POP: Building Automation Around Secure Server Deployment

Slides:



Advertisements
Similar presentations
Implementing Tableau Server in an Enterprise Environment
Advertisements

AppManager 7: Deep Technical Dive Tim Sedlack & Michi Schniebel Sr. Product Managers.
Overview Of Microsoft New Technology ENTER. Processing....
Usability Test by Knowing User’s Every Move - Bharat chaitanya.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
A Feature-Based Analysis & Comparison of IT Automation Tools: Comparing Kaseya to Developed By: & Advisor : Dr. S. Masoud Sadjadi School of Computing and.
Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.
Patch Management Module 13. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.
FileSecure Implementation Training Patch Management Version 1.1.
Configuration Management T3 Webinar Feb 21, 2008 Chuck Larsen ITS Program Coordinator Oregon Department of Transportation.
© 2010 VMware Inc. All rights reserved Patch Management Module 13.
Web Application Security Implementation - © 2007 GIAC Web Application Security Implementation SANS MSISE GDWP Kevin Bong John Brozycki July 26, 2007.
PRESENTED BY: K2 blackpoint Fundamentals Module 1: Understand J SCOTT PITMAN –
Overview of MSS System Human Actors Non-Human Actors In-house developed components Third party products.
1 © 2008 Avaya Inc. All rights reserved. IPOffice Configuration Service Emil Ratnam.
We Know IT … IT’s What We Do! ® 2 Cyprien Mvuanda & Jonathan Davis Empire 2.0 Services October 1, 2010 Albany, NY Design, Development,Workflow and Implementation.
Phone: Mega AS Consulting Ltd © 2007  CAT – the problem & the solution  Using the CAT - Administrator  Mega.
Module 9 Configuring Messaging Policy and Compliance.
Introduction to the Adapter Server Rob Mace June, 2008.
ArcGIS Server for Administrators
A Networked Machine Management System 16, 1999.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
— Customer Success Team August / 2015 Remedyforce Enablement Kit Migration from CMDB 1.0 to 2.0.
Microsoft Management Seminar Series SMS 2003 Change Management.
Master Data Management & Microsoft Master Data Services Presented By: Jeff Prom Data Architect MCTS - Business Intelligence (2008), Admin (2008), Developer.
Workforce Scheduling Release 5.0 for Windows Implementation Overview OWS Development Team.
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
Module 5: Managing Content. Overview Publishing Content Executing Reports Creating Cached Instances Creating Snapshots and Report History Creating Subscriptions.
ConfigMgr Discovering and Organizing Resources Mariusz Zarzycki, Phd, MCT, MCTS, MCITP, MCSE, MCSA.....
 1- Definition  2- Helpdesk  3- Asset management  4- Analytics  5- Tools.
SQL Database Management
ArcGIS for Server Security: Advanced
Review of IT General Controls
Bringing Dynamism to OPNFV
Best Practices for Workflow, Dialogs and Business Process Flows
Stress Free Deployments with Octopus Deploy
Configuration and Monitoring
An Introduction to Attendance on Demand
Installing TMG & Choosing a Client Type
Essentials of UrbanCode Deploy v6.1 QQ147
Integrating Data From Multiple Schedules
Building a functional GIS in Imperial Beach with limited resources
IT Asset Management Status Update Hardware Asset Handling
Containers: The new network endpoint
Essentials of UrbanCode Deploy v6.1
IT Asset Management Status Update Hardware Asset Handling
PHP / MySQL Introduction
Description of Revision
Getting Started with LANGuardian
Distributed System Concepts and Architectures
FAST Administration Training
Intro to Config Management Using Salt Open Source
Unit 27: Network Operating Systems
POP: PMACS Operations Portal
Dev Test on Windows Azure Solution in a Box
PMACS Operations Portal (POP)
Lecture 1: Multi-tier Architecture Overview
IT Best Practices for Community Colleges Part 3: Configuration Management Donald Hester March 30, 2010 For audio call Toll Free and use.
TimeKeeper Simple, Powerful, & Free
Web Servers / Deployment
Outline Chapter 2 (cont) OS Design OS structure
Fuego Test System Roadmap and Priorities Discussion June 2018
IBC233 Week 2 Updated Fall 2011.
PCW-09 Vision: Information Center Approval System
The Troubleshooting theory
Features Overview.
Workflows at Austin Water Labs
{Project Name} Organizational Chart, Roles and Responsibilities
Best Practices in Higher Education Student Data Warehousing Forum
Presentation transcript:

POP: Building Automation Around Secure Server Deployment Kevin Lux Penn Medicine luxk@upenn.edu @luxk on Slack https://kevinlux.info/

Talk Overview Background info Integrated server deployment Background work for new process Implementation Value-add Demo

Background: Me Intern in Penn Security Lab (SEAS) in 2001 while attending Drexel. Transitioned to full-time while earning a MSE in CIS. Moved to PSOM in 2006. Started building POP in late 2016.

Background: POP POP: PMACS Operations Portal. The integration point for operational systems in PSOM. Built by me. Current codebase is over 43k lines of code.

Background: POP, cont. Users utilize web forms to create, track and execute requests on operational systems. Back-end has multiple modes of execution: schedules, events, triggers, email, sms, slack, etc. Everything codified into the POP ecosystem is usable by everything else.

Background: POP Integration Points The operational groups of PMACS interact with a wide variety of systems on a daily basis. Most of these systems do not talk to each other. Penn Assignments

Background: POP, cont. Full discussion on POP is far beyond the scope of this talk. For more information on POP, see the “Presentations” section of my website at https://kevinlux.info/. Also will be discussed as part of the ISC IT Staff Convention in May.

Server Deployment: Wants/Haves Want: dynamic data. Have: manually updated lists. Want: integration. Have: going to multiple systems. Want: repeatable results. Have: manual processes. Want: verifiable. Have: manual audits. Essentially: Want: simple. Have: not simple.

Server Deployment: Basic Needs Basic wiki page describing the server is created. Server is in KACE inventory. Server is added to critical components. A security scan of the server is sent to the admin.

Staging Work: KACE Got all servers added to KACE (GPO/Ansible) Custom asset type configured for servers in KACE. Network rules established to allow agent check-ins.

Staging Work: Code Created an API for Critical Components. Created an API for KACE. Created an API for Security Center. Built out POP forms to support new systems.

Implementation Admins use a POP form to update server info in KACE… Project use of the server Importance of the server Admins for the server The type of the data on the server The application role of the server

Implementation, cont. Upon submitting the form, POP… Updates KACE with all the information. Checks Critical Components for the server. Adds the server if not found. Requests a security scan from Security Center. Checks the systems wiki for the server page. Creates it if it doesn’t exist.

Implementation, cont. After the form completes, POP will… Periodically check with Security Center to wait for the scan to complete. Upon completion, the scan is reformatted to a report and emailed to the admins. Refreshes the server wiki page daily with the most recent information about the machine. Virtual/physical hardware changes. Networking changes on the server and firewall. These are the core ideas of POP.

Implementation, cont. Server deletion Critical Components and KACE are both updated when servers are decommissioned. These are the core ideas of POP.

Unintended Value-Add Using the data in KACE, we can create an Icinga configuration to: Monitor basic OS-dependent services. Server-specific application status. The default configuration will at least check the server is alive. More exotic checks (e.g. DB specific ports), make this work even more valuable. These are the core ideas of POP.

Value-Add, cont. Using POP as a controller eliminates the “mess of configuration files” that always seems to pop up. Makes the monitoring server hands-off. Custom monitoring configurations are still supported – they are stored in KACE. These are the core ideas of POP.

Conclusion And lastly and somewhat obviously… Single step vs multiple steps means better chance of the work being performed completely and accurately. Addition of server to required systems (e.g. CC) is compulsory. Time reduction for admins. Reduced administration for managers maintaining admins in external applications. These are the core ideas of POP.

Demo Adding a new server.

Q&A Thanks for your attention! Questions? Follow-up communication channels: luxk@upenn.edu @luxk on Slack https://kevinlux.info/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.