Here goes another example of VMware spin-out Pivotal introducing something to help its enterprise customers move faster and worry less about the minutiae of managing infrastructure, and more about whatever their core business is. In this case, it’s around the repair of vulnerable operating systems and application stacks.

We all know that in this eternal process, bad actors find and take advantage of vulnerabilities, which vendors and community members then race to fix before those vulnerabilities can be taken advantage of. While great work happens to patch those vulnerabilities (and impressive, if dastardly, work goes into discovering and taking advantage of them), there is still the not insignificant requirement to roll out patches that resolve those vulnerabilities. it’s all very well identifying and providing a rectification for a problem, but if it takes weeks for an organization to actually roll that patch out, that leaves a big window of opportunity for bad actors to take advantage of the issue

This is the problem that Concourse is trying to resolve. Concourse is a tool built for organizations that use Pivotal Cloud Foundry (PCF), Pivotal’s distribution of the open source Platform as a Service (PaaS.) Concourse enables PCF customers to easily repair vulnerable operating systems and application stacks within hours of a patch’s availability; additionally, Concourse provides customers a tool to continuously deploy their own applications in and for PCF.

Not only does this allow faster patching of vulnerable systems but, perhaps more importantly, it is a good example of leveraging automation to reduce impacts, and also to reduce the potential for human error – especially problematic for repetitive tasks. Concourse can become an integral part of the CI/CD process – using it, customers can set up pipelines that detect and deploy that patch to their PCF installations automatically, often with zero downtime. This automation not only speeds up incident response times but also provides a consistent experience for developers across Pivotal Cloud Foundry environments—e.g., across public clouds and on-prem, across development, test, and production, etc.

Customer use cases

As is often the case, it is the detail around how customers are using a service that is more telling. Josh Stone, Senior DevOps Platform Engineer at Verizon, runs a team that uses Concourse to respond to smoke test alerts. He explains that:

Before Concourse, we had trouble keeping all of our environments consistent, and that led to a poor developer experience. If an app pushed in one environment but failed to stage in another because the Java buildpack was different, that’s a poor developer experience and that’s something that would slip through the cracks before we brought in Concourse.

For their part, Allstate, also a Pivotal customer, uses Concourse to reduce pipeline definitions to minimize engineering time for new Cloud Foundry environments from 60 hours to 30 minutes, and stem cell and service updates from as long as 10 hours to being fully automated.

MyPOV

Rolling out patches should be something that is essentially invisible to development and operations teams. By combining Concourse with a well thought out pipeline for deployment, the impact of vulnerability patching, let alone the impact of an opportunistically exploited vulnerability, can be a thing of the past.

Ben Kepes

Ben Kepes is a technology evangelist, an investor, a commentator and a business adviser. Ben covers the convergence of technology, mobile, ubiquity and agility, all enabled by the Cloud. His areas of interest extend to enterprise software, software integration, financial/accounting software, platforms and infrastructure as well as articulating technology simply for everyday users.

Leave a Reply