making the transition from suite to the hub
TRANSCRIPT
Making the Transition from the Suite to the Hub
Hal Hearst / Lisa Bryngelson
Black Duck Software
Hub… it not your Father’s Protex
2Black Duck Customer Conference
SUITE
HUB
• For Most, going to the Hub is…
• Not just plug-and-play
• Needs to be planned
• Easier for some than others
• Ease Depends upon…
• How the suite was implemented
• Features used / Integrations / Customizations
• How deeply rolled out (user impact)
• Degree of usage (amount of data)
• Migration Requirements
Migration Challenges Summary
3Black Duck Customer Conference
• Customer Success Manager
• Professional Services
• Migration Workshop (Free offering)
• First Step for most customers
• Implementation Consulting (Not free offering)
• Data Migration Tools
• Black Duck Academy (training)
Resources to Help with Migration
4Black Duck Customer Conference
Migration Planning
Migration Workshop is a free 1 day offering provided by Black Duck
Professional Services including:
Pre- Migration Questionnaire
Workshop covers:
• Review of current Suite environment
• Hub review and demo
• Hub Roadmap
• Migration planning information
Follow up report with recommendations
To schedule a Migration Workshop talk to your CSM
MIGRATION WORKSHOP
6Black Duck Customer Conference
WORKSHOP GOALS
© Black Duck Software 2016
1. Explore/assess the viability of leveraging the Black Duck Hub
Explore if the Hub can add immediate value if used together with Suite
2. Outline Future Path for Migration
Outline Suite to Hub migration process
Identify Hub gaps necessary to support process and environment
STEP 1.A: KEY CONSIDERATIONS
8
AREAS DETAILS
BUSINESS GOALS
• Have my company’s goals regarding OSS management changed?
• Looking for a more streamline approached?
• Better embedded into developers tools/processes?
• Has my company’s risk tolerance level changed?
• Willing to accept some minimal risks for efficiency improvements?
• Less willing to accept security vulnerability risks for OSS?
FEATURE SETS
• Are the key, “must have” features delivered or future roadmap items ?
• What processes should I re-engineer to take advantage of the Hub?
• How will scanning occur?
• How to make sure we are using OK components?
• Can the Hub add value in parallel?
• Should we continue to run the suite in it’s current fashion and leverage the Hub
in new areas?
STEP 1.B: KEY CONSIDERATIONS
9
AREAS DETAILS
INFRASTRUCTURE
• Can my company leverage a “Hybrid” cloud solution?
• KB Matching via a hosted web service
• Do I require a complete On-Premise solution?
• Ok with internet connection, but no data can leave my firewall
• Need complete “closed room” environment
• Does my company want a total cloud based offering?
• We have moved our SCM, CI’s, testing and infrastructure to the cloud, and want
to do the same for Black Duck.
• What will our technical infrastructure look like?
DATA
• Do I need to migrate data or can I start clean?
• If so, what data should I migrate?
• Components, Licenses, Projects, BOMS, ID’s
• Approvals, Vulnerability Remediation Data
• Should I retain historical project data externally?
STEP 1.C: KEY CONSIDERATIONS
10
AREAS DETAILS
INTEGRATIONS /
PLUGINS
• What Suite integrations is your company using?
• CI, SCM, Reporting, GitHub utilities, etc.
• Is the need still applicable in a Hub scenario?
• If so, do we have Hub equivalents?
• Are their new Hub integrations / plug ins that can be used?
CUSTOMIZATIONS
• What customizations have we developed?
• API Based? Database based?
• Is the need still applicable in a Hub scenario?
• If so, do I have equivalent Hub API’s?
TRAINING• What will be the training impact on business units and users?
• Can we leverage Black Duck Academy as the primary vehicle?
LICENSING & COST • How is the Hub licensed and priced?
STEP 2: DEFINE FUTURE STATE
11
How has your OSS process requirements changed from the initial Suite
implementation?
• Manual vs automated process
• Scan process changes (when or what is scanned)
• Require different integration with other systems
• License and compliance management risk policy change
• High visibility concerning security vulnerability risk management
How would you like the OSS process to work in the future?
• What would this “look like” outside of the current software implementation?
• Project hierarchies/structure
STEP 3: TRANSITION MODEL
12
Which transition model works
best for my company?
USE CASE 1: REPLACE
13
Hub can be implemented without a transition because …
• Suite implementation was “Hub Like”
• New business divisions that never implemented Suite
• No requirement to keep historical data on projects
• Archiving in historical projects and moving forward with Hub only
USE CASE 2: STARTING IN PARALLEL
14
Where can the Hub add value to my current process/solution?
• Container scanning
• Linux distro scanning
• RPM scanning
• Projects that don’t require snippet scanning
• “Moving Left”
Adding exception-based policy management to your current process
• Development teams who want to proactively clean up vulns or
license issues early in the process
• Where can the Hub auto-authorization help reduce costs now?
USE CASE 3: SYSTEM & DATA MIGRATION
15
Define what data is required to move forward
• Custom Components
• Security vulnerability remediation data
• Custom utilities
Re-scan Protex projects using Hub and manually reconcile differences
• More automated tools coming in 2017
Re-implement Code Center automated workflows into Hub Policy Management rules or
leverage work integration (Services can help)
Engage Black Duck Implementation services for custom migration tools if requirements are
complex or you have limited resources
TRANSITION TIMEFRAME
16
Which transition model has been chosen?
• Replace (Shortest)
• In parallel
• Data migration (Longest)
If a “Data migration” or “In parallel” transition …
• What functionality in Hub is needed?
• What data needs to be migrated?
• Primarily Automated Process• Automated scanning via CI or other approaches
• Heavily leverage Rapid ID for BOM Creation
• Automated BDCC approvals for most cases
• Using languages with modern package management tools• Maven/Gradle, SBT, RubyGems, NPM…
• Component Focused• i.e. Don’t need strings/snippets
• Can use a hybrid cloud solution• Ok, with using hosting matching web service
• Limited Data Migration needs
Who can “replace” right now?
17Black Duck Customer Conference
• Suite OSS process implemented and working
• Need “deep scanning” with strings/snippets
• Want and using workflow based approvals
• Multiple Steps with manual decision points
• Significant use of other Suite only features
• Obligation Mgmt, Code Printing, Custom Fields,
• Have the resources to operate the Suite
• However, you also want to improve OSS processes
• Take advantage of Hub Only features
• Empower developers to scan in their environments
• Early warnings to components and potential issues
• Improve upon OSS vulnerability tracking
Who are good candidates for Parallel usage
18Black Duck Customer Conference