Presentation from webinar held July 17, 2014 titled 'Drive Financial Services Innovation Through IT Automation'.
Topics covered included using CFEngine Enterprise 3.6.0 to:
- Simplify audits with continual monitoring of system compliance and automatic remediation
- Dramatically improve the speed to update your environments
- Sharpen your visibility into critical configuration items and system inventory
- Ensure your system is secure and in compliance with defined policy
2. Agenda
• The State of IT in Financial Services Today
• Minimize Risk, Ensure Compliance, and Drive
Operational Efficiency with CFEngine
Enterprise
• Demo
• Q&A
3. The State of IT Today
Ensuring that critical
systems and data is secure
Maintain IT infrastructure
and applications
Expedient remediation of
issues as they arrive
Providing technology
support to employees
IT’s role today is primarily tactical and operational…
How can you help transform IT to a strategic business partner?
4. Additional Burdens on Financial Services
Firms
Increasing regulatory
requirements
Risk and compliance
management
Security is a top concern
Cost control and operational
efficiency
Tremendous IT complexity
6. Average number of
detected incidents
in Financial Services
169%
in 2013
Information and Infrastructure Security
Average financial
losses due to
security incidents
48%
In N. America
Only 18%
Of respondents say
they have policies
governing cloud
services
79% of respondents
say their security activities
are effective, a decline of
5%
over last year
Source: The Global State of Information Security Survey 2014, PWC.
7. Large Scale, Heterogeneous, Complex
Environments
Maintaining standardization and consistency is complex
and time consuming
Keeping configurations accurate and up-to-date is a top
priority
Virtualization, cloud, containerization sprawl needs to be
curbed and managed
Data centers are increasingly distributed to support local
offices, user/mobile traffic
High availability, redundancy, backup/recovery are
imperatives
8. Speed and Operational Efficiency
IT must evolve in an
environment of rapid
change
Technology and automation will provide
the catalyst to help financial services
firms achieve operational excellence
9. Automation as a Strategic Initiative
Increase productivity
and remove human
bottlenecks
Reduce costs of
managing your
environment
Maintain compliance
and enforce security
10. Introducing CFEngine Enterprise
Intelligent Infrastructure
Automation
Agile, secure and scalable
Policy-driven and convergent
Simple, self-service
consumption
Policy-based Application
Deployment
Repeatable and error-free
Manage local or cloud-based
infrastructure
Deliver on platform
standardization
Continuous Operations and
Self-healing
Complete visibility and
alerting
Compliance with self-healing
OOTB inventory and
reporting
IT Automation at WebScale
Scale Speed Security Stability
11. CFEngine’s Heritage
10,000+ Customers across 100+ countries
10 million+ servers managed
200,000 nodes managed at a single customer
Market-leading scalability, securability, & reliability
12. JPMorgan Chase 2013
Hall of Innovation Winner
CFEngine’s innovative technology has enabled JPMC
to achieve global consistency of their dynamic
configuration environment, resulting in cost savings,
risk mitigation, efficiency and product differentiation and
faster time to market.
As the most strategic and scalable automation platform,
CFEngine has made standardization easier to achieve,
allowing systems to manage themselves and
converge to their desired state
Mike Ashworth,
Chief Information Officer for J.P.Morgan Chase
13. Distributed, Lightweight Architecture
1. Define Desired State
2. Ensure
Desired State
HUB
3. Verify Actual State
CFEngine
Hub
Design Center
Mission
Portal
CFE Agents
Policy Language
14. Addressing the Needs of Financial
Services Organizations
Establish
baseline
implementation
of OS,
configuration,
and software
Standard
Operating
Environment
Satisfy stringent
security
standards and
automate
vulnerability
management
Security
Standards
Identify, report,
and alert on
possible
configuration drift
Reporting /
Audit
Automated
remediation to
approved and
desired state
Problem
Remediation
Manage
thousands of
servers, and
address issues in
a matter of
minutes
Scalability
and Speed
Ensure system consistency and resiliency to support mission critical
environments across your enterprise.
15. Establish Standard Operating
Environment
• Ensure baseline configuration by declaring
desired state
• Managed entities include users, files, processes,
s/w packages, services, etc…
• Standardize across thousands of systems
• Manage and report on configuration drift
A measurable path to IT operational efficiency
16. Enforce IT Security Standards
• Ensure systems, users, firewalls
are configured according to
security regulations
• Accelerate and automate patch
distribution to plug
vulnerabilities
• File integrity monitoring
• Alert on policy breaches to
ensure compliance
Be proactively alerted on policy drift to continuously assess and monitor
conformance
17. Reporting and Audit
• Simple-to-use, configurable dashboard
• Flexibly report on inventory assets and forensics
• Alert on events that require attention
• Tracking and recording of system events
Instant visibility, comprehensive coverage, exact data
18. Issue / Change Remediation
• Continuous verification
and operations at 5 min.
intervals
• Automated self-healing
• Integrate with system
management tools to
support end-to-end use
cases
19. Scalability and Speed
• Distributed, lean agents
• Autonomous and fault-
tolerant
• Support thousands of
managed systems per
hub
• 5 minute updates
• Execute policies in
seconds
Architected for WebScale
Managed OSes
Enterprise APIs
CFEngine Hub
Mission
Portal
Managed OSes Managed OSes
Dev Test Prod
Redis key-value
PostgreSQL
Hub
20. Customer Success Story
• Global provider of
banking and payment
technologies
• Serves more than
14,000 institutions in
100+ countries
• IT organization owns
everything from bare
metal to the top of the
stack and supports all
flavors of Unix/Linux
Customer Profile
Challenges
• Adherence to security
/corporate policies is
imperative
• Extremely dynamic
environment
• Operational efficiency
measured against its
competitors
• Expected 99.999% uptime
Results
• Execute millions of
compliance checks per
day
• Automated security
config management
• Time to update policies
from days to mins
• Vast reduction in labor
costs
22. Take It For A Spin!
Download CFEngine Enterprise free for up to 25 nodes!
http://cfengine.com/product/free-download/
Check out our video tutorials
@ http://cfengine.com/learn
Or try our prepackaged
CFEngine environment
using Vagrant
Download and unzip the Vagrant project
$ cd <location of vagrant_env>
$ vagrant up
…and you are all set!!
1
2
3
4
23. Summary
Leverage automation as a strategic initiative and
transform IT
Adherence to IT security standards is a top priority for
financial services organizations
Speed, scalability, and agility cannot be ignored
CFEngine Enterprise delivers IT Automation at WebScale
Infrastructure Automation, Continuous Delivery and Continuous Operations using
a model based approach that is secure, scalable, and agile and provides
enterprise-wide visibility, while ensuring service levels and compliance.
Log in to host001 192.168.33.3
Talk about standard operating environment – ntp, software package, users, can also be done for enableing ssh, system security like root passwords
Kill ntpd process
Run ensure_ntp_process
Userdel marco
Show /etc/passwd
Run new_users.cf
Talk about how this would be distributed via the hub to all the servers being managed
Now we go to the mission portal
Give tour of dashboard, event log
Talk about software updates
Policy compliance
File integrity monitoring
Customize reports
Show compliance reports
Show alert on port 23