People, process, and technology for ILM and SLM adoption

Transcript

1. People, process, and technology for ILM and SLM adoption Rosemary

   Wang Chief Developer Advocate

2. Circa 2018 Some Concepts for Research API Author i zation

   (OAuth & OpenID) Testing & Testing-Dr i ven Development (TDD) Continuous Delivery Pipelines-as-Code Infrastructure-as-Code REST API Standards Basic Networking Basic Linux/Windows Systems Basic Secur i ty (Vulnerability Management) Site Reliability Engineer i ng Observability (Monitor i ng, Logging, Tracing) Public Cloud Constructs Container i zation (Orchestrators & Runtimes) Secret Management Code (Python, Ruby, Golang) Chaos Engineer i ng Release & Deliver Software Microservices User Interfaces/APIs DevOps Site Reliability Engineer i ng “Platform”? PaaS which uses patterns like which you which you more easily by applying which has technologies classif i ed as sometimes packaged as which can be runs on All done as securely as possible Philosophy whose practical implementation can be through Physical Devices Pr i vate Cloud Datacenter Infrastructure Public Cloud (IaaS) Network, Systems & More composed of which can be which runs on Trying to put the terms together Confusing Job Descr i ptors Pr i vate Public Cloud Site Reliability Engineer/Developer Platform DevOps Release Infrastructure Systems Network

3. Infrastructure / Secur i ty Lifecycle Management is the practice

   of changing infrastructure or secur i ty resources.

4. Changes to infrastructure/ secur i ty Create Read Update Delete

5. Chief Developer Advocate HashiCorp She/her @joatmon08 Rosemary Wang

6. Datacenter Public Cloud 1 Public Cloud 2

7. Datacenter Public Cloud 1 Public Cloud 2 Lifecycle management

8. Datacenter Public Cloud 1 Public Cloud 2

9. Infrastructure Lifecycle Management As code Self-service Systems of record Modular

   i zation Secur i ty Lifecycle Management Ephemerality Remediation Access control Standardization Immutability Delete Update Create Monitor i ng Read Observability Foundations for ILM/SLM Scale

10. Infrastructure Lifecycle Management Modular i zation Secur i ty Lifecycle

    Management Ephemerality Remediation Access control Standardization Immutability Delete Update Create Monitor i ng Read Observability Scale As code Self-service Systems of record

11. Infrastructure Lifecycle Management Secur i ty Lifecycle Management Did the

    patch fail? Vulnerability patch management Read Monitor i ng Observability Which machines still need updates?

12. Read Infrastructure Lifecycle Management Monitor i ng Secur i ty

    Lifecycle Management Observability • Audit changes to infrastructure • Identify dr i ft • Validate policy conformance • Audit system access • Identify vulnerabilities • Validate artifact provenance

13. People & process Encourage self-service of information Build conf i

    dence for change People Audit and document system evolution Iterate on unif i ed “platform” interface Process

14. Infrastructure Lifecycle Management As code Self-service Systems of record Modular

    i zation Secur i ty Lifecycle Management Ephemerality Remediation Access control Standardization Immutability Delete Update Create Monitor i ng Read Observability Foundations for ILM/SLM Scale

15. Infrastructure Lifecycle Management Modular i zation Secur i ty Lifecycle

    Management Ephemerality Remediation Access control Standardization Immutability Delete Update Create Monitor i ng Read Observability Scale As code Self-service Systems of record

16. Infrastructure Lifecycle Management Secur i ty Lifecycle Management What gets

    disrupted when we patch? How do we access machines for patching? Vulnerability patch management Create Modular i zation Access control

17. Create Infrastructure Lifecycle Management Modular i zation Secur i ty

    Lifecycle Management Access control • Isolate changes to parts of the system • Decouple infrastructure dependencies • Isolate least pr i vilege access • Decouple identity from access policy

18. People & process Identify kebab vs. cake teams Agree on

    interface over implementation People Balance productivity and secur i ty Support f l exibility Process

19. Infrastructure Lifecycle Management As code Self-service Systems of record Modular

    i zation Secur i ty Lifecycle Management Ephemerality Remediation Access control Standardization Immutability Delete Update Create Monitor i ng Read Observability Foundations for ILM/SLM Scale

20. Infrastructure Lifecycle Management Modular i zation Secur i ty Lifecycle

    Management Ephemerality Remediation Access control Standardization Immutability Delete Update Create Monitor i ng Read Observability Scale As code Self-service Systems of record

21. Infrastructure Lifecycle Management Secur i ty Lifecycle Management What do

    we need to do to f i x the vulnerability? How do we roll out the patch? Vulnerability patch management Update Standardization Remediation

22. Update Infrastructure Lifecycle Management Standardization Secur i ty Lifecycle Management

    Remediation • Develop consistent deployments • Improve predictability of changes and rollbacks • Develop baseline for detecting anomalous behavior • Improve speed of f i xes

23. Datacenter Public Cloud 1 Public Cloud 2

24. Datacenter Public Cloud 1 Public Cloud 2 Remediation without Standardization

25. Datacenter Public Cloud 1 Public Cloud 2 Remediation with Standardization

26. People & process Justify refactor i ng effort Establish evergreen

    standards Focus on value over technical details People Develop consistency in process Document edge cases Process

27. Infrastructure Lifecycle Management As code Self-service Systems of record Modular

    i zation Secur i ty Lifecycle Management Ephemerality Remediation Access control Standardization Immutability Delete Update Create Monitor i ng Read Observability Foundations for ILM/SLM Scale

28. Infrastructure Lifecycle Management Modular i zation Secur i ty Lifecycle

    Management Ephemerality Remediation Access control Standardization Immutability Delete Update Create Monitor i ng Read Observability Scale As code Self-service Systems of record

29. Infrastructure Lifecycle Management Secur i ty Lifecycle Management Can we

    replace machines instead of updating? Are short-lived resources a compensating control? Vulnerability patch management Delete Immutability Ephemerality

30. Delete Infrastructure Lifecycle Management Immutability Secur i ty Lifecycle Management

    Ephemerality • Change resource by creation and deletion • Support lower r i sk refactor i ng patterns • Change time-to-live of resources to reduce attack surface • Support resiliency patterns for short-lived resources

31. People & process Shift paradigm from static to dynamic Apply

    immutability to larger use cases People Develop constant rate of change Establish provisioning as remediation Process

32. Infrastructure Lifecycle Management As code Self-service Systems of record Modular

    i zation Secur i ty Lifecycle Management Ephemerality Remediation Access control Standardization Immutability Delete Update Create Monitor i ng Read Observability Foundations for ILM/SLM Scale

33. Infrastructure Lifecycle Management Modular i zation Secur i ty Lifecycle

    Management Ephemerality Remediation Access control Standardization Immutability Delete Update Create Monitor i ng Read Observability Scale As code Self-service Systems of record

34. As code Self-service Systems of record Scale How often can

    we push a commit to update the image?

35. Scale Self-service Systems of record As code How often can

    we push a commit to update the image? How can a developer patch their VM without asking operations?

36. Scale Systems of record Self-service As code How often can

    we push a commit to update the image? How can a developer patch their VM without asking operations? How do we document exceptions if we can’t patch?

37. As code Self-service Systems of record • Build conf i

    guration or policy for automation • Enable orchestration across system Scale

38. Scale As code Self-service Systems of record • Build abstraction

    for complexity of knowledge • Enable anyone to extend system to support business needs

39. Scale Systems of record • Build inventory of infrastructure, secrets,

    identities, and policies • Enable visibility and orchestration across systems at scale Self-service As code

40. People & process Shift paradigm from clicking resources to selecting

    systems Offer escape hatches for edge cases People Accommodate rapid rate of change Use systems of record to assess blast radius Process

41. Summary

42. Infrastructure Lifecycle Management As code Self-service Systems of record Modular

    i zation Secur i ty Lifecycle Management Ephemerality Remediation Access control Standardization Immutability Delete Update Create Monitor i ng Read Observability Foundations for ILM/SLM Scale

43. Datacenter Public Cloud 1 Public Cloud 2

44. Datacenter Public Cloud 1 Public Cloud 2 Monitor i ng/

    Observability

45. Datacenter Public Cloud 1 Public Cloud 2 Everything done as

    code

46. Datacenter Public Cloud 1 Public Cloud 2 Established systems of

    record

47. Lifecycle management at scale Design and build for change, which

    affects process and people.

48. Check out recordings from HashiConf 2024 The building blocks of

    ILM & SLM developer.hashicorp.com Examples Learn more

49. Thank you @joatmon08