June 28, 2017 presentation at the Brisbane AWS Meetup.
OpsWorks for Chef Automate is a service directly available from AWS, managed by Chef as a joint offering.
3. Microservices
Container Runtime
Datacenter
Microservices
Physical Runtime
Cloud
Monolithic
Container Runtime
Datacenter
Microservices
”
Hybrid is the standard model for Modern App Teams
Teams need to deliver all infrastructure, any app, everywhere. Continuously.
Emerging LandscapeLegacy Reality
Most enterprises are going to operate in hybrid mode for many years to come
Andy Jassy, CEO, Amazon Web Services (re:Invent 2016)
Architecture
MONOLITHS MICROSERVICES
Runtime
PHYSICAL CONTAINERS
Infrastructure
DATACENTER CLOUD
Infrastructure ApplicationCompliance
Automation
The state of an app portfolio
APP A APP B
APP C APP D
Physical Runtime
Datacenter
4. Velocity: time from idea to ship
Software success metrics
Quantifying outcomes to deliver software at speed
Deployment
frequency
Time from
commit to deploy
Mean time
to resolve
Time deploying
remediation
Change failure
rate
SPEED
Measure of rate
of software change
EFFICIENCY
Measure of effectiveness
of software change
RISK
Measure of quality
of software change
Compliance audit
frequency
Idea Ship
6. Chef
▪ Manages deployment
and on-going automation
▪ Define reusable resources
and infrastructure state as code
▪ Scale elegantly from one to tens of
thousands of managed nodes across
multiple complex environments
▪ Community, Certified Partner, and
Chef supported content available
for all common automation tasks
Infrastructure automation
and delivery at scale
windows_feature ‘IIS-WebServerRole’ do
action :install
end
windows_feature ‘IIS-ASPNET’ do
action :install
end
iis_pool FooBarPool do
runtime_version “4.0”
action :add
end
package "apache" do
action :install
end
template “/etc/httpd/https.conf” do
source “httpd.conf.erb”
mode 0075
owner “root”
group “root”
end
service “apache2” do
action :start
done
7. PART OF A PROCESS OF CONTINUOUS COMPLIANCE
Scan for
Compliance
Build & Test
Locally
Build & Test
CI/CD Remediate Verify
A SIMPLE EXAMPLE OF AN INSPEC CIS RULE
InSpec
▪ Translate compliance into Code
▪ Clearly express statements of policy
▪ Move risk to build/test from runtime
▪ Find issues early
▪ Write code quickly
▪ Run code anywhere
▪ Inspect machines, data and APIs
Turn security and
compliance into code
control ‘cis-1.4.1’ do
title ‘1.4.1 Enable SELinux in /etc/grub.conf’
desc ‘
Do not disable SELinux and enforcing in your
GRUB configuration. These are important security features that
prevent attackers from escalating their access to your systems.
For reference see …
‘
impact 1.0
expect(grub_conf.param ‘selinux’).to_not eq ‘0’
expect(grub_conf.param ‘enforcing’).to_not eq ‘0’
end
8. Habitat
▪ Ease the burden of managing microservice
apps and bring benefits of apps architected
for microservices to traditional applications
▪ Gain consistent management of new
and traditional applications across their lifecycle
▪ Provides application portability for new and traditional
apps
▪ Autonomous nodes self-manage runtime state
of application based upon policy you define
▪ APIs expose application behaviors
as data for better management
▪ Works in tandem with infrastructure automation
▪ Makes applications running on containers,
PaaS, virtual machines, bare metal, … better
Automation that travels with the app
9. The Chef Automate Platform
Continuous Automation for High Velocity IT
Workflow • Local development • Integration • Tooling (APIs & SDKs)
COLLABORATE
▪ Package
▪ Test
▪ Approve
BUILD
▪ Provision
▪ Configure
▪ Execute
▪ Update
DEPLOY
▪ Secure
▪ Comply
▪ Audit
▪ Measure
▪ Log
MANAGE
Infrastructure Automation Compliance AutomationApplication Automation
OSS AUTOMATION ENGINES
Increase Speed
▪ Package infrastructure and app
configuration as code
▪ Continuously automate
infrastructure and app updates
Improve Efficiency
▪ Define and execute standard
workflows and automation
▪ Audit and measure effectiveness of
automation
Decrease Risk
▪ Define compliance rules as code
▪ Deliver continuous compliance as
part of standard workflow
10. AWS OpsWorks for Chef Automate
Native Amazon Service
Managed Chef Server
▪ Utilizes RDS and other native
services
▪ May be externally accessible
AWS Native
▪ Auto Scaling in your VPC
▪ Automatic backups and upgrades
OpsWorks Stacks
▪ New name for previous version of
OpsWorks
● Partnership between Amazon and Chef, jointly
developed and maintained
● Fully managed AWS service with frequent updates
● Fully compatible with open source Chef
● Amazon is your support and billing
● All Chef Automate features will be supported
○ Visibility and Workflow today
○ Compliance soon
○ Currently Northern Virginia, Oregon & Ireland
with more planned