compliance automation with inspec part 1
Post on 08-Jan-2017
Embed Size (px)
Getting Started with Compliance Automation
Our Visionthe most enduring and transformative companies use Chef to become fast, efficient, and innovative software driven organizations
Were no longer an airline. Were a software company with wings. Veresh Sita, CIO, Alaska Airlines
Now every business is a software business
Every business is a software business, no matter what industry its in. Customers, whether outside the corporate firewall or behind it, have higher expectations for speed, reliability, and personalized content. They expect fast response times and great customer service.These expectations exist because innovative online companies such as Amazon, Google, and Facebook constantly raise consumer expectations. Any business that wants to remain competitive must emulate the patterns developed by the web innovators, which are summarized by the term DevOps. Following DevOps patterns allows companies to quickly respond to customer demands with the software that provides the experience customers want.Fast response to customer demand requires a technology stack that can react quickly to changing business needs while maintaining its resiliency and reliability, and it requires the ability to deliver new application features just as quickly.
No high velocity companyhas gotten there without automation at scale as a foundation
Automation at scale is required for high velocity ITContinuousImprovement
Citi relies on Chef as the automation platform used to help transform over 3,000 application teams. Chef is important enough to Citi that Citi became an investor in Chef.
Chef is the platform for a continuous delivery pipeline empowering application teams to ship a thousand plus changes per day across Carl Sagan size deployments.
GE touts Chef as the most rapidly adopted technology in the history of GE.
The goal is to go from Idea to shipping: High Velocity organization e.g. GE, and Facebook, have followed a proven strategy of success using continuous improvement. These organization could not get there without Automation. The corner stone of their success started with Automation. To automate their infrastructure, Modernize their applications And to enforce proper behavior. To effectively transform.
Infrastructure AutomationApplication AutomationCompliance Automation
Chef Automate is THE platform that provides the workflow, visibility, and compliance necessary to become a fast, efficient, and innovative software-driven organization.
Chef Automate is built on the foundation of three open source projects:
Chef for Infrastructure AutomationHabitat for Application AutomationInSpec for Compliance Automation
Chef Automate removes infrastructure as a speed bumpMove at any speed the business requires safely and without breaking IT processes
Build, deploy, and manage applications and infrastructure environments with one platform
Gain consistency, security, and compliance across complex and any-size enterprise environments
Collaboration, governance, and visibility across dev, security, compliance, and ops teams
Improve productivity, reinforce the right organizational behaviors, and accelerate time from idea to shipment
Infrastructure AutomationApplication AutomationCompliance Automation
Chef Automate: Jumpstart your move to automationA complete suite of enterprise capabilities for workflow, visibility and compliance
Workflow: A pipeline for continuous delivery of infrastructure and applications
Compliance: Customizable analytics to identify compliance issues, security risks and outdated software
Visibility: Gives you views into operational, compliance and workflow process events
Based on recognized best practices for DevOps success, Chef Automate gives you a full-stack deployment pipeline, automated testing for compliance and security, as well as visibility into everything that's happening along the way. With Chef Automate you have safety and velocity.Chef Automate provides a full suite of enterprise capabilities for workflow, visibility and compliance. Chef Automate integrates with the open-source products Chef, InSpec and Habitat. Chef Automate comes with comprehensive 24x7 support services for the entire platform, including open source components.Workflow. Chef Automate includes a pipeline for continuous delivery of infrastructure and applications. This full-stack approach, where infrastructure changes are delivered in tandem with any application changes, allows for safe deployment at high velocity. Here is the Chef Automate workflow.The Chef Automate pipeline has automated quality gates that move a change from a developers workstation all the way to production. Your team approves a proposed change, and, after acceptance tests, releases the corresponding artifact for delivery into production. After the Acceptance stage, the artifact moves on to the Union, Rehearsal and Delivered stages of the pipeline. The Union phase enables cross-team collaborationit contains quality gates that ensure that changes made by one team or organization work consistently with changes made in parallel by other teams. Chef Automate includes a graphical user interface that shows you the entire process. For example, you can tell at a glance which organizations include which projects. Dashboards let you track each change and see its status as it moves through the pipeline.Chef Automate provides change management and rapid deployment for the entire technology stack. With it, companies have a well-defined process that moves changes, features and new services to production quickly and safely. Compliance. Chef Automate lets you generate customizable reports to identify compliance issues, security risks, and outdated software. You can write your own compliance rules in InSpec, or you can get started quickly by using built-in profiles. These are predefined rule sets for a variety of security frameworks, such as Center for Internet Security (CIS) benchmarks, included as part of Chef Automate. Visibility. Chef Automate gives you a data warehouse that accepts input from Chef, Habitat, and Chef Automate workflow and compliance. It provides views into operational, compliance, and workflow events. There is a query language available through the UI and customizable dashboards.7
Chef: Infrastructure automation and delivery at scaleManages deployment and on-going automationDefine reusable resources and infrastructure state as codeScale elegantly from one to tens of thousands of managed nodes across multiple complex environmentsCommunity, Certified Partner, & Chef supported content available for all common automation tasks
Habitat: Automation that travels with the appEase the burden of managing microservice apps and bring benefits of apps architected for microservices to legacy applications
Gain consistent management of new and legacy applications across lifecycleProvides application portability for new and legacy apps Autonomous nodes self-manage runtime state of application based upon policy you defineAPIs expose application behaviors as data for better management
Works in tandem with infrastructure automation
Makes applications running on containers, PaaS, virtual machines, bare metal, better
Habitat is a new approach to automation that focuses on the application instead of the environment that runs it. With Habitat, the apps you build, deploy, and manage behave consistently in VMs, containers, PaaS and bare metal. You'll spend less time on the environment and more time building features. Run anywhere. Habitat packages your app in a way that makes it independent of any particular runtime. When you're ready to deploy, pick the best environment, whether it's containers, a VM, PaaS, or bare metal. Let Habitat mediate between that environment and the app. Reclaim legacy apps. Legacy apps are difficult to manage and migrate to modern computing ecosystems. Package legacy apps with Habitat and run anywhere without any rewrite required. They won't know they've left the data center, and there's no need to tell them.Scale without bottlenecks. Habitat apps self-organize into clusters. You can run as many instances of an application as you want and distribute them across the network without centralized orchestration. The Habitat supervisor knows the packaged app's peering strategy, upgrade strategy, and policies for restart and security. Habitat is smart packaging for smart apps, designed with best practices for the modern application in mind.Configure at runtime. Habitats packaging format and supervisor come with service discovery built in. Habitat exposes all of the application's configurable settings, making configuration values simple to set or change, whether you have one service instance or hundreds. Put an end to the headaches of last-mile configuration.Support production environments. Habitat packages have an outward-facing API that presents a standard interface to the world. Your devs can integrate with external services such as monitoring systems and load balancers. You don't need to develop unique solutions for every application. Moving your apps from dev to production has never been easier.Have confidence in what you deploy. Habitat packages contain everything the app needs to run with no outside dependencies. Habitat packages are immutable and atomically deployed. They are also auditablewhen changes occur, youll know what happened, where it happened, when it happened and who performed the action. Each Habitat package has its own unique identifier.
InSpec: Turn sec