3. Who are Hiscox?
3
USA
Atlanta
Chicago
Los Angeles
New York City
San Francisco
White Plains
Guernsey
St Peter Port
Latin American
gateway
Miami
Bermuda
Hamilton
Europe
Amsterdam
Bordeaux
Brussels
Cologne
Dublin
Hamburg
Lisbon
Lyon
Madrid
Munich
Paris
UK
Birmingham
Colchester
Glasgow
Leeds
London
Maidenhead
Manchester
York
Asia
Bangkok
Hong Kong
Singapore
International specialist insurer
£2.0B in GWP
2,000 employees
4. The Hiscox IT landscape
Hiscox is an insurance company.
Where possible we buy, not build.
The organisation relies on customised,
packaged applications.
This has its own challenges.
4
5. Deployment stack
5
Paceofchange
Stage Item Examples Tools
Ready Application
components
DLLs,
SQL scripts,
configuration
IBM UrbanCode
Octopus Deploy
Deployed Middleware IIS, JBoss Puppet
Configured Server
configuration
NTFS, registry Puppet
Installed Server
applications
AV, SQL Server VMware
templates
Built Operating
system
OS, partitions,
AD membership
VMware
templates
Provisioned Orchestration CMP/ITSM VMware
Purchased Requisition CMP/ITSM
Paceofchange
12. Package manager alternatives
There’s Chocolatey, which is immature;
the usual “Programs and Features” control
panel, which doesn’t handle versions well;
storing each file individually, which doesn’t
scale;
or direct use of archives, which is ugly.
12
14. Windows Package Manager
Chocolatey is the way to go as far as
package management for Puppet on
Windows, but how does it work for
enterprise?
Not so well, it turns out. Packages vary in
quality and most go off to other provider’s
Web sites for installers.
So, take control:
– Write your own Chocolatey packages
– Manage Chocolatey packages and
providers’ installers locally
14
15. Chocolatey configuration
- It’s actually quite simple to write your own
Chocolatey puppet module. We change the
following configuration
- Disable ‘chocolatey’ source
- Add a new source to your internal Chocolatey
repository
- Set
autoUninstaller = true
allowGlobalConfirmation = true
failOnAutoUninstaller = true
- Add an API key to be able to push new
packages to your internal Chocolatey
repository
15
16. Creating a Chocolatey package
is easier than might you think
- choco new
Then edit as needed. Finally
- cpack
- choco push
16
25. Windows and ACLs
Puppet supports Windows access control
lists natively, but the defaults are Linux style,
not Windows.
So you won’t get what you expect.
Typically, Administrator won’t have access.
We use native Windows utilities to apply
permissions and wrap this up in PowerShell
modules.
27. Our results
We have 120+ test servers, 22+
environments, and in total about 20 modules
in use.
We have 100% automation of deployments
from bare operating system to production
deployments.
We have no access to production servers.
This has saved several thousand pounds
over alternative approaches and means we
can deploy much more frequently.
27
29. We found this the hard way
The Puppet documentation is just the start.
Network with colleagues across your
organisation and in other companies too.
Invest in a training / scratch environment.
Keep abreast of new Puppet modules.
Buy Puppet Enterprise support. It’s good!
29