securing the automation of application deployment with urbancode deploy

© IBM Corporation 1

Presented by:

Securing the Automation of Application

Deployment with UrbanCode Deploy

Joanne Scouler

WW Cloud Sales

Enablement

jscouler@us.ibm.com

@joscouler on twitter

Thomas Hudson

Information Architect

thudson@us.ibm.com

November 5, 2015

© IBM Corporation 2

Security agenda

– Steps in setting up security

– Authorization

– Authentication

– Role configuration

– Guidance on configuring roles and permissions

– Security model

– Security model example

– Team configuration

– Approvals and notifications

– Statuses and gates

© IBM Corporation 3

Security objectives

In this module you learn how to:

• Create authorization realms and user groups

• Manage users in authentication realms

• Create and define roles and permissions for security

• Create teams

• Set up notifications and approvals

• Set up statuses and gates

© IBM Corporation 4

Guidelines for setting up security

1. Create an authorization realm.

Authorization realms handle user groups.

2. Create an authentication realm.

The authentication realm is used to determine a user's identity

within an authorization realm. (LDAP, AD, or SSO)

3. Create roles and define permissions for them.

For most situations, the default permission types should be

adequate.

4. Create or import users.

5. Create teams and assign users to them.

© IBM Corporation 5

IBM UrbanCode Deploy security

© IBM Corporation 6

Authorization realms

The Authorization Realms pane is used to create authorization realms and user

groups. Groups can be imported from external systems, such as LDAP.

© IBM Corporation 7

Authentication realms

• Authentication realms determine user identity within authorization realms.

• Users can be created manually or imported from external systems.

© IBM Corporation 8

Role configuration

–Roles provide permissions to users.

–A role is a set of permissions. Typically, the permissions in a

role define a particular activity that a user might do. IBM®

UrbanCode Deploy provides one role, the Administrator role,

which has all available permissions.

–Users are granted permissions by being assigned to roles.

When assigned to a role, a user is automatically granted all

permissions that are defined for the role. Typical activities

include changing or running an item, such as an application

process, or modifying security settings.

© IBM Corporation 9

Role configuration

© IBM Corporation 10

Guidance on configuring roles and permissions

When defining the roles for your organization, start by keeping the roles

simple, but sufficient to carry out the appropriate work.

Role Permissions Configurator Resources (Create, Edit, View)

Application (Create, Edit, Manage Snapshots, Run Comp Process,

View)

Environment (Create, Edit, Execute, View)

Component (Create, Edit, Manage Versions, View)

Component Template (Create, Edit, View)

Release Engineer ( Resources (View)

Application (View, Manage Snapshots, Run Component Applications)

Environment (View and Execute)

Component (View)

Component Template (View)

Approver Resources (View)

Application (View)

Environment (View and Execute)

Component (View)

Component Template (View)

© IBM Corporation 11

Kinds of permissions

–Permissions generally fall into one of the following categories:

• The ability to view, modify or work with a specific object.

• The ability to create new object

• The ability to see some element of the User Interface

• The ability to manipulate the system/security as a whole, such as the

ability to define users and groups

–Permissions are cumulative • One user may be assigned multiple roles on multiple teams. When considering a

specific capability, such as the ability to edit a certain object, a user may have

multiple relevant roles in relationship to that object. Permissions are cumulative –

as long as there is one role that provides the given Permission, the user has the

Permission, even if other roles don't provide the Permission.

© IBM Corporation 12

Team and role-based security model

© IBM Corporation 13

Security model example

© IBM Corporation 14

Security model – Defining roles

© IBM Corporation 15

Security model – Defining roles

© IBM Corporation 16

Team lead role

• It is useful to have role that manages team membership without

requiring the Administrator.

• Give the Add Team Members permission to the role designed to

manage the team.

• Users with this role can add and remove users from their team.

• Access the team manager feature by selecting My Profile > My

Teams.

© IBM Corporation 17

Defining and maintaining roles

When you select an

object, it lists all of the

defined Types of that

object. You define

permissions by Type

within a role.

You can select the menus

that the role will be able to

see in the Web User

Interface

© IBM Corporation 18

Mapping objects to a team

• To create an object, you must have the Create permission for the

object type. To create a component, for example, you must have a

role with the Create Component permission.

• When you create an object, such as a component, your teams are

automatically mapped to the object. You can change your user

preferences to modify this behavior.

• To map a team to an existing object, you must have a role with the

Manage Security permission.

© IBM Corporation 19

Steps for setting up approvals

1. Ensure that the users doing the approval belong to the appropriate role

2. Enable approvals on the desired environment

3. Identify the roles that will provide the approval

4. Define the approval process on the application

© IBM Corporation 20

Define statuses for components

Define the set of component version statuses

© IBM Corporation 21

Define the gates on environments

On the Application

configuration, define the gates

© IBM Corporation 22

Resources

– A Guide to Security Configuration in IBM UrbanCode Deploy

– UrbanCode Deploy Knowledge Center

© IBM Corporation 23

Summary

In this module you learned how to:

• Create and define roles and permissions for security

• Manage users in authentication realms

• Create authorization realms and user groups

• Create teams

• Set up notifications and approvals

• Create statuses and gates

© IBM Corporation 24

Learn More About IBM UrbanCode Deploy

– Visit UrbanCode Online:

• https://developer.ibm.com/urbancode/

– View UrbanCode Product Forums:

• https://developer.ibm.com/answers/smart-spaces/23/urbancode.html

– Request a Demo of IBM UrbanCode Deploy

• https://ibm.biz/demo-urbancode-deploy

© IBM Corporation 25 © IBM Corporation 25

Questions

© IBM Corporation 26 © IBM Corporation 26

Accelerating Digital Business