Professional Services
Simplify. Standardize. Automate. Monitor.
At OpStack we believe in ITIL with automation.
Operational excellence starts with policies and procedures that provide for streamlined, efficient, and predictable deployment and management of both infrastructure and applications. If the needed procedures are already in place for your organization, the OpStack team will automate them. If policies and procedures are needed or require an update, we can deliver best-practice templates in a knowledge management framework to jumpstart the effort. The OpStack team has decades of experience working in regulated environments with systems held to published standards (NIST-800, HITRUST, PCI, et al). Our engagements bring ITIL process templates and a best-of-breed open technology stack to augment or upgrade whatever is already working well for our clients. We are committed to teaching as well as doing; technology transfer is a point of pride for the OpStack team.
Define Operational Baselines, Policies, and Procedures
OpStack works with your team in tailoring simplified ITIL-derived baseline processes and procedures to provide state-of-the-practice operational capabilities. These include:
- System baseline
- Security baseline
- Lifecycle management
- Configuration management
- Change management
- Deployment standards
- Deployment processes
- Maintenance policies and schedules
These policies, procedures and baselines are delivered in an operations wiki as living documents. Training and organizational change management support services can be provided.
Architecting and Implementing Hybrid Clouds
On-Premise & Public Cloud (GCP, Azure, AWS, Oracle)
For organizations with physical servers in their own computer rooms, co-lo suites, or data centers, OpStack implementation and remediation services include:
- Implementation of the OpStack patching and configuration management framework, providing high-speed, resilient, monitored server state management capability.
- Creation of operating system builds that implement your baseline standards, inclusive of security agents, control agents, monitoring agents, and security configuration.
- A baseline remediation program to fully patch up and correct baseline deviations on existing systems.
- Automated bare-metal builds of hypervisors (VMware, KVM, Xen) on standalone or blade hardware.
- Automated self-service manageable builds of physical and virtual Windows and Linux servers — with a common build for on-prem and private cloud.
- Design and implementation of a resilient SaltStack installation.
- Design and implementation of a high-performance and resilient ELK or Splunk log concentration, monitoring, and analysis system.
- Efficient onboarding of applications (both packaged and custom) into the log monitoring system.
- Integration with ServiceNow and other ITSM systems to provide automation of service requests and configuration updates from automated operational changes.
Public Cloud - Google Cloud, Azure Cloud, AWS, Oracle
Whether your infrastructure is entirely in the cloud or a portion of your applications and capacity is in the cloud, there are still shared responsibilities when working with the cloud providers. A multi-cloud strategy, where making use of the proprietary operational and monitoring tools offered by each cloud provider would necessitate difficult duplicate and triplicate work. This makes having your own open operations automation platform an economic necessity. The OpStack Stack Builder methodology and related services add efficiency, standardization, and security to your IaaS and container-deployed cloud operations. These services include:
- Implementation of the OpStack patching and configuration management framework, providing high-speed, resilient, monitored server state management capability.
- Extension of cloud service provider operating system builds to implement your baseline standards, inclusive of security agents, control agents, monitoring agents, and security configuration.
- A baseline remediation program to fully patch up and correct baseline deviations on existing systems.
- Design and implementation of a resilient SaltStack installation.
- Design and implementation of a high-performance and resilient ELK or Splunk log concentration, monitoring, and analysis system.
- Efficient onboarding of applications (both packaged and custom) into the log monitoring system.
- Design and implementation of multi-cloud monitoring and patching processes and procedures, providing a single managed resource across multiple cloud providers.
- Integration with ServiceNow and other ITSM systems to provide automation of service requests and configuration updates from automated operational changes.
The benefits accrue immediately in a green-field build of your cloud infrastructure as well as in bringing control, efficiency, and security to existing cloud implementations.
Compliance and Security Operations
Security requirements need to be inherent to all system builds and operations — a prerequisite, not an afterthought. Cyber security teams, either working with the operations team or through their cyber operations function, have as much need of force-multiplication through automation as does any IT team.
OpStack services and deliverables for cyber security build on the offerings in the sections above, but focus on remediating outstanding vulnerabilities, improving compliance reporting, hardening of the technical estate, and automating incident response. These services include:
- Every server starts fully patched with all security, monitoring, and admin packages installed and tested — and is added to the CMDB.
- Access controls, group privileges, auditing, firewall configurations are all set as part of the build and automatically state enforced.
- These baseline controls are applied to all remediable systems. The remainder are replaced with new builds.
- Automated installation, configuration and verification of anti-malware, Data Loss Prevention (DLP), and intrusion detection agents.
- Definition and quick-start services for mandatory periodic patching with configuration updates for the timely remediation of CVE vulnerabilities.
- SIEM capability implementation in Splunk.
- Integration and coordination of security scanning with operational data analytics to effectively and efficiently target critical vulnerabilities.
The ITIL with Automation approach to technology operations has ongoing payoffs for organizational security.
- Regular operational activities and code releases improve your security posture.
- All progress is measurable.
- All actions produce evidence of compliance activity for auditors and regulators.
- IT Operations and IT Security take joint responsibility for paying off technical debt — and create a culture where accruing debt is avoided and paying it off is celebrated.