4. THE WHY
Avoid initial investment Cost savings
Flexibility Scalability
User control Speed of deployment
Out-of-the-box security and monitoring
5. THE HOW MAGIC
Otherwise known as:
● Infrastructure as
Code
● Use of Cloud
orchestration tools
Enabling:
● Cloud deployments
in a single command
● Auto-scaling
● Uncomplicated
deploy processes
● AUTOMATION
6. Company based in San Francisco
Insecure Systems Constrained ResourcesComplex WorkflowsManual Process
Effectively solve development, operations and security challenges such as:
Allowing for focus on business-critical tasks
10. WHY ADOPT PACKER?
● Templated image builds
● Store templates in source control
● Pre-bake and pre-configure images
● Provide developers with SDKs in images
● Little engineer upskilling required
11. PACKER: TECHNICAL FUNCTIONALITY
Build temporary cloud instance
Provision and configure it according to the template
Snapshot it
Abstraction of cloud provider API manipulation
15. WHY ADOPT TERRAFORM?
● Infrastructure as Code
● Store templated infrastructure in source control
● Provide on-demand infrastructural flexibility
● Little engineer upskilling required
● Simple move to the cloud
16. TERRAFORM TECHNICAL FUNCTIONALITY
Write Terraform templates
Execute ‘terraform plan’
Execute ‘terraform apply’
Resources deployed & state stored
● Abstraction of a cloud provider’s API, templated as code
● Store and manipulate the state of your infrastructure via metadata
19. CONSIDER TERRAFORM ENTERPRISE
● Remote Terraform plans, applies, and locks
● Change management and access control policies
● GitHub integration
● Remote state storage
● Artifact registry
● Notifications
● Auditing
● Rollback State
20. Taking a Leading UK Retailer into the Cloud
Client requirements:
● Equip workforce with the ability to move into the cloud
● Provide a template cloud architecture to move new teams/projects into the cloud
● Get rid of inflexible, long-life, isolated environments
● Scrap complex deployment processes and methodologies
21. DELIVERABLES
● Templated AWS architecture designed and
implemented
● Essentials training to large audiences,
encouraging adoption of new tools
● Key engineers upskilled to train internally
● A project team moved into the cloud
22. OUTCOMES
● Orchestrating infrastructure into the cloud with Terraform
● Deploying resources into AWS using Terraform, via Jenkins
● Creating pre-provisioned images with Packer
● Demonstrating configuration management capability with Chef
● Storing all Infrastructure as Code in Github
● Ready to upskill internally
24. VAULT
Secret management system by Hashicorp
Secure storage Dynamic Secrets Leases Auditing
Secure Infrastructure Automation
25. VALUE OF VAULT
Pre-Vault = secret sprawl, decentralised keys, limited visibility, poorly-defined
‘break-glass’ procedures
Post-Vault = single secret source, pragmatic access, operational access, practical
security
26. VAULT COMPONENTS
Storage backend - Encrypted Vault data storage
Secret backend - Encrypted secret store
Audit backend - Log all interactions with Vault
Auth backend - Authenticate users to access Vault
27. INTERACTING WITH VAULT
Server - HTTP API, manages interaction
Vault token - similar to session cookie, post-authorisation secret access
Barrier - All data transitions are encrypted, in and out
28. INTERACTING WITH VAULT
Begin unsealing process
Gather shared key holders
Form master key
Unseal vault
Access secrets with Vault
29.
30. VAULT ENTERPRISE
● 24x7x365 Phone and email support
● Hardware Security Module (HSM) integration
AUDITS
● Vault's 0.5 audited by iSEC
31. EQUIP YOUR ORGANISATION WITH VAULT
http://contino.io/resources/
Vault Essentials (1 day)
● How Vault works
● How to set-up and implement Vault
● How to store and manage secrets with Vault
● How to secure applications with Vault
32. VALUE, EFFICIENCY & SECURITY
● Security with Vault
● Efficiency with Packer & Terraform
● Value with moving your organisation into the cloud swiftly, effectively
and securely
34. CONTINO OVERVIEW
We help Enterprise organisations transform their software delivery engines.
We do this by delivering on key strategic technology initiatives whilst also upskilling our clients workforce and
supporting the development of a more vibrant engineering culture.
▪ Transform how you work with enterprise DevOps and Continuous Delivery
▪ Transform your infrastructure with Cloud
▪ Transform your application delivery with Containers
▪ Transform your enterprise architecture with Microservices
Based on our engagements with many global enterprise clients, we have developed significant IP in how to
transform to DevOps and adopt the associated technology stacks within an enterprise setting.
37. NEED HELP? GET IN TOUCH
Achieving value, efficiency and security may not be so difficult…
Call us: 0203 227 0961
Email us: london@contino.io
Our offerings: contino.io/resources