While the series of events brought about by pandemic this year has come thick and fast and radically changing the way of life, our engineers have been hard at work pushing out another major release of our software. We are pleased to announce the release of OpsMx Enterprise for Spinnaker (OES) 3.0 which is now available to all our customers. OES 3.0 release brings exciting new features for automation of software delivery processes such as enterprise policy engine, comprehensive audit and automated verification of new updates, and simplified release management features. This release is one more step closer to our vision of enabling enterprises to perform “Software delivery without human intervention.” OpsMx Enterprise for Spinnaker 3.0 sports a new easier to navigate UX that dramatically improves the user experience by centralizing the platform’s UI, adding intuitive CD and Application dashboards, and powerful reporting capabilities. Free Trial available here. OES 3.0 also adds powerful new capabilities such as OpsMx Autopilot for multi-service deployment verification, Compliance and policy management, audit trailing, security hardening and application and release management. DevOps engineers, product managers, SREs, and security personnel get a unified solution that gives them the power to deploy any change ( apps, bug fixes, releases) at high velocity, but with gates and guardrails for enhanced security and reduced risk. Highlights of features in OES 3.0:
- Continuous Verification for Multi-service deployments
- Continuous Compliance and Policy Management
- Audit Trailing
- Application Management
- Release Management
1. Continuous Verification for multi-service deployments
- Autopilot, the intelligent continuous verification platform for any CI/CD, is now embedded into OES in 3.0 release. Enterprises now get an AI/ML-powered continuous verification platform that verifies software updates across all deployment stages, ensuring their safety and reliability in production. It automates the release verification, which otherwise was a time-consuming and error-prone manual process. With OES 3.0 enterprise can assess the risk of a new release, find the root-cause of issues and abnormalities for instantaneous diagnosis, and can get real-time visibility and insight about the performance and quality of new deployments to avoid business disruption. The OES 3.0 screenshot below represents the risk scores of various application releases in Build, Test, Deploy, and Production stages respectively.
- Typically, modern applications with microservice architecture consist of tens of services, and an app release may include changes pertinent to all or most of those services. In each deployment stage, a release emits thousands of metrics and logs. And these machine data are complicated for humans to analyze and infer if the release is successful and deem fit to progress to the next stage. With OES 3.0 the verification of each release is done by analyzing all the logs and metrics at each stage of deployment. The risk associated is assessed, and the risk score of each release is displayed on the application dashboard which can be quickly used by CI/CD admin or project managers for better decision making.
- In the OES 3.0, there is also a provision to select any stage: Build/Test/Deploy/Prod and delve deeper into any service of an application to see log and metric analysis. Through continuous analysis of thousands of performance metrics and torrents of machine log data, OES reduces deployment failures by 3X. First it suppresses noise, de-duplicates logs, and finally aggregates genuine logs based on their business criticality, exceptions and warnings. Then it plots the insights through cluster graphs to highlight only the critical errors of a release. This helps DevOps engineers to prioritize events and diagnose issues related to a failed release quickly. Hence enterprise would not depend on experts for hours to perform the analysis. Furthermore, enterprises can Improve collaboration and enhance their teams’ productivity by up to 70% due to real-time analysis of metrics such as throughput, latency, resource usage, etc. in comparison to existing releases. An intuitive UI with a graphical representation of success and failure of previous releases increases visibility, improves collaboration among dev, test and ops teams, and enhances better decision-making about progress of a release.
2. Continuous Compliance and Policy Management
- The policy management feature allows the security and compliance team to automatically express policy (in a declarative language) that can promote safe and fine-grained controls on the Spinnaker deployment pipeline. They will have the flexibility to declare policies – policies (e.g., Automated Testing should be completed before deployment) that must be adhered to when creating a Spinnaker pipeline and policies (such as specifying deployment day or window) that must be adhered to while executing a Spinnaker pipeline. In the runtime, policies are validated through 3rd party policy engines (like Open Policy Agent) using REST API. Moreover, security managers can quickly add, modify, delete policies in tune with business policy changes.
- OES Policy Management page where compliance managers can quickly declare policies and integrate with 3rd party policy managers for validations.
- Easy to establish guard and guardrails for software deployment through defining policies
- Decrease duress by avoiding managers to hop among tools and documents, with centralized policy enforcement setup
- Achieve 100% compliance to various industry standards such as GDPR, HIPAA etc..
3. Audit Trailing
- Traceability and auditability of any process is a need for all organizations, especially those that have to abide by external policies like HIPPA, SOX. Application delivery is one such process, and stakeholders need to know when something got released, what went in that release, who all approved it, or were there any policy violations.
- Audit Trailing in OpsMx Enterprise for Spinnaker 3.0 allows one to list, search, and filter on the various deployment activities. We capture events from different sources – Spinnaker deployments, Autopilot analysis, policy enforcement, and allow the users to look at that data from a single place.
- Increase visibility and traceability of deployment actions
- View compliance with organizational policy violations
- Identify issues, risks, and non-compliant applications or actions.
OES 3.0 mitigates risks while frequently deploying software into production through integrating security best practices into all stages of deployment. It allows you to secure your release pipelines, manage user authentication and role based authorization (RBAC), and to ensure built-in protection across multiple teams, point tools, and infrastructure through hardened Spinnaker.
- Vulnerabilities in Spinnaker arise from various sources- inbound, outbound, and the application itself. Inbound source means unauthorized internal employees are logging into Spinnaker and initiating unsolicited actions. In contrast, an outbound source states an external threat, which can compromise customer data and other transactions by stealing credentials and licenses. The third one is the vulnerabilities inside the application’s architecture, which might have potential flaws and back doors in technologies that hackers can exploit. Spinnaker is composed of many independent microservices like Deck, Orca, Clouddriver, Rosco, Igor, etc. for various functionalities, and without quality support for container images, the application is vulnerable to tampering.
- For proper authentication and authorization of access to Spinnaker are configured by following LDAP/SAML and RBAC protocols, respectively. To protect compromise of sensitive data from outbound threats, OES3.0 offers integration with 3rd party tool HashiCorp Vault, through which organizations can now store and manage secrets, tokens, control access, and high availability configurations.
- The third type of threat is averted through application hardening. OES 3.0 offers Red Hat certified Universal Base Image 8 (UBI8) based images for all Spinnaker services. UBI8 allows enterprises to take advantage of the greater reliability, security, and performance of official Red Hat container images where OCI-compliant Linux containers run. OES 3.0, thus just thwarts hackers to tamper with the product.
- Zero risk due to enterprise grade security features like access control gateways
- No risk of compromise of sensitive data or secrets
- Robust performance of Spinnaker workloads and high resistance to attacks and tampering due to security scanned UBI8 images
5. Application Management
- Organizations have set practices and policies that must be adhered to when deploying applications. That can make onboarding applications time consuming and dependent on the central dev and ops team.
- The application onboarding feature allows you to templatize your organization practices and policies and provide self-service onboarding of new applications. The application owners can easily add an application, its services, and deployment pipelines while ensuring that they follow the organization’s best practices.
- Self-service application & user on-boarding
- Rapidly add new applications for continuous delivery
- Enforce organizational best-practices and policies
6. Release Management
- Several large enterprises plan their application releases, and there are various gates and approval steps that must be passed for an application to be released.
- Dev and Ops team manage many dependencies and manual approvals, which can extend the release timelines. For the approvers, the detailed information about the release and the associated metrics that they look for to approve is not available in a single pane. So, they refer to various tools and approve different things in different tools. And finally, the development and operation teams have to ensure that all the checks and balances are complete for them to push the release into production.
- The release management feature addresses these deficiencies in the software delivery process. Release managers can define the release, and approvers can see the relevant metrics in a single pane. Thus the handover between teams is handled seamlessly.
- Manage non-continuous delivery life cycles
- Support for selective release of services
- Manage dependencies and approval processes
If you want to know more about the features in this release or request a demonstration, please book a meeting with us. ________________________________________________________________________ OpsMx is a leading provider of Continuous Delivery solutions that help enterprises safely deliver software at scale and without any human intervention. We help engineering teams take the risk and manual effort out of releasing innovations at the speed of modern business. For additional information, contact us