Our teams created and leveraged a centralized management system for VM and security configurations across thousands of machines to increase security and automation.

Context

Client made significant investments in a large VM-based environment, but struggled with management operations. Frequent changes to configuration and RBAC controls across thousands of VMs in hundreds of data centers was a management nightmare.

Solution

Create and leverage a centralized system to manage and track configuration changes and RBAC controls across thousands of Windows and Linux virtual machines. This allowed for automated rollout of software and RBAC settings across multiple environments.

Details

Initially, our team designed and implemented a centralized configuration management system. Not only were device settings stored here, but also app and security settings.

Because Secure LDAP (LDAPS) was the preferred protocol, and because every device needed an RBAC authentication module, our team developed a custom client. This client handled authentication, permissions, configuration loading, and system check-in.

Using Ansible and Terraform, our team was able to deploy and configure over 5000 Windows and Linux Virtual Machines (VMs) with this client.

Lastly, our team developed runbooks and trained client subject matter experts to successfully manage operations.

Overall, some of the most important technologies that led to the success of this transformation included:

• LDAP / LDAPS
• ForgeRock
  • OpenDJ
  • OpenAM
• Bash
• CentOS
• RedHat
• Ansible
• Terraform

Results

In summary, our client was able to quickly secure their environment and leverage fine-grain RBAC controls. Additionally, our client was able to standardize and update configurations across thousands of machines in a timely manner.

Ultimately, our client realized increased security, fewer incidents, and was able to scale operations to meet the needs of their environment.

Related Projects

Many projects involve similar technologies and processes, here are some other case studies you may find useful:

• Monolith to Microservice Migration
• Vulnerability Management Process Improvement

More on Centralized Configuration Management

Generally, organizations aim to use centralized systems in as many applications as possible.

Why?

Centralized systems are used as Sources of Truth (SOT) – and usually, it is best practice to only have one for a system. Software configuration is not an exception to this practice.

In fact, software configuration is one of the most difficult problems to solve in this field. Multiple OS types, vast software repositories, frequent updates, and version dependencies cause administrators massive headaches.

As software development practices mature, better tools and strategies are being built every day. Check out some of these reads for other takes:

• Azure VM Configuration
• Configu – Configuration as Code

If your organization is looking to solve configuration management issues or RBAC controls, we would love to learn more!

– Team Llama 🦙