Controlled Evolution with AWS & Puppet16 November 2016

Carl Caum: Sr. Technical Marketing Manager at Puppet

Chris Barker: Principal Technical Solutions Engineer at Puppet

Seamus Birch: Change Agent at one of Canada’s tier-one banks

Speakers

Every company is a software company.

It feels like a breaking point.

Change is necessary.

We help great companies:Become great software companies

Deliver fantastic experiences to their usersProvide better software, faster

And do it simply, at scale and securely

Automate for speed, reliability and security

Define with a common language

Gain situational awareness

Orchestrate change intelligently

Ensure security & compliance

What’s needed to deliver and operate modern software simply, at scale and securely

Across devices, through the stack

Define with a common language

● Easy to read, understand, write & share

● Write once, use everywhere

● Testing built in

● No code clobbering

● Choose from thousands of free modules, backed by a vibrant ecosystem

Standard way for teams to deliver and operate software

Puppet code example

Gain situational awareness

● Real-time change visibility

● Unique dependency visualizations

● Continual drift monitoring and reporting

● Audit and compliance reporting

● Built-in, custom and 3rd party visualizations

Know exactly what is going on with all your software

Event inspection in Puppet Enterprise

Cloud Management with PuppetAdopt, unify and managecloud environments

Supporting heterogeneous infrastructure

Cloud adoption drives business

of organizations believe cloud will help them improve their revenue

Source: IDC “Don’t Get Left Behind: The Business Benefits of Achieving Greater Cloud Adoption,” Aug 2015

53%

Automation in the cloud

Native tools don’t work

Manual approaches / scripts are problematic

Misconfiguration creates risk

= Risk$ one-off

Puppet/aws module

$ one-off

AWS Herd Management

$ one-off

Introduction

16

● 15 years experience in banking technology

● Particularly interested in hands on transformation of operating models.

What was the problem we were trying to solve?

17

Reduce manual effort and IT bureaucracy that is error prone, slowing us down and costing us money.

Our setup

18

GithubApplication CodePuppet Modules

TeamCityApplication &

Container Build

Puppet MasterConfiguration Management

ArtifactoryApplication &

Container Store

Application Server

ApplicationEnvironment

Puppet R10KRelease Management

and Change Management

Or first steps● Built a community of developers on the platform.

● Focused on promoting continuous deployment rather than continuous integration.

● Obtained security risk assessments and approvals on the Puppet process as a software deployment mechanism.

● Heavily invested in getting the infrastructure teams to pick up puppet.

● Lucky enough to find an infrastructure team that could pick up the coding aspect.

● Worked with the release management and change control teams to add support to R10K to their service.

● Started with a pilot of 150 servers.

19

Standard puppet approach

ProvisioningVirtual environments ● Cloud ● Containers

Application infrastructureSQL server ● Tomcat ● WebSphere ● IIS ● MySQL

Core infrastructureOperating system ● NTP ● DNS ● SSH ● Firewall ● Users ● Groups

Application orchestrationCustom apps ● COTS ● Share services

Our experience with Puppet

ProvisioningVirtual environments ● Cloud ● Containers

Application infrastructureSQL server ● Tomcat ● WebSphere ● IIS ● MySQL

Core infrastructureOperating system ● NTP ● DNS ● SSH ● Firewall ● Users ● Groups

Application orchestrationCustom apps ● COTS ● Share services

1

2

3

22

Reduction in manual effort

90%

Team Development Effort

12%600%

Change Deployment Frequency

Measurable results

But what about provisioning?

ProvisioningVirtual environments ● Cloud ● Containers

Application infrastructureSQL server ● Tomcat ● WebSphere ● IIS ● MySQL

Core infrastructureOperating system ● NTP ● DNS ● SSH ● Firewall ● Users ● Groups

Application orchestrationCustom apps ● COTS ● Share services

1

2

3

?

Our AWS POC

24

GithubApplication CodePuppet Modules

TeamCityApplication &

Container Build

Puppet MasterConfiguration Management

ArtifactoryApplication &

Container Store

Cloud Command and Control

Keys

Puppet R10KRelease Management

and Change Management

VPC, Security, Firewall, Network etc

ECS

EC2 Instances

Application

RDS

What did we discover

● We had a real life application deployed within a couple of weeks.

● We didn’t require any new processes to be created.

● There were no special approvals/waivers/exceptions to obtain.

● We didn’t need to change firewalls or modify our security posture.

● We reduced infrastructure costs to pennies in the dollar.

25

Getting started with cloud was easy because we already automated with Puppet.

26

It will scale because we already automated with Puppet.

27

Potential stumbling blocks to avoid● Focus on automation, not on cloud as the

objective.

● Don’t start with doing cloud manually, it will not scale and your cloud transformation will stall.

● The development team must have a mature approach to security. You must be 100% confident that when you ask a security consultant to review your setup, they will not find any vulnerabilities.

● You need to let go of the crutch that it is SSH/RDC.

28

Questions?

Read up on AWS-Based Node Lifecycle Management with Puppet in our white paper: bit.ly/AWSlifecycle

Check out our AWS-supported module on the Puppet Forge, which provides the ability to manage AWS resources: forge.puppet.com/puppetlabs/aws

Watch Chris Barker's PuppetConf 2016 talk, AWS Management & Puppet: What to do with cloud instances: bit.ly/puppetconf15barker

What’s next?