Features

RUDDER's exclusive features

Audit-mode

One of the main features of RUDDER is the ability to configure a server to only check the status of certain configuration rules. This configuration can be performed for a complete machine or for a configuration portion, or at the global level on all configuration rules and all machines. In short, RUDDER offers two management modes: Audit and Enforce, respectively to check the state without modifying it, and to modify the system to reach the target state.
Some possible use cases:
  • pure audit tool; for example, for a verification of standards (PCI-DSS, ISO 27001, etc.). Unlike a dedicated tool, once the configuration is done, it can be used directly to configure;
  • validation of changes before applying them; for example, a new configuration; this case can be seen as an equivalent of a classic dry-run mode, but potentially on the whole infrastructure and with a higher granularity (covering only some configuration points);
  • validation after the installation of RUDDER on an existing infrastructure, to validate that it corresponds to the theoretical target configuration, before activating Enforce mode.
While the techniques (rules provided by default during installation) may be limited for audit purposes, the construction of audit rules is particularly simple and accessible using the Technique Editor, a web configuration editor.

Web management interface with drag & drop editor

As a Continuous Configuration solution, RUDDER embodies the fusion between infrastructure-as-code (infrastructure automation) and continuous audit. The operation of RUDDER is based on the definition of a reference target state for the systems. Anything that does not comply with this target state that you want to achieve or maintain will report alerts in real time, create drift reports, or trigger automatic remediation. An intelligent and autonomous tool, RUDDER is particularly well suited to meet the constraints of production infrastructure where the need for reliability is a permanent necessity. Technically, the RUDDER agent installed on each machine performs a complete check of its condition every 5 minutes against the target condition. This operation is possible thanks to an agent developed in C, lightweight (10 to 20 MB of RAM) and fast (it can apply a hundred rules on a machine in less than 10 seconds), as well as to the distributed architecture that unites the agents: the agents recover their configuration from the central server (or relay servers), to distribute the load, which allows a single RUDDER server to manage more than 10 000 agents. RUDER is thus able to operate on machines with limited resources without disrupting their operation.
none

Abstraction of implementation differences

RUDDER runs on Linux, Windows, AIX, and other systems. With RUDDER, there is no need to create rules specific to each system. Indeed, the implementation differences between the different systems are managed by the agent who is responsible for translating the configuration rules according to the operation of each OS.

Change validation workflow

One of RUDDER's main objectives has always been to combine greater accessibility with the power of the code-based infrastructure, in particular through functionalities such as the management interface, the ready-to-use rule library, the technique editor, or more simply the abstraction of implementation differences between the different operating systems supported by the agent.
However, this facility would not contribute to making IT more reliable if we did not want to complete this accessibility with change control functionalities. This is the case in particular with the Audit mode, which allows you to simulate changes without modifying the configurations, in order to anticipate their impact, or the validation workflow, which requires a second validation of the changes (regular pull request users on GitHub already know the benefits of peer review).
The validation workflow makes sense in the complex human environments for which it was designed, i.e. the multidisciplinary and multi-level teams that naturally form in large IT departments.

Advanced reporting

The basic compliance check in RUDDER allows the current application status of the configurations to be displayed at a time T.
The advanced reporting tool allows compliance data to be logged in order to consult their evolution over time via customized dashboards. Fully customizable, from the period over which to define the analysis, to the machine groups or configuration rules involved, these custom dashboards can be exported as PDF reports to prove compliance to an external auditor, a customer, or their hierarchy, without having to conduct a manual preparatory inspection.
none

Continuous Configuration features

Autonomous compliance maintenance

As a Continuous Configuration solution, RUDDER embodies the fusion between infrastructure-as-code (infrastructure automation) and continuous audit. The operation of RUDDER is based on the definition of a reference target state for the systems. Anything that does not comply with this target state that you want to achieve or maintain will report alerts in real time, create drift reports, or trigger automatic remediation. An intelligent and autonomous tool, RUDDER is particularly well suited to meet the constraints of production infrastructure where the need for reliability is a permanent necessity. Technically, the RUDDER agent installed on each machine performs a complete check of its condition every 5 minutes against the target condition. This operation is possible thanks to an agent developed in C, lightweight (10 to 20 MB of RAM) and fast (it can apply a hundred rules on a machine in less than 10 seconds), as well as to the distributed architecture that unites the agents: the agents recover their configuration from the central server (or relay servers), to distribute the load, which allows a single RUDDER server to manage more than 10 000 agents. RUDER is thus able to operate on machines with limited resources without disrupting their operation.
none

Real state visualization

Thanks to its main dashboard and numerous graphics, RUDDER makes it possible to visualize the compliance status of the fleet, both on a global scale and with very fine granularity, in the detail of environment, group, machine, configuration rule, machine, file, line... It is easy for any member of the IT team (including managers) to ensure, for example, that the security policy is properly applied throughout the fleet.
none

Included template library

RUDDER contains a library of predefined configurations that meet the basic management needs of the system (DNS configuration, user management, NTP, SSH key distribution, etc.), allowing to cover many common use cases. Thanks to this library, configurations can be easily applied from the first hours of use, allowing an almost immediate return on investment of the time invested in the tool. In addition, the learning curve of the solution is further shortened. The advantage of this limited library compared to a community forge is also the uniqueness of correspondence between a need and a module, thus avoiding the possible long hours of searching and testing templates often too specific to distant use cases.

Nodes detailed inventory (extensible)

The RUDDER agent contains FusionInventory, an open source inventory tool that allows you to collect and view machine software and hardware characteristics (CPU, RAM, OS version, network, installed software, versions, etc.) directly from the RUDDER interface. The inventory information is very useful for defining groups of machines in order to apply certain configurations only to certain machines according to their characteristics.
This inventory is extensible by the implementation of scripts whose output (in JSON format) is added to the inventory. This makes it possible to complete the node properties, which are variables (scalar or hierarchical) associated with each managed machine, that can be used as classification criteria or directly in the configuration.

Vulnerability consolidation

available soon

This feature allows you to analyze security vulnerabilities in installed packages from RUDDER and automatically create remediation rules on all impacted servers, then track the resolution.

Change history with rollback function (restoration of changes)

Relay servers can meet two main needs: scale-up on the one hand, and architecture segmentation on the other. Indeed, a relay server is a kind of proxy between the nodes managed by RUDDER and the main RUDDER server. The relays allow:
  • to create bridges between different network areas;
  • to isolate sets of nodes from each other;
  • to prohibit direct access to the main RUDDER server;
  • to distribute the load among several servers to manage more machines from a single root server.

Integration

REST API

The importance of the availability of REST-type APIs by applications is no longer to be demonstrated in solving the problems of automation and complex integration between IS services. Service-oriented or micro-service architectures are based on this prerequisite. RUDDER therefore naturally exposes all its functionalities via a REST API. This API can be operated directly via a command line (or the python library on which it is based), as well as from third-party scripts or programs.

External datasources

This feature allows to precisely limit, track and log RUDDER users' access to the configuration (including via the API), and to finely restrict the rights given to system API tokens (not linked to a user) for better security and privilege separation. Indeed, RUDDER generates one API token per RUDDER user, thus allowing the management of precise ACLs on the system tokens (of the same type as the user rights, with limitation in reading or writing on the different items). All this can be configured from the web interface.

Integration

  • Supervision - integration with Centreon and Zabbix (beta - available upon request)

    Supervision and configuration management are two key functions in maintaining an IS in operational condition. Centreon and Zabbix are commonly used free supervision tools. Integration with RUDDER allows machines to be automatically added to this type of solution as soon as they are accepted into RUDDER. In addition, configuration policies in RUDDER can include a new method that automatically associates the supervision model of a configured application with the machine.
  • CMDB - integration with iTop and ServiceNow (beta - available upon request)

    iTop is a frequently used free CMDB. The integration between iTop and RUDDER allows data to be synchronized between CMDB and RUDDER. The latter allows you to synchronize configuration rules with the inventory of machines in iTop. Similar features are being finalized as part of the integration with ServiceNow.
  • Deployment - integration with Ansible and Rundeck

    Ansible and Rundeck are infrastructure automation tools that are particularly complementary with RUDDER because they are specialized in a different dimension of IT automation. They complement RUDDER in the fields of orchestration and application deployment, where RUDDER specializes in the verification, visualization, and continuous reliability of system configurations. This feature allows interconnection with RUDDER in order to benefit from the functionalities of the different solutions together. One of the main advantages is to retrieve inventory information on machines from RUDDER for use in Ansible or Rundeck.
  • Security - integration with Hashicorp Vault

    Vault is a tool for storing and managing secrets (passwords, keys, etc.). This integration allows data stored in a Vault server to be used in configuration policies, avoiding storing it on the RUDDER server and limiting access to the machines concerned.
  • Notification - integration with Slack

    RUDDER produces a flow of changes from the different agents connected to a server, centralizing all actions performed or errors encountered. This integration allows you to select events (belonging to a particular rule and/or group of machines), and generate corresponding messages by email or on the Slack instant messenger.
  • Patrowl - available soon

    This integration allows you to directly integrate the main information from security audits performed on your nodes into the RUDDER interface for a unified devsecops view.

External authentication

IT teams of well-established companies often use a directory-based user management system (AD, LDAP, etc.) to manage users. This feature dedicated to larger companies allows users to base their authentication on an external source such as LDAP or RADIUS, directly from the RUDDER web interface.

Main linux distributions support

RUDDER manages Linux machines with the most common distributions:
  • Debian 5 to 9
  • Ubuntu 10 to 18
  • RedHat / CentOS 3 to 7
  • SUSE 10 to 15
  • SlackWare 14
More detail on https://docs.rudder.io/reference/5.0/installation/operating_systems.html#node-supported-os

Windows support

Developed in partnership with Microsoft, the RUDDER Agent for Windows uses native DSC (Desired State Configuration) technology, which has been included in Windows since Powershell 4. It therefore allows to manage servers under Windows Server 2008R2, 2012, 2012, 2012 R2, 2016, and desktops under Windows 7, 8, 8, 8.1 and 10. The Windows agent provides the same management power as the Linux agent, so all the features of RUDDER under Linux are also available on Windows (except for the techniques specific to the Linux operating mode of course).

More detail on https://docs.rudder.io/reference/5.0/installation/operating_systems.html#node-supported-os

AIX support

The RUDDER agent for AIX allows you to manage servers under IBM AIX 5, 6 and 7. The AIX agent allows the same management power as the Linux agent.

More detail on https://docs.rudder.io/reference/5.0/installation/operating_systems.html#node-supported-os

Raspberry Pi and ARM support

RUDDER works on machines equipped with ARM processors (including Raspberry Pi) and thus to manage embedded machines (with a Linux OS). Thanks to the lightness and performance of this agent, RUDDER is the tool of choice for IoT, defense, and digital city projects involving connected street furniture.

Administration

UI customization (logo, color)

When RUDDER is deployed on a large infrastructure, it is common to have several RUDDER servers, each managing a different environment (production/QA/dev, different sites, etc.). To facilitate the daily life of administrators, but also and above all to avoid confusion between the different servers (which is all the more likely if they contain similar configurations), it is important to be able to distinguish them visually at a glance on the interface, regardless of the menu opened. The branding functionality, by adding coloured banners and a brief description to all pages, responds to this simple but not insignificant issue.
none

Access rights management

Using external data as node properties, more commonly referred to as "DataSources", allows you to query external REST APIs automatically to retrieve business data for each node.

Scale-out relay servers (for network zone isolation and scalability)

RUDDER tracks all changes made to the park in an audit log. Thanks to this change history, a rollback system allows you to return to a previous configuration state. This functionality, along with the audit mode and validation workflow, secures the use of RUDDER by junior administrators or IT team members further away from infrastructure management.

In short

Web management interface

RUDDER is the only open source automation tool that provides a web management interface, through which a few clicks are enough to deploy configuration rules.

Ready-to-use configurations

No need to develop the code; a library of ready-to-use rules is included in the solution.

Drag-and-drop technique editor

With a graphical creation module for custom configuations directly included in the solution, you are free to create your own rules, still without code!

Continuous compliance

RUDDER does not just execute deployment commands, it verifies and maintains proactively the target state of your IT.

Keeping an eye on compliance

Through a comprehensive dashboard, overall compliance of the machines is available at a glance.

Scalability

RUDDER's agent is developed in C, which makes it highly scalable, and has low resource utilization so you can manage up to 100 000 machines with low impact.

It’s time to know if RUDDER is the solution you’re looking for!

By videoconference or directly at your premises if you prefer (only in Île-de-France), a member of the RUDDER team will give you a free personalized demo of the software according to the issues you are looking to solve and answer all your questions. Don’t miss the chance!

Request a demo

Until the demonstration takes place, explore the interface by yourself to generate potential new questions. Download RUDDER directly or visit the online overview.

Download
Visit the online overview