At OpsRamp, we believe that IT process automation is a no-brainer to increase response times and reduce human error in IT operations. Through runbook automation, IT can automate on-demand system administration functions at scale, execute routine tasks on a consistent schedule, and respond to unanticipated activities via event driven actions.
In this post, we’ll dive deep into the first use case - automating on-demand tasks across your IT assets to increase productivity, agility, and service quality. We’ll use the example of a security vulnerability and how you can automate the associated tasks to remediate it.
When major security threats like Heartbleed are announced, system administrators have to rapidly identify and fix vulnerabilities before sensitive information is compromised. IT admins have to check for the vulnerable version of a software across their on-premises and cloud infrastructure to patch at-risk versions in a timely manner.
For example in the case of Heartbleed, OpsRamp’s runbook automation allows the system administrator to identify the different versions of OpenSSL installed using a simple script. Admins can check for the software version installed on different servers, pinpoint which servers need an update, and upgrade their IT assets to address any weaknesses.
Sysadmins can quickly retrieve versions of OpenSSL in use with a script like the version.py script below. OpsRamp has a library of common reference scripts and users can also create their own using their favorite scripting languages like Python, Perl and Windows PowerShell.
After selecting the script, it can be applied across specific clients or business units and devices. The sysadmin can choose to run the script immediately or schedule the script at a particular time. Scheduling allows you to set the start date, time, and frequency for the script. For example, if the servers are tied to critical manufacturing operations, you may have policies that require you to work during off shift hours.
Once the scripts have been executed, the sysadmin can export the output logs to a spreadsheet and analyze which systems need to be patched immediately by pivoting on the data to identify the count of different versions of OpenSSL across servers. The admin then remotely patches the servers to eliminate any security compromises using the runbook automation scripts.
Traditional IT operations would require extensive man-hours to determine discrepancies in software versions across hundreds or thousands of servers and patch them in a timely manner. With speed and accuracy being an imperative in resolving security vulnerabilities, OpsRamp’s automation framework can drastically reduce the enterprise’s period of exposure. OpsRamp allows you to eliminate human error so that IT admins can standardize their environment and quickly address security issues that can impact the business.