The CFEngine policy analyzer is an awesome new service introduced in CFEngine 3.13. The policy analyzer allows you to quickly debug policies and inspect what is going on under hood of CFEngine. A known challenge with CFEngine, and most DSL based automation tools, relates to understanding what is actually going on during live operations. Many users view it as “black-box magic”. Unfortunately, the amount of magic and the size of the black box increases with the level of automation. This is undesirable. Enter the policy analyzer.
Today’s approach to securing IT infrastructure is passé. In a dynamic world of unpredictable and often frequent infrastructure changes, the traditional approach to security falls short. It is no longer sufficient to just scan frequently for vulnerabilities and then try to interpret this data in real time without (human) error. Additionally, despite smart analytics, this approach to illuminating security issues and remediating them is extremely time consuming. How many organizations can really claim to have identified and fixed all vulnerabilities? None! Automation has brought agility and consistency to infrastructure and other workflow services now. Security can and should expect to see similar gains. In this blog we explore some of the reasons that make organizations vulnerable and provide guidance on how they can better counter and secure their infrastructure and applications.
As someone responsible for IT operations, you have probably spent most of your time thinking of ways to improve your team’s effectiveness and efficiency to make it more competitive. At CFEngine, we have witnessed the management of IT infrastructure and organizations operating across the spectrum of the performance scale. Where are you on that scale and how can you improve? In the world of IT operations, a negatively skewed distribution seems to exist. The majority of companies, despite their admirable DevOps initiatives, struggle. The great minority who are masters of execution continuously increase their relative competitiveness leaving the others behind. In my previous post, “The painful road to the digital economy,” I pointed out some ideas as to why becoming more competitive seems so hard for Fortune 2000 companies and suggested ways to improve. It might be worth a read if you find yourself too far on the left side in the illustration below. The characteristics of a poor and reactive versus proactive and high-performing IT organization can be many. Below you will find some of the most common observed with our own users. Have a look and compare them with your own state of operations.
If you are working for a Fortune 2,000, and hold P&L, or in other ways are responsible for the compensation levels of your SA team and have doubts answering this question, I will argue your operations are not automated, nor will it be competitive in tomorrow’s IT-operations market. The industry unites around the belief that automation is the only way to stay on top of IT Operations. Automation has become a prerequisite for supporting the business in their growing demands. However, few are willing or capable of adjusting their outdated view when it comes to the competence mix needed and new cost allocations associated with the transition to automation. Most of the times we meet dreamers with Winnie the Pooh attitudes wanting both. Highly automated operations, and cheap labor. Well, the sad truth is you can’t. You cannot end up with a highly automated IT infrastructure run by fewer, very competent engineers and keep paying traditional average SA salaries.
Young and fearless, Born Digital Organizations (BDOs) now seriously challenge incumbent businesses, business models and value chains across industries. These digital organizations set new standards when it comes to frequency of new product features, cross channel compatibility, 24/7-365 availability, customer customization, user-interface friendliness and price points. Attributes of Born Digital Products:
Frequent (daily) product updates Work across all channels Always on Aware of its user(s) Friendly user-interface More affordable (often product-as-a-service) Clunky products with infrequent updates that is not fully compatible across various channels or always available for consumption face a dark future in a world of less loyal customers. For many incumbents, it is going to be a painful road to the digital economy.
Please nominate your favorite! The CFEngine Champion program rewards the voluntary efforts of individuals who have significantly enhanced the CFEngine Community by promoting CFEngine and its use. The contributions of the CFEngine Community are a vital part of our company’s ecosystem. View previous champions. Please nominate your 2014 candidate here
Thanks to Mike Svoboda at Linkedin and a league of experienced CFEngine users, we are happy to announce the “CFEngine Office Hour”. Meet with CFEngine folks, bring your questions! Here is what to expect: “Instead of lecturing about how we’ve used CFEngine, the focus of this office hour is dedicated to helping you!” “Have you ever had a question that you wanted to ask, but didn’t want to blast it out on the mailing list because its too public? Would you like for someone to take a look at one of your policies and maybe suggest improvements? Have a question about how to approach an automation problem?” “The idea behind the office hour is that we want to help other folks in the community bootstrap their environment.” “Getting over that initial learning curve can be quite a challenge. Having a video conference with a person whom you can ask questions of, and can interact with directly can make this process a lot easier.” “Even if you’ve been using CFEngine for a few years, feel free to drop in. Maybe you can learn a thing or two by looking at policy examples.” If you haven’t joined the #cfengine channel, we’re on libera.chat. Feel free to drop by and ask questions there as well, there are typically a few of us around. We will post the times of Open Office Hours on our Events page We hope to see you!
This post clarifies whether CFEngine is affected by the newly published vulnerability in the SSL protocol,POODLE. CFEngine core functionality, i.e. agent-to-hub communication is not affected in any way by the POODLE vulnerability. If the protocol version is set to “classic” or “1”, or is just left to be the default, then all communication happens using the legacy protocol which has nothing to do with SSL. If it is set to “latest” or “2”, then TLS version 1.0 is used, which does *not* suffer from the specific flaw in SSL v3.0 that enables POODLE. So the vulnerability is not applicable in any case. CFEngine Enterprise provides the Mission Portal web interface, served via the Apache web server at port 443. Unfortunately the default package installation uses default Apache settings, and httpd currently accepts connections using SSL v3.0. To remedy the problem, the following line should be edited in
We are quickly becoming a more software defined world. The music, movie, automotive and telecoms are examples of industries going through disruptiveness due to innovative software defined products. In this new world, IT-operational efficiency has risen to be more critical to businesses than ever.
Thanks to software and open source, the world is a more transparent place. Innovation is as much about speed as it is about coming up with that great next new idea. In efficient markets, ideas are quickly copied. The best way to stay ahead of competition is to continuously bring new products and services to market. The value of speed at which a company introduces new products and improves new versions based on market feedback has become paramount to success. The world accelerates in its need for new products and services. The connected- and smart-phone based economies emerge as the leaders of this new world-order, where new versions of products are introduced to the market on weekly, and even daily basis.
William Gibson once said: “The future is here, but it is not evenly distributed”. Within the space of IT-operations and automation we see clear evidence of this. Last week at LISA, System Engineer Mike Svoboda from LinkedIn gave us a glimpse of insight into the future of infrastructure operations.
The lucky audience got to learn how LinkedIn automates IT-operations at one of the largest websites in the world. What LinkedIn has achieved with less than a handful of engineers the last couple of years is truly bleeding edge.