Revision c8883e31
Added by François ARMAND almost 7 years ago
00_introduction/01_presentation.txt | ||
---|---|---|
(_ISO 27001 rules are at 100%!_) and break down noncompliance issues to a deep
|
||
technical level (_Host prod-web-03: SSH server configuration allows root logins_).
|
||
|
||
A few things that make Rudder stand out:
|
||
A few things that make Rudder stand out:
|
||
|
||
* A *simple framework* allows you to *extend the built-in rules* to implement
|
||
specific low-level configuration patterns, however complex they may be, using
|
||
simple building blocks (_ensure package installed in version X_, _ensure file content_,
|
||
_ensure line in file_, etc.). A graphical builder lowers the technical level required to use this.
|
||
* Each policy can be independently set to be automatically *checked or enforced*
|
||
_ensure line in file_, etc.). A graphical builder lowers the technical level required to use this.
|
||
* Each policy can be independently set to be automatically *checked or enforced*
|
||
on a policy or host level. In Enforce mode, each remediation action is recorded,
|
||
showing the value of these invisible fixes.
|
||
* Rudder works on almost *every kind of device*, so you’ll be managing physical
|
||
showing the value of these invisible fixes.
|
||
* Rudder works on almost *every kind of device*, so you’ll be managing physical
|
||
and virtual servers in the data center, cloud instances, and embedded IoT devices
|
||
in the same way.
|
||
in the same way.
|
||
* Rudder is designed for *critical environments* where a *security* breach can mean
|
||
more than a blip in the sales stats. Built-in features include change requests,
|
||
audit logs, and strong authentication.
|
||
* Rudder relies on an agent that needs to be installed on all hosts to audit.
|
||
more than a blip in the sales stats. Built-in features include change requests,
|
||
audit logs, and strong authentication.
|
||
* Rudder relies on an agent that needs to be installed on all hosts to audit.
|
||
The *agent is very lightweight* (10 to 20 MB of RAM at peak) and *blazingly fast*
|
||
(it’s written in C and takes less than 10 seconds to verify 100 rules). Installation
|
||
is self-contained, via a single package, and can auto-update to limit agent
|
||
management burden.
|
||
management burden.
|
||
* Rudder is a *true and professional open source* solution—the team behind Rudder
|
||
doesn’t believe in the dual-speed licensing approach that makes you reinstall
|
||
everything and promotes open source as little more than a “demo version.”
|
||
... | ... | |
|
||
image::./images/dashboard-overview.png[Rudder dashboard]
|
||
|
||
==== Made for the Production
|
||
|
||
We believe that there is a growing impedence mismatch between the Short Time of
|
||
application development and deployement, and the Long Time of the infrastructure.
|
||
The latter need rationalisation, stability and conformity before catching the hyped
|
||
techno of the day, to be able to deliver reliable technical platform, continuously
|
||
working with a minimum of risks.
|
||
|
||
Rudder was made for the Long Time, to help team deliver efficient infrastructures with
|
||
simplicity, giving them feedback where needed, keeping them alert of possible
|
||
incoming problem, continously checking conformity to their rules, and all of that
|
||
whatever the infrastructure they choose to build.
|
||
|
||
image::./images/introduction/build_run_devops.png[Modern IT production of services and Open Source automation tools stack]
|
||
|
||
To achieve these goals, Rudder goes beyond simple automation of commands or
|
||
configurations. Rudder continuously maintains your infrastructure to keep it
|
||
conform with your configurations and security rules.
|
||
|
||
At each level (global, by configuration policy, by node, etc), you can choose to
|
||
either *Audit* the component - and no modification at all will made on it -, or to
|
||
*Enforce* the policy, automatically correcting a drift if needed.
|
||
|
||
==== Different roles for a better accessibility
|
||
|
||
Rudder was thought from the start for plug&play-ability: easy to install and to
|
||
upgrade, easy to start with and growth with.
|
||
|
||
Rudder comes with a graphical interface, a standard library of configuration
|
||
policy ready to use, and a graphical rule editor.
|
||
|
||
image::./images/introduction/web_api_cli.png[Use what best feets your need: Web interface, API, or console]
|
||
|
||
Developers can script Rudder throught its APIs and security teams can check
|
||
conformity level to their policies or inventory (both software and hardware) of a
|
||
server at any time.
|
||
|
||
|
||
==== Universality
|
||
|
||
Rudder agent is extremely fast, light, and versatile. It works on a wide variety
|
||
of OS or hardware, from physical server to cloud instance, user laptops or even
|
||
Digital Cities and IoT objects.
|
||
|
||
image::./images/introduction/agent_output.png[Versatile agent]
|
||
|
||
|
00_introduction/20_key_features.txt | ||
---|---|---|
[[key-features]]
|
||
=== Key Features
|
||
|
||
==== Os independent target configuration state definition
|
||
|
||
image::./images/core_techniques.png[Standard Technique Library]
|
||
|
||
|
||
|
||
==== Centralize and aggregate real configuration state
|
||
|
||
image::./images/introduction/general_behavior_workflow.png[Define target, check, report, remediate]
|
||
|
||
image::./images/introduction/rules_compliance.png[Rules compliance reporting]
|
||
|
||
image::./images/introduction/rule_compliance_details.png[Fine grained reporting on configuration components]
|
||
|
||
|
||
==== Automatic inventory
|
||
|
||
|
||
|
||
==== REST API
|
||
|
||
|
||
|
||
|
||
==== Audit trace and Change Requests
|
||
|
||
image::./images/introduction/audit_trace.png[Trace events and display changes]
|
||
|
||
image::./images/introduction/change_request.png[Change Request]
|
||
|
||
|
||
==== Centralized authentication (LDAP, Active Directory, plugins)
|
||
|
||
|
||
|
||
==== Extensibilty
|
||
|
||
image::./images/introduction/generic_methods_list.png[Non exhaustive list of generic methods]
|
||
|
||
image::./images/introduction/rule_directive_generic_method_stack.png[Build your own configuration, matching your requirements]
|
||
|
||
image::./images/introduction/ncf_language.png[high level definition language]
|
||
|
||
image::./images/introduction/technique_editor_overview.png[Graphical Technique Editor - the simplest way to build new configuration]
|
||
|
||
|
||
|
00_introduction/40_architecture_and_dependencies.txt | ||
---|---|---|
[[architecture]]
|
||
=== Technical architecture and software dependencies
|
||
|
||
==== Functionnal architecture of Rudder
|
||
|
||
image::./images/introduction/rudder_functional_component_diagram-simple-v1.png[Rudder functionnal architecture]
|
||
|
||
|
||
==== Network architecture in client/server mode
|
||
|
||
image::./images/introduction/network_connections.png[Network architecture]
|
||
|
||
|
||
==== Agents
|
||
|
||
|
Also available in: Unified diff
Fixes #10673: Add a \"general presentation\" chapter in documentation