Secure-24 Uses Puppet Enterprise to Build a Server “Assembly Line” for Hosting Critical Apps

Challenge: Complexity and Supporting Clients at Scale

The services Secure-24 provides have earned the company awards and acknowledgments from more than 100 industry bodies and partners — and the way Secure-24 provides those services landed them on Computerworld’s list of the 100 Best Places to Work in IT five years in a row.

The company’s extensive portfolio of services leverages proprietary, highly automated operation tools. Puppet provides automation for those services, helping Secure-24 manage thousands of Linux servers hosting those applications. Secure-24 started with Open Source Puppet, which Engineering Architect Sean Millichamp called “a systems administration game-changing tool.”

Millichamp said Puppet is a “critical part” of Secure-24’s workflow, helping the team continuously deploy new customers and systems. With Puppet, “you aren’t logging into a box and making one-off changes nobody’s documenting. Puppet’s out there ensuring that whatever state you’ve given it is that way on all the systems, consistently and repeatedly, throughout your environment.”

With consistent, predictable infrastructure management by Puppet, the Secure-24 team found itself facing more challenges inherent to enterprise IT: A growing number of platforms to manage, specific and varied compliance hoops, and the high expectations of its client and customer base. The solution? A move to Puppet Enterprise.

Results: Confidence, Compliance & Control Over Enterprise IT

“Life before Puppet was kind of the Dark Ages of system administration … It’s like the Industrial Revolution. It’s the assembly line — you can just stamp out computers. There’s flexibility, you can vary them, and you can just roll them off the line.” 
- Sean Millichamp, Engineering Architect, Secure-24

Secure-24’s switch to Puppet Enterprise gave them access to features they needed to more effectively manage enterprise infrastructure — and, in some cases, just keep up with it. With more built-in functionality than Open Source Puppet, Puppet Enterprise simplified the complex proprietary management they’d already set up: “Puppet can be kind of complex,” said Millichamp, “but Puppet Enterprise delivers it in a very easy-to-consume fashion where it just works.”

• The Puppet Enterprise console: Puppet Enterprise’s web-based graphical user interface (GUI), which isn’t offered to Open Source Puppet users, opens up a new level of accessibility and observability to teams managing enterprise IT. “It provides a great amount of insight and visibility,” said Millichamp.
• Stability and testing: “We went from Open Source Puppet to Puppet Enterprise primarily for the stability, testing, and QA,” said Millichamp. That gives them even greater control over the quality and certainty that each deployment is what they — and their clients and customers — expect.
• Role-based access control (RBAC): Puppet Enterprise features RBAC out of the box, helping Secure-24’s whole team manage its multi-tenant environment without running afoul of security and compliance policies. “Sometimes, due to policy, we’re not allowed to have certain individuals see certain customers,” said Millichamp. “The role-based access control [in Puppet Enterprise] allows us to show just the people who need to see a piece of our environment that slice of data.”
• Extended platform support: “If you’re just running the next new web startup, you might not need to support AIX,” said Millichamp. “We can’t necessarily chase the latest and greatest versions of operating systems.” If a customer uses a business-critical application that only runs on RHEL 4, for example, “we have to support that. We still have to manage it.”

“I love what [Puppet] has done to make system administration fun again,” said Millichamp. “It’s the tool I would have wanted to write but wasn’t quite a good enough programmer to do.”  

Checklist-Ready Security & Compliance

Secure-24’s diverse customer base includes organizations in manufacturing, finance, pharmaceuticals, government, healthcare, transportation, insurance, and more. Many of them operate according to tight compliance policies to protect sensitive data and system access. “We have a number of customers that have very strict security requirements,” said Millichamp — but each customer has unique expectations, including some imposed by regulatory bodies. With Puppet, “on a customer-by-customer basis, we can apply whatever security policies we need on the OS side.”

Instead of manually adjusting OS and application configurations for each environment, Secure-24 can receive a checklist of security items from the customer — things like file permissions and security policy settings like disabling SSH root logins — and Puppet policy-as-code will check continuously to make sure that those items are enforced.

“Once we put it into Puppet, we know that it’s going to stay in that state,” said Millichamp. “And then if it does change, we have an audit log so that we can actually go back and see who changed what, when, and where, and why — which is what the security people really like to see.”

Flexibility to Meet Unique Enterprise Needs

Rich customizability was another selling point for Secure-24’s decision to move to Puppet Enterprise. “If you want to use it the way it ships, you can just install Puppet or Puppet Enterprise and start using it,” said Millichamp.

“But if you need to extend the capabilities” — like how Secure-24 needed to add types, providers, custom functions, custom facts, custom reports, and integrations that made sense with their existing DevOps toolkit — “there’s a plethora of ways to interface with Puppet and consume the data that Puppet provides.”

Find Out How Puppet Enterprise Keeps Critical Infrastructure in Line

With built-in RBAC, compliance scanning, CI/CD, platform support, and automation and configuration management trusted by more than 75% of the Fortune 100, Puppet Enterprise offers an unmatched infrastructure management experience.

See it for yourself with a demo of Puppet Enterprise.

SEE PUPPET ENTERPRISE IN ACTION