Security compliance is the new black. Everyone is talking about it. Everyone is writing about it. Hopefully everyone is doing something about it, but it's a big lift for organizations. Compliance can mean adhering to departmental and company standards; it can mean well-defined regulatory standards like HIPAA, GDPR, and others. Compliance can mean adopting a standardized set of recommended protocols for cyber security. If compliance isn't on your radar right now, it should be.

Users of Red Hat Satellite will see changes coming out with regard to how Satellite interacts with Puppet. Satellite has long bundled Puppet in the distribution, using Puppet both as the Satellite installer and for configuration management. Users also had the option to leverage Satellite as an External Node Classifier (ENC) for their Puppet estates. Red Hat acquired Ansible, an imperative configuration management tool, in late 2015.

Let's rip off the bandaid and get the bad news out there first: we're rolling out telemetry for Puppet content. Read on to find out why I think that's actually good news for you, how you can see exactly what data it collects, and how to make sure it never runs if your corporate policy doesn't allow it. And maybe a free beanie if you choose to opt in?

It wouldn’t be Cybersecurity Awareness month without some spooky-themed blogs with language focused on Fear, Uncertainty, and Doubt (FUD). Luckily, it’s the end of November now, and this isn’t that kind of blog, but what was true in October is still true today. I won’t tell you that you need to be afraid of bad actors infiltrating your security defenses and wreaking havoc in your infrastructure. Why? Because you are likely stressed enough already. Don’t you think?

Around the world, the pandemic tested the ability of governments to transform digitally in order to deliver uninterrupted services and to respond effectively to the demands of citizens, businesses, and global leaders in a time of crisis. From contact tracing to disbursing support packages to sharing best practices on how to contain the pandemic, governments needed to deliver these mission-critical services in a timely, secure, and compliant manner.

Have you heard about the Puppet Practice Labs? Our free, browser-based, hands-on labs cover a variety of topics for getting started with Puppet — everything from installing the primary server to identifying server roles using package data collection, and much, much more. You can read more about them in my previous blog post. We’ve designed Puppet Practice labs to make learning Puppet fun, engaging, and memorable for learners of all levels.

Nowadays, staff in organizations are required to access multiple applications in their infrastructure. This can lead to the user having to manage multiple login credentials and passwords. There are many solutions available that provide a single sign-on (SSO) capability — such as Okta, LDAP, and Active Directory — which is becoming common practice across businesses.

The world has changed since I started out on a help desk in Colorado 25 years ago. In those long ago years, a company’s desktop machines actually lived under the desks of many in the organization (and often doubled as a foot warmer!) and configuration was done machine by machine manually, or maybe even by some script that was created to run at login if we were lucky. If there were laptops in use by the business users, they were a lot less mobile and rarer than in today’s business world...

When you write enough Puppet code, you will eventually find yourself in need of a Facter fact or Puppet resource type that doesn’t exist in Puppet itself. Then, if you’re like me, you go to the Puppet Forge and see if someone else has written what you need. Oftentimes, you find what you need, add a new module to your Puppetfile or module metadata, and move on with your life.

You only have to read regular news reports about the multiple outages across household names in banking and financial services, resulting in customers being unable to access their bank accounts, to know that cyber security resilience has never been more important and is on every organization’s radar. The threat of regulatory action, heavy fines, and the potential loss of banking licenses is very real.