Presentation is loading. Please wait.

Presentation is loading. Please wait.

POP: Building Automation Around Secure Server Deployment

Published byAdam Wright Modified over 6 years ago

Similar presentations

Presentation on theme: "POP: Building Automation Around Secure Server Deployment"— Presentation transcript:

1 POP: Building Automation Around Secure Server Deployment
Kevin Lux Penn on Slack

2 Talk Overview Background info Integrated server deployment
Background work for new process Implementation Value-add Demo

3 Background: Me Intern in Penn Security Lab (SEAS) in 2001 while attending Drexel. Transitioned to full-time while earning a MSE in CIS. Moved to PSOM in 2006. Started building POP in late 2016.

4 Background: POP POP: PMACS Operations Portal.
The integration point for operational systems in PSOM. Built by me. Current codebase is over 43k lines of code.

5 Background: POP, cont. Users utilize web forms to create, track and execute requests on operational systems. Back-end has multiple modes of execution: schedules, events, triggers, , sms, slack, etc. Everything codified into the POP ecosystem is usable by everything else.

6 Background: POP Integration Points
The operational groups of PMACS interact with a wide variety of systems on a daily basis. Most of these systems do not talk to each other. Penn Assignments

7 Background: POP, cont. Full discussion on POP is far beyond the scope of this talk. For more information on POP, see the “Presentations” section of my website at Also will be discussed as part of the ISC IT Staff Convention in May.

8 Server Deployment: Wants/Haves
Want: dynamic data. Have: manually updated lists. Want: integration. Have: going to multiple systems. Want: repeatable results. Have: manual processes. Want: verifiable. Have: manual audits. Essentially: Want: simple. Have: not simple.

9 Server Deployment: Basic Needs
Basic wiki page describing the server is created. Server is in KACE inventory. Server is added to critical components. A security scan of the server is sent to the admin.

10 Staging Work: KACE Got all servers added to KACE (GPO/Ansible)
Custom asset type configured for servers in KACE. Network rules established to allow agent check-ins.

11 Staging Work: Code Created an API for Critical Components.
Created an API for KACE. Created an API for Security Center. Built out POP forms to support new systems.

12 Implementation Admins use a POP form to update server info in KACE…
Project use of the server Importance of the server Admins for the server The type of the data on the server The application role of the server

13 Implementation, cont. Upon submitting the form, POP…
Updates KACE with all the information. Checks Critical Components for the server. Adds the server if not found. Requests a security scan from Security Center. Checks the systems wiki for the server page. Creates it if it doesn’t exist.

14 Implementation, cont. After the form completes, POP will…
Periodically check with Security Center to wait for the scan to complete. Upon completion, the scan is reformatted to a report and ed to the admins. Refreshes the server wiki page daily with the most recent information about the machine. Virtual/physical hardware changes. Networking changes on the server and firewall. These are the core ideas of POP.

15 Implementation, cont. Server deletion
Critical Components and KACE are both updated when servers are decommissioned. These are the core ideas of POP.

16 Unintended Value-Add Using the data in KACE, we can create an Icinga configuration to: Monitor basic OS-dependent services. Server-specific application status. The default configuration will at least check the server is alive. More exotic checks (e.g. DB specific ports), make this work even more valuable. These are the core ideas of POP.

17 Value-Add, cont. Using POP as a controller eliminates the “mess of configuration files” that always seems to pop up. Makes the monitoring server hands-off. Custom monitoring configurations are still supported – they are stored in KACE. These are the core ideas of POP.

18 Conclusion And lastly and somewhat obviously…
Single step vs multiple steps means better chance of the work being performed completely and accurately. Addition of server to required systems (e.g. CC) is compulsory. Time reduction for admins. Reduced administration for managers maintaining admins in external applications. These are the core ideas of POP.

19 Demo Adding a new server.

20 Q&A Thanks for your attention! Questions?
Follow-up communication channels: @luxk on Slack

Download ppt "POP: Building Automation Around Secure Server Deployment"

Similar presentations

Implementing Tableau Server in an Enterprise Environment

Implementing Tableau Server in an Enterprise Environment
AppManager 7: Deep Technical Dive Tim Sedlack & Michi Schniebel Sr. Product Managers.

AppManager 7: Deep Technical Dive Tim Sedlack & Michi Schniebel Sr. Product Managers.
Overview Of Microsoft New Technology ENTER. Processing....

Overview Of Microsoft New Technology ENTER. Processing....
Usability Test by Knowing User’s Every Move - Bharat chaitanya.

Usability Test by Knowing User’s Every Move - Bharat chaitanya.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
A Feature-Based Analysis & Comparison of IT Automation Tools: Comparing Kaseya to Developed By: & Advisor : Dr. S. Masoud Sadjadi School of Computing and.

A Feature-Based Analysis & Comparison of IT Automation Tools: Comparing Kaseya to Developed By: & Advisor : Dr. S. Masoud Sadjadi School of Computing and.
Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.

Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.
Patch Management Module 13. Module 2-421 You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.

Patch Management Module 13. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.
FileSecure Implementation Training Patch Management Version 1.1.

FileSecure Implementation Training Patch Management Version 1.1.
Configuration Management T3 Webinar Feb 21, 2008 Chuck Larsen ITS Program Coordinator Oregon Department of Transportation.

Configuration Management T3 Webinar Feb 21, 2008 Chuck Larsen ITS Program Coordinator Oregon Department of Transportation.
© 2010 VMware Inc. All rights reserved Patch Management Module 13.

© 2010 VMware Inc. All rights reserved Patch Management Module 13.
Web Application Security Implementation - © 2007 GIAC Web Application Security Implementation SANS MSISE GDWP Kevin Bong John Brozycki July 26, 2007.

Web Application Security Implementation - © 2007 GIAC Web Application Security Implementation SANS MSISE GDWP Kevin Bong John Brozycki July 26, 2007.
PRESENTED BY: K2 blackpoint Fundamentals Module 1: Understand J SCOTT PITMAN –

PRESENTED BY: K2 blackpoint Fundamentals Module 1: Understand J SCOTT PITMAN –
Overview of MSS System Human Actors Non-Human Actors In-house developed components Third party products.

Overview of MSS System Human Actors Non-Human Actors In-house developed components Third party products.
1 © 2008 Avaya Inc. All rights reserved. IPOffice Configuration Service Emil Ratnam.

1 © 2008 Avaya Inc. All rights reserved. IPOffice Configuration Service Emil Ratnam.
We Know IT … IT’s What We Do! ® 2 Cyprien Mvuanda & Jonathan Davis Empire 2.0 Services October 1, 2010 Albany, NY Design, Development,Workflow and Implementation.

We Know IT … IT’s What We Do! ® 2 Cyprien Mvuanda & Jonathan Davis Empire 2.0 Services October 1, 2010 Albany, NY Design, Development,Workflow and Implementation.
Phone: +44 7972 111149 Mega AS Consulting Ltd © 2007  CAT – the problem & the solution  Using the CAT - Administrator  Mega.

Phone: Mega AS Consulting Ltd © 2007  CAT – the problem & the solution  Using the CAT - Administrator  Mega.
Module 9 Configuring Messaging Policy and Compliance.

Module 9 Configuring Messaging Policy and Compliance.
Introduction to the Adapter Server Rob Mace June, 2008.

Introduction to the Adapter Server Rob Mace June, 2008.

Similar presentations

Ads by Google