. John Rogers | March 2020 The How • Rollout of puppet agents on all Windows Servers • Green field approach for Windows 2016 • Holistic approach • GPO Module • Local Security Policy Module • Chocolatey/Proget • PackerIO 10John Rogers | March 2020
  • 11. John Rogers | March 2020 GPO Module 11 Preparation • Parse ADMX files into JSON lookup table • Use the CIS policy files to get default CIS settings for the OS • Parse the registry.pol file from the CIS standard to generate the manifest files Agent Run • Provider instantiates current registry.pol files • Provider performs normal create/update/destroy processes and updates hash in memory • Provider writes registry.pol file and runs lgpo.exe to appy settings
  • 12. John Rogers | March 2020 12
  • 13. John Rogers | March 2020 13
  • 14. John Rogers | March 2020 14
  • 15. John Rogers | March 2020 15
  • 16. John Rogers | March 2020 Local Security Policy Module 16 • The module was written to originally help us to manage the User Rights Assignments for Windows • 3 providers and 4 types • Custom define to search hiera to combine default settings with required settings for role, host, etc • Expanded to include the rest of the secedit.exe functionality • Used the concat module as a basis for the so_privilegerights_fragment functionality so profiles can inject user right assignments into the catalog • https://github.com/johnrogers00/securityoptions
  • 17. John Rogers | March 2020 17
  • 18. John Rogers | March 2020 Chocolatey/ProGet 18 • Along with PowerShell package manager using ProGet to provide Software Feeds • Now packages can be installed manually or through puppet
  • 19. John Rogers | March 2020 19
  • 20. John Rogers | March 2020 PackerIO 20 • Using PackerIO to build multiple images for on premise and private cloud infrastructure • Puppet role for packer. – All settings that can be done without a domain are set – pluginsync runs for the first time – initial patching of server – speeds up deployment time of newly provisioned server
  • 21. John Rogers | March 2020 The Future • Automated IT Exceptions • Rewrite Modules (Module Hiera) • Utilize Powershell Lib • multiversion(build) support 21John Rogers | March 2020
  • 22. John Rogers | March 2020 Special Thanks 22 Raffaela Wüst raffaela.wuest@copebit.ch Andreas Zuber zuber@puzzle.ch Raphaël Pinson raphael.pinson@camptocamp.com
  • 23. John Rogers | March 2020 • acl • auditpol • chocolatey • iis • reboot • registry • scheduled_task • telegraf • transition • windows_env • Windows_firewall • windows_smb • swissre/windowsupdate • swissre/gpo • swissre/securityoptions • swissre/windowsnetwork • swissre/service_acl • swissre/srdiskutility • swissre/srlanguage • swissre/meltdownspectre Modules we use for Windows 23
  • 24. John Rogers | March 2020 24 Legal notice ©2019 Swiss Re. All rights reserved. You may use this presentation for private or internal purposes but note that any copyright or other proprietary notices must not be removed. You are not permitted to create any modifications or derivative works of this presentation, or to use it for commercial or other public purposes, without the prior written permission of Swiss Re. The information and opinions contained in the presentation are provided as at the date of the presentation and may change. Although the information used was taken from reliable sources, Swiss Re does not accept any responsibility for its accuracy or comprehensiveness or its updating. All liability for the accuracy and completeness of the information or for any damage or loss resulting from its use is expressly excluded.

Editor's Notes

  1. Notes Puppetmasters are configured to pull commits from customer repos based on tags. So customers/teams developing their own puppet code can tag their work and use this as a deployment mechanism to the puppet servers. This allows them to control how they deploy their changes through DEV, TEST and PROD and provides them with a a way to test and make changes without having to go through our team. Setup a control repo managed via r10k, that allows us to share all of the public respositories with customers so they can see what modules and versions are available for them to use. As opposed to when we had everything inside a single repo that was private and not accessible to others We drive the configuration of services almost entirely through the use of roles and profiles. So when a machine is provisioned via one of the portals, a role is chosen. Either the default none role, which contains the base configuration for the OS, or an application specific role. This entry is written to the CMDB, so that when the puppet agent runs for the first time on the new server, it knows what its role it, and the proper manifests are loaded.
  2. Notes Not to spend too much on the past, but our existing setup prior to introducing Windows 2016 and Puppet was pretty typical for a Windows environment. We used a lot of Microsoft based tools, tools that are typically centrally managed. Lots of manual processes and for any changes customer had to put it tickets for Windows Operations to perform tasks.
  3. Around 2015 the business was changing and this forced new requirements on IT. We needed to be more agile and more dynamic to support a changing business A large emphasis on automation to help streamline processes and remove time consuming manual processes Services should be defined, wrapped in APIs to make them consummable by other services. A move toward self service. Frameworks should be in place that allow customers to use IT services without needing tickets Introduction of a private cloud. Introduction of the word cloud changes peoples excpectations. They want things faster, and working out of the box The concept that Security is everyones job. Security cannot be an afterthought, cannot be delegated to another team.
  4. As with any company, changing the culture is not easy. Struggles with why, why should I change, why change that, etc, etc. Moving the mentality from this is how I manage 1 server to this is how I manage 5000 servers. Unfortunately the learning curve is quite steep. it is not just a matter of learning the Puppet language, but the entire toolset that goes along with becoming a software developer and working more often than not on a unix based operating system. To compound this choosing a non-Windows solution to manage Windows was met with skepticism. The Unix team was already using this tool, and after some successful testing, we decided that having a common toolset was valuable. Being able to reuse the same infrastructure, the same processes, so we could focus on content. In the Windows world, you do things the Microsoft way. Choosing a different approach usually leads to frustration and finding information or experts is typically difficult or impossible. When starting with Puppet on Windows, there was not a lot of modules available, or the ones that were available sometimes lacked features or had to be patched. One of the first realizations that we had was that maybe no one was managing the entirety of windows with puppet. There were modules for networking, modules for IIS, modules for Sharepoint, but the main usage seemed to be just making registry changes with the registry resources type When starting with Puppet 3.8, we attempted to supplement the puppet native modules with the DSC resources, but we quickly moved away from this solution. Making a powershell call for every resource was out of the question and DSC does not support instantiation and managing hundreds and more than a 1000 resources this way was not practical.
  5. For the entries in the Local Policies, we use this custom module to manage the settings. A few of the settings are set at the domain level via GPO, and we do not manage these settings with puppet for the Advanced Audit Policy Configuration, we are using the auditpol module, though it is in need of updating, but works great For the security options and user rights assignments, camp to camp helped us wrote a custom module to handle our needs The issue was, using a Role/Profile concept there was not really a way to inject user rights into the configuration of a server. For instance, installing SQL onto a server is performed as part of a profile, not a role. The installation of SQL requires certain rights for the technical users who are running as services, so there was no good way to set these at a role level. The implementor of the role would need to know all of the internals of the profiles to understand which hiera variables to set.