patch management on windows with puppet
TRANSCRIPT
![Page 1: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/1.jpg)
Windows Patch ManagementWith Puppet Enterprise
Greg SarjeantManager of Professional Services
Kenaz KwaSenior Engineering Product Manager
![Page 2: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/2.jpg)
Agenda• How Puppet Enterprise works• What is Patch Management?• The Puppet Approach• Demo• Puppet Labs Windows support• Resources• Q&A
![Page 3: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/3.jpg)
Our software automates the provisioning,
configuration & ongoing management
of your machines & the applications, services & software running on them.
![Page 4: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/4.jpg)
Puppet Deployment
Ubuntu Server
PUPPET MASTER
Windows Server
Cisco Switch
![Page 5: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/5.jpg)
How Puppet Enterprise Works
![Page 6: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/6.jpg)
What is Patch Management?And what is it becoming?
![Page 7: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/7.jpg)
What is Patch Management?• Traditional Model
Applications
OS
OS Updates
![Page 8: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/8.jpg)
Windows Server Patch Management Today• Patches stored in a central repository
– Windows Update (Internet)
– Internally hosted
• Distributed to end user systems on a schedule
• Microsoft Technologies– Windows Server Update Services (WSUS)
– System Center Configuration Manager (SCCM)
– Extensive research and experience
![Page 9: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/9.jpg)
Windows Server Update Services (WSUS)
• Updates distributed via Microsoft Update
• WSUS Server stages updates
• Updates pulled by clients– Similar to Automatic Updates on desktops
![Page 10: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/10.jpg)
System Center Configuration Manager (SCCM)• Integrates with WSUS for software updates
• Wizard-driven configuration– Deployment targets
– Update Rules
• Manages WSUS client behind the scenes. Can initiate WSUS runs
![Page 11: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/11.jpg)
Traditional View: OS as Platform
Applications
OS
![Page 12: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/12.jpg)
Can we alleviate this tension?
![Page 13: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/13.jpg)
A Different Conceptual Model
OS
Applications
• OS, applications are interdependent
• Work together towards a common end
![Page 14: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/14.jpg)
Extend the Patch Concept
OS Updates
Application Updates
![Page 15: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/15.jpg)
Application Update Challenges• Inconsistent formats
– .zip, .exe, .msi
• No central location
• No unified delivery mechanism
![Page 16: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/16.jpg)
Package Management• Package Management
– Centralized distribution of packages from curated repositories
– Package: Atomic bundle to deliver software
• Versioned
• Metadata (dependencies)
• Allow scripts
– Create repositories of packages
– Machine-implemented
![Page 17: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/17.jpg)
Chocolatey• Package Management for Windows
• Common format for software delivery– Versioned
– Metadata (dependencies)
– Allow scripts
• Defines repositories– Public, internet-hosted
– Private, internal
![Page 18: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/18.jpg)
Install Notepad++ with Chocolatey
![Page 19: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/19.jpg)
But wait, there’s more
OS
ApplicationsApp Configuration
OS Configuration
![Page 20: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/20.jpg)
How do we patch configuration?
![Page 21: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/21.jpg)
Configuration Patch Requirements• Versioned
• Coupled to OS, App versions
• Machine-driven delivery mechanism
![Page 22: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/22.jpg)
Puppet Enterprise
![Page 23: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/23.jpg)
Enabling Technologies• Infrastructure as Code
• Package Management
![Page 24: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/24.jpg)
Puppet: Infrastructure as Code • System state defined in software
– Stored in Version Control System (VCS)
• Microsoft Team Foundation Server (TFC), Git
• Centralized location
– Versionable
• Commit hash
– Dependency resolution
• System state implemented by machine– Puppet agent
![Page 25: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/25.jpg)
Puppet Manages Configuration State
![Page 26: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/26.jpg)
Puppet Manages Package State
![Page 27: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/27.jpg)
Desired State Configuration (DSC)• Windows PowerShell Desired State Configuration
• Microsoft Implementation of Infrastructure as Code
• Native support for many core types– Users, Files, Registry settings, etc.
• Active development of extensions
• Integration with Puppet
![Page 28: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/28.jpg)
Look Familiar?• Configurations
– Versioned
– Centralized
• Application Packages– Versioned
– Centralized
• OS Patches– Versioned
– Centralized
![Page 29: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/29.jpg)
What’s missing?• Unified management
• Visibility
• Security and Compliance
• Heterogeneous Environments
![Page 30: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/30.jpg)
Puppet Enterprise Ties it all Together
![Page 31: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/31.jpg)
Convergence of Functionality• Infrastructure and Applications look like OS Patching
• WSUS client– Query Windows Update service for new packages on a schedule
– Apply new updates when available
• Puppet agent– Query puppet master for new configuration on a schedule
• New versions of application packages
– Apply new configuration when available
![Page 32: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/32.jpg)
Aren’t OS Patches Just Packages?
![Page 33: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/33.jpg)
Use the Right Tool for the Job• Using package management is not a replacement for
Windows OS patch management– Reinventing the wheel
– Increased burden on Operations personnel• Manage OS patches individually
• Maintain Puppet code to manage OS patches individually
![Page 34: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/34.jpg)
Rich Ecosystem of Windows Resources• WSUS Client Module
– Manage configuration of Windows Updates
• Chocolatey– Manage application updates
• Desired State Configuration (DSC)– Manage Windows State
• PowerShell support– Automate arbitrary configuration requirements
![Page 35: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/35.jpg)
Manage WSUS Client
![Page 36: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/36.jpg)
The Puppet Approach• Define OS update policies in Puppet code
• Manage OS patch policy as part of overall system– Application versions
– System, application configuration • Native Puppet Types
• DSC
• Continually enforce state of OS patching policy
• Report on changes to update policies
![Page 37: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/37.jpg)
Puppet Enterprise allows you to more effectively use proven Microsoft
technologies to integrate OS patch management into a more unified
approach to platform management.
![Page 38: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/38.jpg)
DEMO
![Page 39: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/39.jpg)
Puppet Labs Windows Support• 32- & 64-bit Support – Native MSI packages for x64 as of
Puppet Enterprise 3.7• Broad Platform Support - Windows 2008, 2012, 7, 8• Windows Provisioning - Provision Windows OSes with Razor• Puppet Supported & Approved Modules for Windows –
Including Windows Module Pack, Supported SQL Sever & DSC modules
• Azure Integration – Microsoft Azure extension handler for bootstrapping Puppet installs. Supported Azure module.
![Page 40: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/40.jpg)
Puppet Supported Modules• SQL Server – Installs & manages MS SQL Server 2012 &
2014 on Windows systems• WSUS Client – Configure clients to point to update servers;
schedule updates• DSC – Manages PowerShell DSC resources• Azure – Provision and manage Azure VMs• ACL – manage permissions with Windows ACLs• Registry – manage Registry keys and values• PowerShell – execute PowerShell commands with Puppet• Reboot – Automatically reboot after install
![Page 41: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/41.jpg)
Puppet Approved Modules• IIS – install and manage IIS• Chocolatey – package manager• windows_env – manage Windows environment variables• Windows Java – Install and manage Oracle Java on Windows• pget – PowerShell alternative to wget or curl
![Page 42: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/42.jpg)
Windows Webinar SeriesRegister for upcoming webinars at: http://info.puppetlabs.com/1885-Windows-Series-Main_LP-Registration.html
• Deploying IIS and ASP.NET with Puppet
• Package Management on Windows with Chocolatey
• Managing PowerShell DSC with Puppet
• Patch Management on Windows with Puppet
• Setting up Windows for System and Application Monitoring
• Getting Up and Running with the Windows Module Pack
• Get Started on Azure with Puppet
![Page 43: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/43.jpg)
Questions &Answers
![Page 44: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/44.jpg)
ResourcesPuppetConf 2015 Windows Track
• Chocolatey and Puppet - Rob Reynolds• Azure for the Non-Microsoft Person - Rob Reynolds & Scott Hanselman, MSFT• Better Together: Managing Windows with Puppet and DSC - Ethan Brown &
Bruce Payette, MSFT• Beyond the Registry - Matthew Stone, T-Mobile• The Wild World of Windows: Developing for Puppet on Windows - Travis
Fields, Nike
Blog• Chocolatey blog series• PowerShell DSC blog series
Docs• Managing Windows Configurations
Education• Learning VM• Puppet Essentials for Windows – Instructor-led• Puppet Essentials for Windows - Virtual• Puppet Fundamentals
![Page 45: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/45.jpg)
Manage System State with DSC
![Page 46: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/46.jpg)
Manage Packages with Chocolatey
![Page 47: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/47.jpg)
Manage Configuration with PowerShell
![Page 48: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/48.jpg)
Bringing it all Together
![Page 49: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/49.jpg)
![Page 50: Patch Management on Windows with Puppet](https://reader033.vdocument.in/reader033/viewer/2022061516/587ba5441a28ab81758b5c01/html5/thumbnails/50.jpg)
Automated Configuration Management• Infrastructure as Code
– Machine-implemented infrastructure
• Package Management– Machine-implemented applications
• Automated configuration management– Software that implements configuration instructions
– Puppet Enterprise