« Previous 1 2 3 4 Next »
The new version of Chef Automate comes with many new features
Robot Admin
Compliance for the Cloud
In Chef Automate 2.0, the developers have continuously expanded the interaction of their platform with InSpec. Probably the biggest change is that InSpec can now also check cloud environments and the configuration made by the admin for compliance problems. Previously, only local systems could be tested with InSpec, but now the service offers a configuration option for the access credentials for AWS or Azure.
If you enter the access credentials, InSpec logs directly into the public cloud and examines the environment it finds there according to the defined compliance criteria. Corresponding functions for GCP are also available, although they are still listed as beta in the current InSpec version.
At the same time, the InSpec developers have significantly expanded the functionality of the solution. A resource in InSpec is a kind of prebuilt check for various criteria, such as the configuration of the Apache web server. More than 30 new resources have been added to InSpec in Chef Automate 2.0, such as support for Cisco IOS (originally Internetwork Operating System) devices. On top of that, the developers have cleaned up InSpec and now promise far quicker execution of the tests.
What is impressive about Chef Automate 2.0 is how seamlessly InSpec is integrated into the various work steps of the platform. Depending on the configuration, Automate uses InSpec to check every single step of a process; if you point the tool at a Linux system, it automatically tests whether all prescribed rules have been implemented there.
If a developer uses Automate to build an application instead, InSpec can check and interrupt each step of container creation if a non-compliant container is created. In fact, the combination of Automate and InSpec forces developers to comply with applicable rules. If they do not follow the rules, no application is created in the first place.
Prebuilt Tests
If you combine Chef Automate 2.0 and InSpec in your setup, you can benefit from many prebuilt tests included with Chef Automate. Standard compliance tests from several recognized compliance organizations can be performed on common operating systems and thus serve as a basis for your own compliance requirements.
Happily, Chef is exemplary in version 2.0 of Automate, as well: The entire InSpec source code is still freely available on GitHub, so that even for those users who do not want to use Chef Automate, InSpec is and remains usable.
Habitat Now Available Locally
Do not forget the new version of Habitat, a framework for application release management in Chef Automate 2.0. Here, application does not take on the typical definition, but rather refers to cloud microservices: The tool is designed to help companies transform existing environments into a microarchitecture (Figure 4), providing a whole box of tools.
One important key to Habitat's success is its great flexibility: On the one hand, it receives input in the form of Git directories; on the other hand, it outputs finished images of containers and can roll them out in a Kubernetes cluster (Figure 5).
Accordingly, Habitat is the spearhead of an app-centric automation drive. In the new version of Automate, its developers emphasize two Habitat functions in particular: Habitat Builder can now also be run at the customer's data center, making the solution attractive for those customers who are not allowed access to cloud services for compliance reasons. Habitat also now comes with far better integration with other services. The broker for rolling out applications in Kubernetes has seen several updates. Additionally, you have the option to roll out directly in Azure, as well as an interface to the open service broker (OSB).
« Previous 1 2 3 4 Next »
Buy this article as PDF
(incl. VAT)