Cloud Technology Sessions
Galen Emery, Lead Security & Compliance Architect, Chef
Annagreth Flierl, Customer Success Manager - EMEA, Chef
Keka Ichinose, Product Manager, Chef
Anthony Rees, Solutions Architect - APAC, Chef
Rachel Rice, Software Development Engineer, Chef
John Snow, Sr. Software Development Engineer, Chef
John Wyss, VP of Product, Chef
Compliance and security for organizations remains a complex and unsolved puzzle. Customers have told us that Chef’s automation stack has enabled them to take their first steps forward by scanning their fleet for issues and authoring remediation cookbooks for the most critical assets. The criticality of security and compliance work for IT leaders has been underscored by an endless parade of high profile breaches across every industry, which continue to rise in frequency and severity each year. Can we collect all the learnings from the Chef community and raise the bar on automation tools?
Customers have encouraged us to continue to innovate in this area by removing much of the delay and cost associated with content production, and enable them to take an enterprise-wide approach across even cloud and hybrid assets. What’s needed is a policy-driven framework for benchmarks with controls which are easily customized to company compliance posture, including the ability to manage waivers as needed, including full visibility of approvals.
With the new Chef Compliance product, Chef includes a spectrum of certified, Chef-tested and fully supported audit and remediation content which represents best practices for securing each type of end point.
In this marquee session, the Chef team will introduce Chef Compliance, moving forward automation-at-scale for the DevSecOps community. See for yourself a demo on how Chef Compliance Audit helps security and operations teams maintain complete visibility over compliance status. See also how Chef Compliance Remediation helps close the loop between audit and remediation to allow for continuous compliance in the enterprise. And you’ll hear some real world customer outcomes!
Justin Rivait, Infrastructure Engineer, CUNA Mutual GroupWatch Session » Session Description »
The hardest part of integrating Chef Infra into an organization isn’t learning the technical aspect - it’s helping others to understand “The Why”, and to build a solid community of practitioners. Culinary students often learn the concept of “Mise en Place”, or “Everything in its Place”. From champions, to technical challenges - come learn from my organizations’ lessons that enabled us to scale Chef out, and the epics and features that would have helped us grow faster and become more successful earlier in our journey.
As organizations look to bring new tools in to increase the quality of their infrastructure and speed software delivery, it’s often engineers that identify what may be able to improve these processes. Generally what follows is a business case presented to leadership in order to secure funding, an initial purchase order, and then a discovery period for those engineers and their product or service owners on how to make the tool work well in their unique ecosystems. For many, it’s tempting to start automating and delivering right away - to just get something out there to show value. Often there is low hanging fruit that can be pointed to as a success story - but it’s the more complicated patterns that can slow adoption down. In order for real success to happen there must be a strong community and willingness to change the ways in which we work, as well as support from the bottom of the organization all the way to the business leaders that partner with IT. We can increase velocity and adoption of new tools and ideas by following the concept of “Mise en place”, or “Everything in its Place” by laying a solid foundation for Chef, or any other new tool or concept in our organizations to remove friction and make new ideas become successful realities.
Come learn how we developed a community of practitioners, built support for Chef, and laid the groundwork for Chef to not only survive, but to excel in our organization. In this talk we’ll share how to build a strong business case for Chef to garner support and build new champions. We’ll also cover some epics and features that we think are critical to the success of Chef in an organization. Finally, we’ll talk about some thoughts around removing friction from the development lifecycle for Chef Infra to make it easier to learn and use.
Matt Ray, Regional Manager, Customer Architect APJ, ChefWatch Session » Session Description »
HashiCorp’s Terraform is a popular open-source Infrastructure as Code tool that allows us to quickly provision and manage infrastructure across the cloud. There are a wide variety of complementary integrations between Chef Infra, Habitat, and InSpec with Terraform that enhance the ease of managing infrastructure, applications, and compliance. This talk will dive into what’s available and provide live demos of the Terraform integrations working together as we discuss how these complementary technologies achieve the goals of Infrastructure as Code.
Graham DavisonWatch Session » Session Description »
This talk will follow a five-year journey with Chef Infra. We will start with its introduction to an existing on-premise infrastructure and scaling as the environment grew. As we scaled, we extended some of the Chef command-line tools to ease deployment.
Next, we will explore the successful and less successful approaches to moving into a hybrid cloud infrastructure in AWS. We built AMIs using Packer and Chef Infra, but ended up with forked cookbook implementations for on-premise and cloud environments.
Finally, we will explore a cloud-centric deployment integrating AWS features with Chef Infra and Chef InSpec, and adopting Policyfiles.
Arthur Maltson, Distinguished Engineer, Capital OneWatch Session » Session Description »
Test Driven Development is a popular concept in Software Development, leading to higher quality code that’s easier to maintain. Automated testing is normally a foreign concept in the Operations/DevOps world, but as you ssh into your servers to make that quick fix or run your updated script (fingers crossed), you might be wondering if there’s a better way. A way that gives you the confidence in your script and lets you test those scripts in isolation. There is a better way! Test Driven Infrastructure (TDI) is now possible. I know, it sounds crazy.
At this session you’ll learn the how, and more importantly the why, of TDI. You’ll see how Chef can be tested with Test Kitchen and Chef InSpec. You’ll also learn how to improve your feedback cycle with Docker, and using the Docker approach on a CI server. There’s even a live demo!
Finally, the Ops world collides with the Dev world in true DevOps testing bliss.
Kyle Harper, Lead Engineering Manager, CernerWatch Session » Session Description »
Are you challenged to demonstrate security compliance with strict security controls? Are your systems unexpectedly failing security audits due to your inability to routinely assess your posture? By auditing compliance through agile software delivery, one can reduce the toil of demonstrating an aggressive security posture at scale. InSpec, a compliance as code tool, enables organizations to quickly and frequently produce compliance artifacts while providing a framework for iterative continuous improvement.
In this talk, we will share our journey and challenges encountered leveraging compliance as code to validate system compliance in a federal space. We will share first-hand experience and lessons learned with successfully meeting these challenges. Whether you are a software developer, security professional, or in operations, all can benefit from these concepts.
- Interpret Security Technical Implementation Guides (STIGs) into well-defined InSpec.
- Collaborate on InSpec controls to unite and articulate your organization’s desired security posture.
- Learn methods to inject more contextual information into your InSpec results.
- Prepare auditors for this new philosophical approach.
- Create orchestration pipelines to execute InSpec at mass scale.
- Learn techniques for converting InSpec results into auditor required specific formats.
Learn from the shared experiences of an engineering manager responsible for the creation of InSpec profiles leveraged to audit systems with stringent federal security requirements.
Lance Albertson, Director, OSU Open Source LabWatch Session » Session Description »
Multi-node testing with Kitchen has long been a requested feature, however it’s outside of the scope of Kitchen. Multi-node testing is useful for testing complex services such as replicated database servers, Ceph clusters and OpenStack to name a few.
Some examples of how this is useful:
- Test to ensure your replicated database servers can fail over properly
- Test an upgrade between versions of Ceph or Openstack where doing this in an “All-in-One” might have differences with multiple nodes interacting
- Ensure all components can communicate properly with firewalls
At the OSUOSL, we developed a method for doing this using a combination of Kitchen, Terraform, InSpec and OpenStack (however any public cloud supported by Terraform will also work).
This session will cover the following topics:
- Why this is important and the problem we’re trying to solve
- Discuss what tools we used
- How you can replicate this for your environment
- Recorded demo using a real-world example
Annie Hedgpeth, Senior Cloud Automation Engineer, 10th MagnitudeWatch Session » Session Description »
For those that have longed for a simpler test-driven approach to Terraform development, come and see how I’ve made my team’s lives easier by using Test Kitchen for Terraform and how I can validate my deployments with InSpec. This will be a beginner’s guide, but all skillsets are welcome to contribute to the conversation!
We’ll discuss the different use cases for Terraform testing, such as:
- Test Driven Development (TDD)
- Integration Testing and CI/CD
- Compliance, shifting security left
- Production provisioning validation
As we know, good testing doesn’t just solve CI/CD problems; it solves culture problems. I will seek to convince you of why you need to invest in a good Terraform testing strategy early and how you might have bought into a myth that makes you think you have velocity when you don’t (are you running in wet cement).
And if you’re late to the game and have existing infrastructure with no tests, that’s okay, too. Let’s talk about how you can reduce stress by adding in some testing now. It’s not too late.
It takes an IT village to do DevOps, so let’s talk about moving security and sanity left with InSpec and Terraform. So many use cases, and so little time. You’ll leave this talk ready to implement at least one of them.
Sean Carolan, Senior Technology Specialist, HashiCorpWatch Session » Session Description »
One of the questions Chef users often ask is “How can I orchestrate Chef runs across multiple nodes, where node A depends on something that happens on node B?” The standard solution has been to store the data temporarily on the Chef server where the dependent nodes can reach it.
Instead of a kludgy workaround that passes state data between machines, what if you had an always on, always up-to-date service catalog showing the IP address, port and health of every service on your network. You can even store arbitrary data in Consul for Chef to consume during runs.
Take the hassle out of multi-node configuration management with Consul and Chef.