- Inventory current configuration settings
- Compare configurations settings
- Detect configuration drift and diffs
What is “compliance”?
First, let’s define our terms. What does Orca consider “compliance”? The easy answer is that Orca adheres to your definition of compliance. The following are all ways you can define compliance in Orca:
- Configurations must match a gold standard reference point-in-time. For example, configurations should not have changed since the last application release.
- Configurations much match the configuration of another node – a gold standard server. Don’t worry about false positives when IP address names or server names are different – Orca tokenizes for you.
- Custom rules that dictate the values or value ranges of certain configurations.
Note that you can use Orca to support third party definitions of compliance such as PCI or HIPAA. To do this, set your configuration compliance rules and role based access controls in Orca to support your PCI or HIPAA goals.
“With Orca we can see the environment moving and see when someone does something nasty. We can keep rogue developers from doing something out of bounds. Orca saves time troubleshooting. It detects changes right away and it tells us what that change is, and who made it. We have Orca set up to automatically smack down any unauthorized changes.”
Orca alerts you to out of compliance situations in your application stack.
When your configurations have drifted out of compliance, Orca lets you know. Both Orca products, Orcastrator and Drift Detector, can send email, show alerts in the console, and provide ecosystem compliance views.
These compliance views are intuitive bird’s-eye views of “application ecosystems.” These application ecosystems include managing the configurations and relationships of applications, databases, middleware and operating systems. We call this bird’s-eye view a color coded “Compliance Heat Map”. When a configuration has drifted out of compliance, Orca colors that node red. Its neighboring nodes will show as yellow to indicate that while they may be in compliance, they interact with a node that is out of compliance.
Why is this important?
Orca highlights configuration drift, compares diffs and alerts you to compliance issues that easily escape notice in less visually-oriented tools. Sometimes the configuration drift is inconsequential. Other times diffs, drift or compliance violations indicate previously hidden problems that can lead to application performance issues, compliance violations, security vulnerabilities or outages.
Here is a common scenario. Have you ever released an application into Production and then magically the application starts performing more slowly or, worse, goes down completely? No one was supposed to touch the Production environment, and no one admits to it, but someone did. With Orca you can now immediately see configuration drift, compare diffs and correct any compliance violations between application releases. Know exactly when the change was made, what else it affected (did a database setting also change, or an OS configuration?), and trust Orca to fix it.
What does Orca do with this information?
From here Orca can remediate, or roll back, out-of-compliance configurations. You can enable auto-remediate to achieve automatic desired state. Or, Orca can alert you to the compliance issue, and when you’re ready Orca waits for the correct approvals and then remediates the configurations. You can even schedule the remediation for a maintenance window.
IT Operations use the Compliance Heat Map to discover configuration drift, compare diffs and detect compliance problems at-a-glance. The video below explains how users are visually informed of configuration drift and how Orca provides drill-down, granular details behind any compliance issues.