UpGuard Blog

Agent vs Agentless, and Why We Chose Agentless

When we set out to create a cloud-based tool for configuration monitoring, we used the tools we knew and wrote UpGuard using JRuby. For our application, JRuby had many good qualities: getting started only required a one line install, the agent only needed to talk out on port 443, and it was platform agnostic. Using JRuby we demonstrated the value of system visibility, attracted our first cohort of customers, and raised the funds to expand UpGuard. Now we're not only scrapping that agent, we're moving away from agent-based architecture altogether. Here's why.

Filed under: guardrail, Cloud Computing, ansible

Detecting Heartbleed with UpGuard

UpGuard made detecting and fixing the Heartbleed vulnerability a lot less painful than it could have been. With a combination of Search and Policies we quickly and easily gained confidence that our servers were patched.

Filed under: guardrail, heartbleed

Heartbleed Update

Here at UpGuard, we take security seriously. As you may have already heard, the OpenSSL Project yesterday disclosed a serious vulnerability, nicknamed Heartbleed (CVE-2014-0160).

Filed under: guardrail, security, heartbleed

Controlling DNS Configuration Drift

We received a lot of positive feedback regarding our last article on Controlling SQL Configuration Drift so thought it might be a good idea to continue along that same theme of analysis and follow it up with an article about DNS configuration and some simple steps you can take to prevent configuration drift.

Filed under: guardrail, configuration management, Configuration Drift, dns

Monitoring Database Nodes to Remediate Configuration Drift

Controlling database configuration drift is a tricky subject. It's a topic that comes up frequently for us here at UpGuard and customers are always keen to know how they can go about taking control and simplify their configuration management processes. We've all experienced at some time or another that issue that was the result of a database migration that didn't complete, a column that has mysteriously changed data type or an old version of a stored proc or view being restored to a new database.

Filed under: guardrail, SQL, configuration management, Configuration Drift

UpGuard Your ASP.NET Applications

ASP.NET Applications get many configuration settings from their web.config or app.config file. Being able to run the same application across multiple environments used to mean keeping control of different copies of the config file to deploy or even worse manually editing the settings after deploying to each new environment. In recent years it has become possible to do transformations of the web.config files at deploy time using Visual Studio. No matter which method you use, deploying to a new environment and detecting drifting config settings has always been a problem. UpGuard helps to quickly and easily detect these sorts of problemsand make configuration management a breeze.

Filed under: guardrail, configuration testing, configuration management

PowerShell Desired State Configuration (DSC) with UpGuard

Going from nothing to automation using one of the many tools available can be a daunting task. How can you automate systems when you’re not even 100% sure how they’ve been configured? The documentation is months out of date and the last guy to configure anything on that box has since left the company to ply his trade somewhere that will more fully appreciate his Ops cowboy routine.

Filed under: guardrail, dsc, desired configuration state, devops, powershell, Windows

What's new in UpGuard - January 2014

Update: This is a preserved post detailing new (at the time) UpGuard product features, enhancements, or tutorials. The screenshots below may be out of date and/or make reference to GuardRail or ScriptRock—old names for the same great product. There are also many newer features that will drive you wild.

Node Groups

A Node Group is a way of logically grouping Nodes with common functionality. Instead of managing the same set of Policies on each Node you can now manage one set of Policies on the Node Group that will automatically get applied to any Nodes in the Group. Their use is best highlighted with examples. All of your Linux servers might need to comply with an underlying security policy, group them together using a Node Group called "Linux" and apply your security policy there. Your front-end web servers are identical behind a load balancer, add them to a Node Group called "Front-end Web Server." How you organize them is up to you, they can be as general or specific as you like.

Filed under: guardrail, dsc, powershell, Windows

Sensible Ansible with UpGuard

Going from nothing to automation using one of the many tools available can be a daunting task. How can you automate systems when you’re not even 100% sure how they’ve been configured? The documentation is months out of date and the last guy to configure anything on that box has since left the company to ply his trade somewhere that will more fully appreciate his Ops cowboy routine.

Filed under: guardrail, apache, ansible, automation

Comparing Containers and Generating Dockerfiles with UpGuard

Tonight I gave a talk on comparing containers and generating Dockerfiles. Instead of providing the slides, which are pretty lame by themselves, I thought I'd write up the talk in a proper context. UpGuard has a number of use cases, one of which highlighted for the talk was migrating the configuration of environments from one location to another. Traditionally we have helped some of our customers scan their configuration state and generate executable tests based on those configuration items as well as allow scanned configuration from multiple machines to be compared.

Filed under: guardrail, devops, docker

UpGuard: Getting Started Video Series

Whether you've just registered for UpGuard, our cloud-based configuration monitoring platform, or are simply interested in checking out some of the things that are possible, this is a great place to start. Each video gives a quick introduction to a major capability.

Filed under: guardrail, getting started

If the Phoenix Project had UpGuard

At UpGuard we've got many decades of experience in large enterprises and are very familiar with the sorts of problems that arise in those sorts of environments. Even for those who have lived through it though, it can be hard to explain to people who haven't. That's why we require all our new employees to read The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win by Gene Kim, Kevin Behr and George Spafford. It does a great - and surprisingly entertaining - job of describing these issues. It also explains how the lessons learnt from years of Lean Manufacturing apply directly to IT. We know that no tool is a silver bullet, but if the employees at Parts Unlimited had UpGuard then it may have been an entirely different story. I've chosen some key excerpts from the book so that we could see how things may have been different.

Filed under: guardrail, phoenix project, devops

Getting Started with Puppet - Hello World!

As there's a lot of interest out there in the various IT automation tools on offer I thought I'd do a series of blogs covering getting started on each. In particular I wanted to put them to the test regarding how simple it is to go from zero to "Hello World" *. This way I get to play the truly dumb user (not much of a stretch, I know), which is kinda fun too.

Filed under: guardrail, getting started, puppet