Pivotal Cloud Foundry Now Can Offer Automated Patching with Concourse
The company is touting the tool as an especially useful to automate repair of operating systems and application stacks consistently within hours after patches are released. It enables users to load, test, and apply security patches to their entire cloud platform with complete automation.
“We see over and over again that organizations can have a hard time just rolling out patches. This is a piece of tooling that takes the guesswork out of that,” said Justin Smith, chief security officer for product at Pivotal.
He pointed to the Wanna Cry ransomware attack as the most recent example in which organizations failed to apply an available patch.
The company developed Concourse, its own automation tool for CI/CD and other tasks, as open source from day one, back in 2015, he said.
“We’ve switched over all our own infrastructure to use it, and we’ve found it to be really powerful,” he said.
“We firmly believe we have to remove all friction from deploying server-side patches. Pivotal is a full-stack company. We ship the operating system, middleware and application tier, so we have a holistic view of it. We know the software needs to be updated quite frequently because we pull in so many open source dependencies. So we release patches very quickly,” he said.
With Concourse, organizations can just point it toward the update pipeline and they can seamlessly — one that reputedly requires zero clicks — deploy it to the Pivotal platform. He likened it to the auto-update feature in the Chrome browser, but for the server-side platform.
The company is integrating it into the platform as a tile that will update itself – which Smith calls “a circular, mind-bending idea.” It is a service that will run alongside the platform that will keep the platform up to date.
Developers also can use Concourse to continuously deploy their own applications.
“The value is how you get this rolled out in a homogeneous fashion across your organization,” Smith said.
If you have 100 teams or more, he explained, they will all have their own infrastructure for doing CI/CD tasks. The setup and configuration of those CI/CD systems are completely the purviews of those teams. With Concourse, users get an out-of-the box configuration, so the teams no longer have to think about that setup, and it’s standardized.
With Concourse, users can create pipelines based on three core concepts: tasks, resources, and the jobs that compose them. Features such as timed triggers and synchronizing usage of external environments are modeled using these concepts, rather than as layers on top.
Pivotal uses Concourse internally to maintain its hosted Cloud Foundry environments on Google Cloud Platform and Amazon Web Services. It also runs on VMware’s vSphere and OpenStack clouds.
The company outlined its experiences with other CI/CD tools, namely Jenkins, Travis CI and GoCD over here. And, of course, Pivotal Cloud Foundry users may use another CI/CD tool if they choose, Smith said.
Getting Concourse to that out-of-the box state for customers, “quite frankly, it took us a couple of years,” Smith said. “It took a fair amount of engineering to make it hands-off operationally.”
Feature image via Pixabay.