CloudUp | Chrome Enterprise – Healthcare Data Security

Data security is crucial for every business, especially Healthcare organizations. In this episode of CloudUp, we talk about how Chrome Enterprise and Chrome devices can help secure data in the Healthcare industry. 

Meet the Speakers

Mitchel Steele

Mitchell Steele

Google Chrome Sales Manager

rion ellis image

Rion Ellis

Chrome Enterprise Deployment Engineer

Transcript

– The way Chrome can play a role in that is that, out of the box, it’s already secured and ready to go for you. As well as being HIPAA compliant. Google Cloud in and of itself is also HITRUST, CSF certified and they meet the ISO, IEC 2700 series standards, which are the three, I guess, guiding principles of managing healthcare data today.

– Hey everyone, today we’re gonna be talking about Chrome Enterprise and Healthcare and how it’s more secure for your environment. So, if I’m a hospital system, I’m obviously heavily audited. Extremely worried about security, lots of compliance to follow. Why would I wanna look at Chrome?

– The way Chrome can play a role in that is that, out of the box, it’s already secured and ready to go for you. As well as being HIPAA compliant. Google Cloud in and of itself is also HITRUST, CSF certified. And they meet the ISO, IEC 2700 series standards, which are the three, I guess, guiding principles of managing healthcare data today.

– So, it sounds like they check all the compliance boxes. Talk to me a bit about what does that mean for me? Do I obviously, if I put in a Windows device out there, there’s a security suite I got a little of everything. What does it look like on a Chrome device?

– The Chrome device is a security suite. So, you don’t have to install anything. And matter of fact, you can’t. You can only install Chrome extensions, web apps and Android apps that are all been checked through the Android or Google Play Store. So, you don’t have to worry about those. You can’t install nefarious software on there, because you can’t actually get to the kernel and run application. So, in and of itself, I mean, it’s been designed from the bottom up to be inherently secure.

– Got it, so, from an update standpoint, or a security standpoint, all that patching is included in Chrome Enterprise, is that what you’re saying?

– Correct, it’s like about a six weeks schedule, and then they’ll roll out updates. A beautiful thing about that is it’s gonna update in the background while your users are working, so they won’t even be affected by it or notice, they’ll just see a little flag pop up that says an update has been applied, restart when you’d like to take effect. Because it happened in the background and updated the known good partition of the Chrome OS device, it only takes ’em again, 10 to 15 seconds to boot up and then be running on that updated OS.

– So, none of my Windows updates that are getting pushed are taking down a patient room for a considerable period of time on updates applied to machines that’s all that thing, all that is stuff that will no longer… I won’t have to worry about that anymore.

– Yeah and in addition to that, you don’t have to worry about users saying, oh updates are ready, do you want to apply? And then them continually clicking no, no, remind me later, it’s not an option, it’s just automatically going to happen you’ll be alerted once it’s taken place.

– Cool, so obviously in healthcare I’m using, I’m in Citrix, I’m in VMware, I’m using VDI solutions. Whatever your flavor of VDI might be. So, everything is housed in the boxes I like to say. So the endpoint, obviously, I’m securing the endpoint a bit and I’m doing that with Group Policy today on my Windows device. How am I gaining anything from security standpoint on a Chrome device, if all I’m doing is connecting people to Citrix or taking people into VDI.

– As opposed to a Windows device where you can still install applications to it and you have to make sure that device is protected and secured, you can set up a Chrome device in what’s called manage guest session. And nothing is stored on that local device, like the session is just to connect into the VDI, nothing’s on the local device, everything’s taking place on the server end. And once they close that session, it’s completely wiped and it’s like a brand new machine ready to go for the next person.

– Got it, cool.

CloudUp | Chrome Enterprise Healthcare – End User Experience

Welcome to CloudUp! In this episode, we talk about Chrome Enterprise and Chrome devices, and how it can positively impact end user experience in healthcare, specifically how it may make doctors, nurses and other staff more mobile.

Google Chrome Enterprise: Meet the Speakers

Mitchel Steele

Mitchell Steele

Google Chrome Sales Manager

rion ellis image

Rion Ellis

Chrome Enterprise Deployment Engineer

Transcript

– A lot of times when I go to the doctor, there is a desktop in every single room, and the majority of the rooms aren’t in use, so that’s just wasted overhead. Do you need a device sitting in a room doing nothing? Or do you just have a Chromebook, flip it over like a tablet, you’re walking around, and you take it with you, just like you’re taking your patient notes or prescriptions, or if you’re taking shots in to give somebody a flu shot, just carry what you need.

– Hey, everyone, welcome to Cloud Up. On today’s episode, we’re gonna be talking about Chrome Enterprise and Chrome devices, and how that can positively impact end-user experience in healthcare. So, Ryan, today, we’re talking about Chrome Enterprise, Chrome devices in healthcare, and how it might make my doctors, my patient- my doctors and my nurses and other staff, more mobile. So, I know we all know that in healthcare today, VDI is really what most people are using. So we all see the nurse, as the person doing some data entry rolls in this big cart. It’s usually got a thin client loaded on it, taking down information. There’s a battery on there, there’s a monitor, keyboard, mouse. Just seems like a lot of extra stuff that- it seems complex. So knowing that that’s what most healthcare organizations are dealing with today, how can a Chrome device help free that up?

– I would say, normally, when I think of a thin client, it’s just a really mini desktop computer that you’ll have to attach to something, or it’ll have an external monitor attached to it, and other peripherals. And then you got it on a cart, you’re wheeling that card around. And it’s still gonna be more expensive than a Chromebook. A lot of times when I go to the doctor, there is a desktop in every single room, and the majority of the rooms aren’t in use, so that’s just wasted overhead. Do you need a device sitting in a room doing nothing? Or do you just have a Chromebook, flip it over like a tablet, you’re walking around and you take it with you, just like you’re taking your patient notes or prescriptions, or if you’re taking shots in to give somebody a flu shot, just carry what you need into that room, and don’t have wasted electrical consumption, and then just devices that you then have to pay to maintain, that for a lot of times aren’t doing anything. You can do the exact same thing from a Chromebook and have all the mobility because it’s gonna be a laptop, and the freedom to walk from room to room or floor to floor. If you get one with a touchscreen, you can actually just start writing your notes right into it. If you’ve got one of your EMR databases, you should be able to access that directly from there. And it’s a lot cheaper than, say, an HP thin client which still has an OS running on it that needs to be patched and updated. You need to protect it. So there’s a lot more overhead with that as well, even though it’s just a thin client.

– Got it, and we talked about in the last episode a bit about security, so I know from our last conversation that these devices are completely secure. There’s no data stored on them at all. So the security question that might come out of what you just said is what if someone leaves the device in the patient’s room, for example, by accident?

– I mean, that would be tragic, but you have all controls over that device if it does get lost from the organization, you can remotely wipe it. If you have it set up for a managed guest session, they will be able to just get into the machine, but then they won’t be able to do anything once they’re there, because it’s not like a full-blown Chrome OS at that point in time, it’s literally just a single app that was launched, which would then require you to log into the VDI solution. So if you didn’t have the creds, it’s basically useless, and as long as it’s online, from the admin panel, you could just remote wipe that device, and it would literally turn into a paperweight.

– Yeah, and the way most hospitals are using Chrome devices today, they’re running it in managed guest just like you said.

– Yep.

– When I open the device, assuming you’re in VDI, which most healthcare organizations are, the first thing you see is that VDI login screen, and that device is paperweight. There’s nothing on it. They could pop the hard drive out. It is use fully encrypted at rest, so you don’t need to worry about anything there.

– Correct.

– Also one more. Most Chrome devices have eight to 12 hour battery life, so-

– Ah, yes.

– For an entire’s doctor shift, they should most likely to be able to carry that device the entire time, and not have to worry about it dying halfway through the shift, or switching out devices. If it does, there’s plenty of solutions out there that they can simply set that device down, pick up another one, and not lose where they were at. They can just hop right back into their VDI session. They’re not having to boot up a new machine, reopen all their stuff. It’s all still there, ready to go.

– Yeah, like, realistically, I think if I was running a small practice, I would have a grab-and-go cart of just a bunch of Chromebooks sitting there waiting and nothing in the room. And I would just say, ope, when you grab your- and right next to the charts, right? So you walk in, you grab your chart, grab your Chromebook, and then you do your patient visit.

CloudUp | Chrome Enterprise – Google Admin Console

In this episode of CloudUp, we talk about Managing Windows Devices through the Google Admin Console, and diving into the idea of removing Windows AD by using Google Cloud IDP.

Google Admin Console: Meet the Speakers

rion ellis image

Rion Ellis

Chrome Enterprise Deployment Engineer

Transcript

– We’re going to talk about Managing Windows Devices through the Google Admin Console, and possibly getting rid of Windows AD by using Google Cloud IDP. Trust me, you’ll wanna see this.

– My fellow Windows Admin, I struggled just like you for 19 years managing identities inside of Active Directory.

– It was great when it came out, it really hasn’t had much done to improve it. And, if you’re in G Suite now, syncing the identities from AD into G Suite or into another SSO okta it’s cumbersome, it can break in any kind of way.

– Then you’re stuck troubleshooting for hours and hours trying to figure out what happened. What Google just released, the ability to manage Windows devices from the Google Admin Console. You can now use Google IDP to now authenticate into your Windows device.

– You can actually push settings from the Admin Console down to your Windows device. So for those laptops, Windows devices that are mobile, that are not inside of your office or on your domain that you pretty much just hope that they’re applying their Windows updates and keeping their antivirus up to date. Because you don’t have insight into it anymore.

– It’s at the top of your network. Google Admin has now fixed that problem. You can push everything from the Admin Console. And it’s not going back to your AD server on your network over some slow VPN, just going right to the Google Cloud. And we all know they’ve got some of the largest pipes in the world.

CloudUp | Chrome Enterprise – Chrome Browser Cloud Management

Tune in to this episode of CloudUp where we dive into Chrome Browser Cloud Management. We cover why you need it, what it’ll do for you, and how it’s going to make your life easier.

Meet the Speakers

Mitchel Steele

Mitchell Steele

Google Chrome Sales Manager

rion ellis image

Rion Ellis

Chrome Enterprise Deployment Engineer

Transcript

– What is Chrome Browser Cloud Management?

– It’s a way to manage Chrome browsers across your organization. Regardless of the operating system that it’s running on and you can apply policies to those browsers without users actually having to sign in.

– Interesting, so does it have to happen on the network?

– No, nope, no, that’s the beauty of it. It’s cloud-managed, so you just set it up in your Google admin console and install the token on the devices you want it to apply to and they will start reporting back to your console. You’ll see them start populating in and it reporting from them, so yeah. Today’s episode of CloudUp, we’re gonna be talking about Chrome Browser Cloud Management. Why you need it. What it’ll do for you. And how it’s gonna make your life easy.

– Obviously, we’re not in a fancy production studio like we were last time, ’cause we’re all suffering through quarantine together. So, my workforce is remote, as most people are today and will be most likely the foreseeable future. How am I gonna manage these devices? Or how am I gonna manage these browsers on these devices if they’re not on network?

– For Windows devices, you can send them a reg file, and have them import that file into the registry which will have the token in it and that will allow the browser to then start reporting back the admin console for you to start collecting data. On Mac devices, if you have Jamf that you’re using to manage them, there’s a setting within Jamf where you can push that same thing to their PLIST file and that will then accept the token and allow that device to then start reporting as well.

– Cool, so what you’re saying is, my workforce is remote, and if I’ve got a lot of Windows devices, I can still figure out a way to manage that browser even though they’ve been off network for a long time.

– Absolutely.

– If you’re in a predominantly Mac environment, it’s even easier to get that browser management rolled out.

– Yeah, because you can just push it directly through Jamf. I don’t know many Windows, I’m sorry, any Mac shops that don’t use Jamf to manage end points. Really easy with Jamf.

– Jamf seems to be the industry standard now.

– Right.

– So, tell me a little bit about, once I enroll a browser, what does that even mean? What controls do I get? Why would I want to do that?

– Once you enroll the browser, you’ll start getting reporting information back from that browser, whether that user signs in or not. It’ll tell you things like, how many profiles that user has set up within their browser, what extensions, apps that they have installed. And it’ll give you limited information about the machine, like, CPU, memory, little details like that. The greatest thing about it, is it allows you to see all applications and extensions that are installed within your organization. So you can quickly go through and if you know of some known bad ones, and that really the greatest benefit of this, is getting insight into what’s going on in every machine in your organization. And you find a bad extension, unknown bad one, you just click it, disable it once, and it will disable it for your entire organization.

– So I don’t need to go and check through each profile to see what Sally’s got, what Bob’s got. I can see every instance of a specific extension and take action on it from one spot, is that what you’re saying?

– Exactly. And so, really what it’s gonna do, it’s gonna collect all that information from every single machine and then it’ll list every application with how many machines it’s installed on. So you can say, oh boy, this application’s installed on 1400 machines, maybe we should just automatically push these out to our devices as admin policy, as opposed to making these people install it themselves. And then, the reversal of that is, alright, well, we don’t want people to have coupon code, whatever deals withdrawal is, no, it’s anonymous, but malware. Right, like, for real. Like, coupon, click here to get your free deal. That never works, it’s not a good thing. So you can instantly just block all of those.

– Click here to get your virus.

– Yeah right! I mean, we’ve become so numb. It’s like, something pops up, and you’re just like yup, click, yup.

– Yup, yup. Okay so, I think it’s pretty easy to see where the benefit is for an admin. I mean, obviously, as admins, we want more control. We want to know what’s going on. We want more security. So, I think the benefits pretty clear there. Let’s talk about benefits for end-users. What’s this gonna do for my end users? If we put them a managed box, if you will, is it gonna make their life more difficult?

– No, it’ll actually make their life easier because whether they go from their Windows machine or to their Mac machine, or through their Chromebook, the experience is gonna be the same. They won’t notice, well I mean they’ll notice a difference between the OS, but as far as their browsing experience, their favorites, all that good stuff they have saved, it just follows them wherever they go.

– Got it. And then, how about, does this give me the ability to maybe push helpful tips or information to them? For example, if we have company internet–

– Yeah absolutely.

– How would I get that to them?

– Go into the admin console, you can add it to the bookmark, and then they just see a folder in their parts bar, and it could be like, company name, and you could list however many you wanted there, like quick help links, you know, here’s our HR sites, here’s what we’re known for, you know, BTO, whatever. And it’d be the same for everybody, so…

– To the ability to really make the end users life, potentially even a little bit easier by just help giving them some helpful policies.

– Absolutely.

– While still gathering that admin data at the same time.

– I feel like, for me, the greatest benefit is just, I mean, knowledge is power. The more knowledge and information I can have, the better I can do my job, this is just gonna collect a lot of information for you to help you make better-informed decisions. And then it’ll also help you decide, what is gonna be easiest for my employee, right? I’m having a new employee coming onboarded, and these seven apps are pretty much everywhere on every machine on my org, I’m just gonna automatically push these down, so it doesn’t require any user action to get those.

– So you also answered this earlier, but I wanna circle back to it. We talked a bit about Mac and Windows. How does managing the browser differ across the different OS’. Whether its Chrome, Linux, Mac, Windows, do I have to go to different panes? How do I do that?

– Nope, it’s the same experience, regardless of OS. And that’s kind of the beauty of it. We call it unified browser management from the cloud. So its across the org, device independent, you can manage them all the exact same way.

– Got it. So, if I’m in a choose your own device organization, which is becoming more and more popular today. Meaning that when you’re hired, you get a list of devices, it might be a Mac device, a Windows device, potentially a Chromebook as well, too. It’s still one set of policies across all devices.

– Absolutely. ‘Cause they’re being applied to the browser itself. So, yep, the browsers are gonna be the same.

– Awesome, so, I think you hit on three points so far. Number one, why it’s good for admins. Number two, why it’s good for end-users. And then how it’s gonna make everyone’s life a little easier. I guess, the last point I’ve gotta ask is, how much does it cost? I mean, it’s gotta be expensive, right?

– And that’s the part that usually gets people, you know. ‘Cause you get a lot of great services, so, they figure it’s gonna be pretty expensive. But it’s free 99. It literally doesn’t cost a cent. It’s available for you to simply do it for you.

CloudUp: Grab and Go with Chrome Enterprise

Everyone is talking about the convenience and flexibility of Google Chrome OS and Grab and Go. In this week’s episode of CloudUp, we cover the benefits of the powerful Grab and Go, the common questions people have and how organizations can easily get started.

Meet the Speakers

Mitchel Steele

Mitchell Steele

Google Chrome Sales Manager

rion ellis image

Rion Ellis

Chrome Enterprise Deployment Engineer

Transcript

Rion

With Google Chrome OS and Grab and Go, it’s basically like a roaming machine, right? Like it doesn’t matter what machine it’s on, anytime I, or any machine I grab, I’m going to get all my information pulled directly now.

Mitchell

So it doesn’t matter if I come out and take the first one, or the 12th one, or the sixth one?

Rion

Yeah any single device, you’re gonna log in, all of your information’s gonna be there.

Mitchell

On this episode of CloudUp we’re talking about this guy.

Rion

And no, it is not Johnny Five.

Mitchell

So Rion, what is Google’s Grab and Go?

Rion

Grab and Go is a program that has a bunch of laptops, or whatever Chrome devices, sorry, are ready and available for you to use, no matter what.

Mitchell

Uh what does the set-up time look like? I mean does the IT person have to come over to like get me logged in or anything like that?

Rion

Nope, set-up time is nil, they’re literally ready to go, waiting for you.

Mitchell

That’s awesome. So anyone at the organization at any point can come up and just pull one of these books out and use it as their device?

Rion

Correct. You can walk up to the device, unlock the shelf, open up the device. Just open it up, log right in with your network credentials and basically all of your profile will then come down.

Mitchell

Okay.

Rion

Really the only thing you have to do is decide how long you want to keep the device. Which, I mean, for some people could be a difficult challenge. But I have faith.

Mitchell

So I’m an employee that just trying to get the kids in the car and just forgot to throw my backpack in. Laptop is sitting on the couch at home. I can, this is a great solution, right?

Rion

Yep.

Mitchell

What if I left it at the bar last night?

Rion

Grab it!

Mitchell

What if, what if my kid dropped it off the table?

Rion

Punishment. Grab it!

Mitchell

What if I lost the charger?

Rion

Uh, grab it.

Mitchell

What if I want to bike to work?

Rion

Leave that laptop at home and grab it! I’ll tell you that the reasons are endless, right, but this is always here ready and waiting.

Mitchell

Cool. Even if it’s my Windows machine decided it was time for a two hour update? And I have a presentation in ten minutes?

Rion

Absolutely.

Mitchell

Yeah.

Rion

Especially with G Suite products, you know. You keep your stuff on Drive. As soon as you login, the magic of the cloud.

Mitchell

What if I’m on Office 365?

Rion

That’s fine too, we don’t discriminate. You can install the Android apps for Office right onto the devices themselves. They operate a lot like Microsoft Office products you have on your desktop today.

Mitchell

Cool. So Rion, I know you used to work in Windows and in other OS’s as well. Has it always been this simple to just grab a device?

Rion

Absolutely not.

Mitchell

Like how does this work in a previous life?

Rion

Uh, previously it would typically be like whatever laptop we had lying around because it was available.

Rion

So I got the old one.

Mitchell

Ready to be recycled, exactly.

Rion

So, uh, then I’d spent two hours setting up a profile for you, installing the software you’d need on it, right.

Mitchell

So you got to push, you got to image it, put the security suite on it.

Rion

Yeah. So I mean it’s minimum two hour investment. Probably closer to three cause it’s probably an old laptop, slow, so it’s going to take even longer. And then I’d hand it to you, and you’d maybe get another one back in a week or two whenever we had a new one ordered.

Mitchell

Wow, okay.

Rion

Um, the thing I like to tell people that are new to this, especially Chrome OS in general, Windows admins back in the day we’d have roaming profiles. Which were great in theory. In reality they were horrendous, right. Cause not every single machine was the same. You wouldn’t have the same applications so it just, it was a disaster. Well with Google Chrome OS and Grab and Go it’s basically like a roaming machine, right. Like it doesn’t matter what machine it’s on. Any machine I grab I’m going to get all my information pulled directly now.

Mitchell

So it doesn’t matter if come out and take the first one or the twelfth one or the sixth one?

Rion

Well I mean if the sixth one’s dead, like the battery is dead.

Mitchell

Like someone else has put it back on and

Rion

Yeah, that’s about the only worry you’re going to have.

Mitchell

Yeah.

Rion

Yep. Otherwise we’ve got any single device, you’re going to login and all of your information is going to be there.

Mitchell

And then from an IT perspective, do I need to worry about coming over here and making sure that people forgot to, no one ever remembers to delete their stuff. But do I need to like go through and check all these?

Rion

Depending on how you have it configured, no. Most of our customers that we’ve been doing this for, we set up what’s called Ephemeral Mode. So as soon as that machine or that user logs out their profile is then wiped from the device.

Mitchell

So at that point it’s, when they hit Sign-out it’s blown away, ready for the next person.

Rion

Correct. Yeah.

Mitchell

Okay. So it’s literally something that I don’t really have to touch?

Rion

No.

Mitchell

What kind of feedback are we getting from some customers that we’ve set up Grab and Go for?

Rion

Actually the feedback has been awesome so far. One of our customers that we set it up for, they’re using it in their break fix department. So like all their techs in there. Everybody in their, or whenever they break their machine or whatever, goes down to the tech depot. Tech pulls out a Grab and Go loaner for them, hands that to them and while they’re working on their machine. The funny thing is, is like one out of every five users wants to keep the Chromebook as their primary machine.

Mitchell

That’s great.

Rion

So in other words, like if you don’t have Chrome OS in your network today this is a great way to try it out.

Mitchell

So you could almost think about, if I’m maybe in IT or a security person, um, that really likes the idea of Chromebooks but doesn’t want everyone dragging and kicking and screaming to Chrome. This could be a really good, uh, low resistance way to give people an option to try out Chromebook and see if it could be something they could see themselves working from?

Rion

Absolutely. I think you could almost say it’s like, almost like car2go, right? Like maybe you always thought you wanted a little Mini or whatever and some stage just went and got car2go for a little while and drove it around, decided you didn’t, um, because it was a Mini. Um, but this you can take it for free, know what I mean.

Mitchell

Try before you buy.

Rion

Yeah, exactly.

Mitchell

If I want to install this onto Chromebooks or set up my own Grab and Go, how do I do that?

Rion

Contact Agosto.

Mitchell

What does it look like if I contact Agosto, how do we help customers?

Rion

We help them out by doing, it’s kind of like a three step approach, right. So we’ve got to install the Grab and Go web app engine.

Mitchell

Okay.

Rion

Then we’ll create the Chrome app that will then publish to your company’s web store.

Mitchell

So it’s a Grab and Go that’s specific to me.

Rion

Correct, it’s private to your company. And then the last piece is just configuring some policies on some custom O.U.’s that need to be created for Grab and Go to run.

Mitchell

Go it. So it doesn’t then interfere with my other Chrome website that I have running in other use cases.

Rion

Correct, correct. It’s sandboxing if you will.

Mitchell

Got it, cool.

Rion

And that will do it for today’s episode of CloudUp.

Mitchell

Let us know in the comments what you think about Grab and Go, and if you have any addition questions. You might even get a free piece of swag.

CloudUp: Network Certs on Chrome Enterprise

Many companies today have a website that requires authentication via certificates instead of usernames and passwords and almost all enterprises have some sort of certificate-based authorization with their network. In this episode of CloudUp, we dig into client certificates and how to use them with Chrome Enterprise.

Meet the Speakers

Mitchel Steele

Mitchell Steele

Google Chrome Sales Manager

Ray Pitmon

Ray Pitmon

Solution Architect in Advanced Services

Transcript

Ray

Most client based certificates are user based. For an example with the Chromebook as user can log into the Chromebook and then go through a process where they download a certificate. The certificate has information embedded in it that they know it belongs to that user, gets installed on Chromebook and then the Chromebook will use that to connect to the network after that.

Mitchell

Interesting. Hey everyone. Today we’re talking about client certificates and how to use them with Chrome Enterprise. So what is a client cert?

Ray

So a client cert you install it on a Chromebook, it can be associated with the device or user and it’s used to authenticate the user to websites. So a lot of companies will have a website that requires authentication via certificates instead of usernames and passwords. And then they’re also used and probably more commonly used to authenticate the devices on like a Wifi network. So you can configure your Chromebook to connect to the Wifi network that requires like a corporate network that requires a specific certificate that you’ve had installed on the device. So by doing that you can obviously keep other devices off of your network.

Mitchell

Is this something that’s pretty common in enterprises today?

Ray

Oh yeah. Almost all enterprises have some sort of certificate based auth with their network.

Mitchell

And does that ever factor into things like single sign on or authentication?

Ray

Yeah. So most client based certificates are user based. For example with a Chromebook a user can log into the Chromebook and go through a process where they download a certificate. The certificate has information embedded in it that they know it belongs to that user, gets installed on the Chromebook and then the Chromebook will use that to connect to the network after that.

Mitchell

Interesting. So Ray how do most companies issue certificates or install certificates on their machines?

Ray

The easiest way and I think the way most people do it is through Microsoft Windows. So you’ll set up a Windows server as a CA and Google built a Chrome extension, so you install Chrome extension on your devices. That extension communicates with Microsoft server to pass credentials to the server and download certificate, install the certificate on the device in it’s TPM.

Mitchell

Got it. And that’s the machine cert that’s on the actual device itself?

Ray

Yeah. It can be machine cert or Microsoft can generate user based certs as well.

Mitchell

Okay. So if I’m in an organization that actually requires both maybe I have a machine cert to get access to my network and then a user cert to get, like you talked about earlier, a user cert to get access to certain web applications internal or something like that?

Ray

Yeah you can install both. That extension will let a user request certificates, basically enroll a certificate, so communicate with the server and download the specific type of certificate onto the device. In some cases people will actually create, and we’ve done this for people, create a custom extension so you may want to send custom information to the certificate server to download to customize the actual information or log that certs happened. There are multiple reasons that you might want to do that. So you can create your own custom extension and use the same APIs that Google uses in their extension to install this cert as well.

Mitchell

Got it. And why would you need or want to use a custom extension? As opposed to the Google made one? Or maybe even if you have a third party like Aruba or Cisco some of the products have Chrome extension already built, but why would you maybe want you own extension?

Ray

Well say you had a custom workflow that you needed to follow and in some cases you might install a bootstrap certificate that will allow you to get your device on an internal network and then the second step might be to install the real certificate associated with the user. And that would be one thing where if you wanted to make a more seamless experience for your users, you’d want to create a custom…

Mitchell

Extension.

Ray

Yes. Create a custom extension.

Mitchell

And I know this is something we’ve done for several customers and was that most of the reason why is the custom workflows they needed?

Ray

Yes. We’ve also done some work where we’ve integrated with CAs that weren’t supported that there wasn’t an extension already available. So we kind of had to start from scratch and use APIs to communicate with a CA. So we used the external APIs to talk to the CA, pass the information about the user, the device things like that to the CA. Get a certificate back from the CA and then use the internal Chrome APIs to install that certificate on the device.

Mitchell

Got it. So if I’m an organization and I have a Microsoft CA, one of the versions we mentioned earlier, how do I go about getting Chromebooks on my network?

Ray

I suppose you kind of have a chicken and egg thing going, right? The device isn’t on the network, it doesn’t have a cert, how do you get it on a network? You might have another Wifi network that was configured to allow access just to that CA. And the internet because user logs into the device and then it can access that CA directly and download the certificate. And then Chrome will automatically switch over to use the more secure network. Some people also will use ethernet. So they’ll actually plug in an ethernet cable after they do the Chromebook. And we’ve also had customers that will actually load a temporary cert and I kind of mentioned this earlier, where they’ll load a temporary cert on a USB key, plug the key in, go through a process of pulling the certificate off the key, installing it on the device. That certificate will allow them to have access to the network. In a lot of cases they may stay with that certificate or they might switch out that certificate that’s specific to a user.

Mitchell

And I’m assuming the reason they would maybe use a bootstrap certificate is maybe they’re having their devices enrolled by a third party or a IT provisioning company so they don’t have to touch each one, but then that way they don’t also have to hand that third party company an internal certificate. Is that usually what you see people doing?

Ray

Yeah, right. You can imagine that if you order a lot of Chromebooks you might have a company do some sort of white gloving service where they do some sort of pre configuration of the Chromebook and one of those things might be to install the certificate on that Chromebook that will allow it to get some level of access to your network. So then you can ship your devices directly out stores or wherever they’re going, offices things like that.

Mitchell

Cool. So I know we talked a lot today about Microsoft CAs, I think it’s probably important to know the other network providers that have CAs or have their own certificate authorities, Cisco ISE is a good example I know. Aruba also has a solution. They’ve actually built solutions for Chrome OS as well too by building their own extensions that you can push out across your network. You also have the option of if you need something custom, having that built as well too.

Ray

Right. And the one thing we didn’t really talk about was we mentioned it was using certificates for authentication. So in a lot of cases companies will build like a website that doesn’t use user name password, but uses certificates to authenticate and you can push those types of certificates as well down to the devices. And in some cases we’ve seen where and this is where the bootstrap certificate comes in, you can have a bootstrap certificate installed on a device which then allows the device to communicate with the CA to install the final certificate. So then if you had your CA available on this Wifi network that was kind of open but not really open and you allowed any device to connect to it of course if they have the login information for that or if it was even public, the device could connect to it. It could access the CA but it couldn’t authenticate it because it didn’t have that certificate on it. You wouldn’t have to worry about people bringing their own devices, plugging it in to the network, and being able to access that CA to download certificates.

Mitchell

Got it. So it’s another security protocol? It’s another level of security then. To make sure that every device is company owned.

Ray

Right. Because the certificates are installed on the devices and can be configured against all oncoming devices.

Mitchell

Cool. Thanks for watching this episode of Cloud Up. Are you using certificates at your organization? Drop a comment. Let us know how using them with Chrome Enterprise.

CloudUp: The importance of DevOps for your move to ‘the cloud’

DevOps can mean something different to everyone. It holds a very broad meaning today, which makes it tough to define. This episode of CloudUp covers why DevOps is critical for the move to the cloud, as well as the considerations to take while in the migration process.

Meet the Speakers

Han Kim

Han Kim

Principal Architect

Jeremy Pries

Jeremy Pries

Director of Cloud Infrastructure

Transcript

Han

Everyone thinks DevOps is probably something a little different than what everybody else, somebody else thinks, you know.

Jeremy

Yeah.

Han

Well, on the cloud they think that it is the center, or should be the center, of your cloud migration journey. Because, without it, I think that you’re going to get yourself in trouble right away. Welcome to Cloudup.

Jeremy

Today, we’re gonna be talking about why DevOps is critical for your move into the cloud.

Han

I think that DevOps, that term is really broad. And I think that when you say DevOps, Everyone thinks it’s something different. Like, from history, on-prem world, multi-cloud hybrid, bla, bla, bla. Everyone thinks DevOps is probably something a little different than what everybody else, somebody else thinks.

Jeremy

Yeah.

Han

Well, on the cloud, I think that it is the center, or should be the center, of your cloud migration journey. Because without it, I think that you’re going to get yourself into trouble right away.

Yeah, I think first of all, DevOps like, is tough to define,

Han

Yeah, for sure.

Jeremy

Right? We know there’s been a lot of great talks out there to try to get to the definition of what does it mean to DevOps, right? It’s the integration, development and operations. And, I’ve run into people who think that means like if you do DevOps projects, you’re an Agile consultant.

Han

Oh. Right? And that’s like, related,

Jeremy

Yeah, you–

Jeremy

you’re not off base,

Jeremy

But, it’s not exactly it, right? So it’s I think it’s a lot about the process. Agile’s about the process of developing, right? And DevOps is about the process after the code’s written.

Han

Ah, I see. Yeah, that makes sense, I mean, sometimes I feel like when we look at DevOps, especially when we get infrastructure as code, and infrastructure, and networking and policy as code, like we have to kind of think, it’s a strategic framework, right? Like with DevOps, deploying to the cloud, or migrating to the cloud, becomes a strategic operation. You have to think like in the future. We have to set these things up to get to where we want to be. Versus the tactical, which is like, let’s just grab a tool and migrate a bunch of VMs in. And we’re done.

Jeremy

Yeah.

Han

And, that’s why I think what leads to a lot of trouble.

Jeremy

Yeah so lift and shift is something that we’ve talked a lot about over the years, right? And that’s the concept in my mind of taking our VMs and our processes and placing them in a cloud provider.

Han

Got you.

– And then operating them as-is

Han

Yeah.

Jeremy

Right, so we kind of moved into someone else’s data center.

Han

Right, exactly.

Jeremy

And I didn’t even know what, like, we probably missed a lot of advantages that we’ve got out of the new platform, Right so, I think it’s been meaningful for our customers to think about modernizing things as a part of moving into cloud.

Han

Yeah, I think that that part has been decoupled somewhat in the beginning because of the desire for the cloud providers to acquire customers. So, they want the simple messages of like, just lift and shift it over, right?

Jeremy

Right.

Han

And then, what happened is a lot of people did that, and then afterwards you’re like, why are my costs spiraling out of control? You know, why are we having all these VMs up and rolling that we have no idea who controls them, who spun them, what they’re for, and they’re a little bit at a loss. And, they have to clean up that mess backwards, which is like, virtually impossible. But, can be done if you break it down into small component pieces.

Jeremy

Yeah, we think about moving VMs in and I almost always think about moving our little pets in, and we have to take care of them, And make sure that they’re healthy. And, cloud’s a lot more ephemeral.

Han

Yeah, for sure.

Jeremy

Right, so I think the methodology, in my opinion, is definitely to try to find a way to think about infinite scale. Think about, you know, the fact that we don’t have walls on the data center. There’s no limits, right? And so, we can implement some new processes as we come in.

Han

Sure. I think that like if we look at, maybe, the concepts of CSCD, infrastructure as code, automation, which lends more to the tool sets that we’re using. And expand that outward to process. Then suddenly like, the migration gets in about like, the single factor like costs,

Jeremy

Yeah.

Han

I mean, that comes up a lot like, that we’re moving for costs. Well, yes, but in what way are you talking about? Is it just saving from your on-prem to going inter-cloud? Or is it that you’re saving because you’re scaling and growing, and you want to scale and grow in a controlled and intelligent manner, you know? Well, what way are you looking at costs? And without having a strategy going in, like, I think that you can be very surprised, because you haven’t looked at all different aspects, that can go out of control.

Jeremy

Yeah, I mean the pure cost of compute is one way to look at it, and it’s important not to forget about it. Right, but what business advantages do we have?

Han

Precisely.

Jeremy

As part of the move, and how does that factor into costs.

Han

Yep.

Jeremy

Like, just say you paid a little bit more for your VM, right, but you paid per second.

Han

Yes.

Jeremy

Right, that’s an advantage.

Han

Yep. And you can scale it, and you can build ephemeral build servers. And you can do things like, that you’re saving for in another talk that you made at next, that in terms of the billing of a large part of this, you don’t understand what you’re billing for, because you’re standing up things without really understanding the cost basis for them. Or the reasons for them, right?

Jeremy

Yeah.

Han

And automation, and things that come within DevOps allow you to kind of think for a second, like, why does this need to be turned on or set-up? What is the purpose for, who owns it? And you know those types of things that you can then start to track, with the process.

Jeremy

Yeah, yeah sure. I mean, we have skews and we have different ways to organize our costs. And now we’re able to efficiently align costs with, hopefully, specific business initiatives. You can if you’re a multi-tenant software provider, maybe you could align specific customer costs.

Han

Oh I see. Like so, not only internal costs, but costs that you’re passing through as well.

Jeremy

Yes, absolutely. So you can help maybe price your product better, or maybe optimize, and find better ways to deliver that particular customer.

Han

I also think that like, as we, we may talk about this in a little bit, but like the center of excellence idea of how do we start our journey into the cloud with a bunch of people who are already concentrating on these types of topics, right? DevOps, ephemerality, infrastructures, code, managing, cloud. How do we start there, instead of ending up there after the fact, which I think is obvious, not good.

Jeremy

Yeah, yeah, right. I mean it’s important to have foundations from the beginning, right? So we deal with a good framework for identity and access, right. Set up a good framework for networking, maybe not knowing what needs to talk to what yet, but we implement a good amount of features from a networking side, so that our business units can consume what they need to from there. And it’s a good time to get started with infrastructure as code, right? It’s a lot more expensive to start infrastructure as code after.

Han

Yeah for sure.

Jeremy

Instead of before, when it’s that new. So during the foundational stage, it’s a really good time to implement some new tool sets.

Han

Yeah I also think that in terms of DevOps as a buzzword, DevOps is not strictly an IT function. It’s not something that’s like, isolated or regulated only within tech, the technical component of it. It also has to deal with the business you, as you’re saying. The business drivers, and how we integrate that into the world, of the technical into the IT world. And facilitate that business need through a process.

Jeremy

Yeah, yeah, I mean I think I like to think of DevOps as a mindset, and the mindset is just iterating faster.

Han

That, nice, yeah.

Jeremy

Releasing things faster, whether you know, hopefully it’s you know, customer functionality, but there’s customers inside of our business as well as our actual customers who pay us money.

Han

True.

Jeremy

Thanks for watching this episode of Cloudup!

Han

Leave your comments and questions below, and with some Agosto swag.

Jeremy

Thanks and see you next time!

CloudUp: CI/CD as a trend in DevOps

CD becomes more effective depending on how we design our infrastructure to deploy apps. In this episode of CloudUp, we provide insights on how to successfully get started on continuous deployment and when it comes to CI/CD, what needs to be in place for a smooth transition.

Meet the Speakers

Han Kim

Han Kim

Principal Architect

Jeremy Pries

Jeremy Pries

Director of Cloud Infrastructure

Transcript

Jeremy

CI is a little easier to picture, you know, as we transition into CD and try to deploy, you know, the name of the game in the CICD space is try to iterate faster; try to release things faster, try to add customer value faster. So, CD’s a little bit harder, would you agree?

Han

I mean, extremely. I think the bar between CI and CD is extremely high.

Jeremy

Yeah.

Jeremy

Yeah, for sure, for sure. So, CD becomes more effective depending on how we design our infrastructure to deploy our app. Today we’re gonna talk about CICD as one of the top trends in DevOps. So I know you’ve done some projects in the CI space, and, like, what kinda stuff are you doing now that we’re not tied to physical machines anymore at all, even if they’re VMs? Like, we don’t buy a set of hardware anymore. We have kinda, like, this limitless, seemingly, data center. Like, what?

Han

Well, I think that, historically, was like, you have a giant build server, and if we’re talking about things that require build, like Android or Java, or things that require time to go through a process whereby there’s maybe, possibly, even automated testing or some testing as part of that, we’re looking at how we change the mindset from we have fixed amount of compute that we can leverage all the time, ’cause we’ve prepaid for it, ’cause it’s on-prem, it’s hardware, versus the ephemeral compute, which means that we can take massive machines for brief amounts of time to do things faster, right?

So, the key here is, like, on an equivalent level, if you say, “Okay, the processing of the on-prem machine has so much capacity and speed. The equivalent in the Cloud might have, you know, a similar speed or capacity. The difference is when things start to scale. So, projects that I’m working on require ability to keep up with a dynamically growing set of requirements that require more and more developers to come into play and build these kind of rather large artifacts, and do that in a way that they can do it any time on demand, and so we spend up giant build servers that last for minutes instead of, like, an hour, two hours of continuous running to build these artifacts and then disappear.

And I think part of the CICD methodology that we use that works the best is to make sure that we take everything that doesn’t require consistent and constant compute, like you’re talking about, and make those into larger, ephemeral machines, so that we can leverage the speed change without necessarily paying for something that’s lying there idle most of the time, or even some of the time.

Jeremy

Oh, gotcha, so, we have a pipeline that fires off of build, right, instead of having numerous people using the same build server, like a pipeline points to a specific build server? You’re saying, like, make a bunch of copies of that?

Han

Yeah, so build up a new one, let it do its thing, and then die. And everyone has their own, so if you have 500 developers and they’re all tryin’ to use one or two or three on-prem boxes, like, it gets inefficient really fast. There’s no ability to scale that really easily.

Jeremy

Yeah, and I know you’re able to size the VMs then, a little different than if you were, say, running VMware upfront.

Han

Yeah, for sure, right.

Jeremy

Right? I think we might allocate a bunch more VCPUs and try to accelerate that build process.

Han

Yeah, well, we have almost, I could say infinite, but a great deal more overhead, you know, in terms of what we can size around, versus what we have on prem, which is contained by the machine that the VM is running on.

Jeremy

Yeah.

Han

Yeah.

Jeremy

Yeah, so this is, like, really cool for long-running builds, right? Or what were long-running builds, at least, if something took a couple hours.

Han

Yeah, or compute-heavy unit requires a lot of processing. Like, image and video processing is a good example, like, doing that on a single machine takes forever as all production people know who do video, 4K, 8K video, but if you put them off to ephemeral machines and let them do it synchronously, they can make builds and start doing processing outside of your work environment or your work time, right?

Jeremy

Yeah.

Han

Which makes it much more efficient for people, I think.

Han

Yeah, for sure. And per-second billing, does that matter in this space? It sounds like it’d be an advantage.

Han

I think it’s huge because if we look at, like, the on-prem world, we have to forecast when we do our leases for hardware, in advance what we think demand will be. So, like, HVAC, for instance. You have to kinda plan for worst-case scenario, and how do you do that in an environment where market demand, business demand, change, especially when you look at 3-year leases, or multi-year leases, right? In this case, for the per-second billing, we’re not, kinda, burdened by the inefficiency of pre-purchasing a huge amount of things that we may or may not use, or we might saturate all the way and then we’re left in a difficult situation ’cause we don’t have enough compute resources. So we only use what we need at the time, and I think architect the infrastructure as code, application as code model. You know, it’s way more efficient.

Jeremy

Yeah, for sure. So even a build that took a few minutes, if we have per-second billing, could save a bit of money, right, by paying on the second instead of rounding up to the next minute?

Han

But at any scale, for sure. I think that’s definitely the way to go.

Jeremy

Yeah, yeah. And so global development teams can take advantage of this kind of thing too, right?

Han

Oh, especially, because, you know, depending on which call provider you are on, like, you can stand up things anywhere in the world, in multiple regions, and that cost of having that multi-region deployment of all your builds and your code repositories, then leveraging those areas, these build servers that come and go. So, you know, the cost might increase a little bit because of the regions that you’re in, but then, again, the efficiency is so high because you pay per use that you can change or exchange speed of deployment and change for the cost, in essence.

Jeremy

Yeah. So, CD’s a little bit harder, would you agree?

Han

I mean, it’s extremely. I think the bar between CI and CD is extremely high.

Jeremy

Yeah, for sure, for sure. So, CD becomes more effective depending on how we design our infrastructure to deploy our app.

Han

Yeah, well, I don’t think you can do it any other way, really, because, like, in the past, think about doing continuous deployment on the on-prem environment. Like, how would you even really go about doing that? Like, you would have to pre-prep a situation that is wildly complicated, you know?

Jeremy

Yeah, yeah.

Han

Nowadays with infrastructure as code, not so much, ’cause you can actually stand up the infrastructure as well as applications.

Jeremy

Yeah, yeah. So, our average customer is a Netflix, right?

Han

No, no.

Jeremy

Right? So, like, let’s assume we have some CI in place. How do we get started on a continuous deployment? Like, what’s the easiest spot to start from?

Han

Oh, man, that’s a tough one, because, you know, to get to CD, or even to CI, DevOps in general, you know, it’s the whole technology, you know, processing people. We have to kind of make it a mindset, an organizational mindset. But let’s say we’re saying, “Okay, we’re already deploying, you know, now and then, and we’re making updates now and then. Now we wanna allow developers to respond as quickly as possible.” I think we have to look at, okay, we’re not deploying to the same machine , you know, we’re not doing the old-school way of replace what’s there with this new code and test it because there are lots of problems with it. There’s errors, or issues, or multiple people are making changes to the code base and you’re not really aware of what other teams are doing, especially multi-national teams, et cetera. I think the better way is to actually stand up another ephemeral infrastructure, like replica, and deploy to it and do traffic-shaping from network as code piece, where we can say, “Let’s put like five or 10% of the people to the new code. Let’s just see if it’s working in the wild. Let’s see if we can handle the scale.” If not, we can roll it back, and if it does work, we can change the split from 90/10 to 100 for the new deployed code and take down the old one.

Jeremy

Oh yeah, cool, so infrastructure as code comes back into play, right? I mean, we already wrote code, and to deploy that whole infrastructure, so you could replicate for every release.

Han

Yep.

Jeremy

Wow, ultimately everything.

Han

The whole environment. Everything that supports the environment.

Jeremy

Yeah. So I think, well, one thing I’ve talked to customers about is that it’s kind of ongoing. It’s like a continuous improvement process.

Han

Yeah, for sure.

Jeremy

Right? So you start with CI. You know, basic CI in place is something that most development shops already doing, right? But then, add on a little bit of automation at a time, and eventually, ten years from now, you might be a Netflix, or maybe the tool sets are more mature–

Han

Yeah.

Jeremy

right now to make it that a little more achievable than when they started however many years ago that was.

Han

Well I’ve seen, I think, you know, the trend is that lots of people try to offload the burden of the automation on the tool set side to, like, a web-hosting CI tool.

Jeremy

Oh, sure, yeah, like CI as a service kinda tool?

Han

Exactly, so that’s kinda been the new thing, like, I know, whole systemic earth, and Google, and other things are on the rise now, but I feel like the tool, in and of itself, is never gonna be enough. Like, there has to be a core, fundamental organizational mindset to be able to support this type of thing, and that’s why those take iteration and time, because the change-management of each component piece leading from CI to CD needs to be in play before it actually can happen in a way that’s not a disaster, you know?

Jeremy

Yeah, yeah, cool.

Jeremy

Thanks for watchin’ this episode of CloudUp!

Han

Leave your comments and questions below and win some Agosto swag.

Jeremy

Thanks, and see you next time!

CloudUp: Infrastructure as code in DevOps

A common myth in the DevOps space is a lot of customers viewing infrastructure as code as something that’s only designed for small startups who are just getting their business started; however, what many don’t realize is the power and effect it has in the enterprise. On this episode of CloudUp, we’ll go through how to successfully manage your infrastructure as code and the benefits it can bring to your organization.

Meet the Speakers

Han Kim

Han Kim

Principal Architect

Jeremy Pries

Jeremy Pries

Director of Cloud Infrastructure

Transcript

Han

I was just at a Google PSO event in New York and they have this new diagram which is a subway map so it starts with the main trunk and then it splits off into network, application, and policy but it begins with infrastructure because without that, nothing else can actually have a life right? So, the idea of not using infrastructure as code seems old school, maybe that’s the right way to put it.

Jeremy

It does, yeah, it does. Today we’re talking about infrastructure as code as a trend in DevOps. So, with infrastructure as code, a lot of customers view it as something that’s really designed for small startups who are just getting going and they don’t really see it as something that works in the enterprise. Maybe it has this sort of superhero complex that goes with it where an individual is able to develop the infrastructure as code from the ground up all the way through the app stack and it doesn’t really work in a team approach. So, they view it maybe more as a deployment script methodology.

Han

Versus what you’re thinking about you’re saying or with how you would frame it?

Jeremy

Right, versus using it as a way to actually manage your infrastructure going forward. So, instead of just deploying a particular environment and then managing it with some other config-management techniques, live the lifestyle of infrastructure as code which means every single change, you’re gonna go back to the code repo and go back to the code lifestyle and deploy it.

Han

From the infrastructure network side and all that you’re saying, like managing that in a code repo as if it were a exactly that code.

Jeremy

Yeah, for sure, for sure.

Han

So, helping to facilitate sort of like the separation of duties, who has control over each aspect of that stack really you know? Not having to superhero controlling all of it.

Jeremy

Yeah, instead of having the super hero, we have different responsibilities within the environment as well and we have more than one person on a particular team.

Han

That makes sense.

Jeremy

So, take a network person, for example, they may manage just the network portion of the environment and the rest of the team contributes at other levels.

Han

Makes sense. I was just at a Google PSO event in New York and they have this new diagram which is the subway map so it starts with the main trunk and then it splits off into network, application, and policy but it begins with infrastructure because without that, nothing else can actually have a life right? So, the idea of not using infrastructure as code seems old school, maybe that’s the right way to put it.

Jeremy

It does, yeah, it does. I think implementing infrastructure as code is a little bit of an investment upfront, the more you do it, the easier that becomes and we all have our habits to go back to you. You know, pressing buttons or maybe running command line utilities to manage an environment and it’s sort of in an ad hoc manner and not very controlled. And the other benefit we get out of infrastructure as code is we can rebuild the environment as we need to. It could be part of our DR plan, could be a part of our duplication plan like if we need numerous dev environments.

Han

For sure

Jeremy

Or, lower tiers to go along with production.

Han

I think, like, you and I differ slightly on like how different ways we think about implementing infrastructure as code cause I think you think of things in a very holistic manner, and this is kind of new, the policy as code wraps around it so you have a little more free form in terms of ability for developers to stand up their resources and I like more front end where we control lets say a self service or ticketed UI type of you know? So, we control it on the front end rather than the back end you know?

Jeremy

Yeah for sure, for sure, yeah, I mean, I think that’s maybe a next phase for infrastructure as codes so we have legacy IT that is struggling to understand how they work in a Cloud environment and so if they think in terms of policies, eventually the software stacks will get to the point when we can allow self service throughout the organization and our central IT controls is able to control the policies. It says what’s allowed and what isn’t allowed and then the users can commit code to the pipeline if it’s allowed, cool, goes through, everything fine, but if we find something like lets just say we have a policy that says no bucket should be open to the outside. Like, we could have our pipeline deny and reject that change, push it back if it violates a policy.

Han

And see my way of thinking is let’s just not let them ever do that up front you know?

Jeremy

Right, right, absolutely, and there’s a couple different ways to implement that right? We know the policy as code software is getting better. It’s kind of emerging.

Han

Yeah, I think that all the Cloud providers now are starting to dive into that CICD, cloud controls because I think that we’re seeing that the initial move to the Cloud seemed easy, but then the management and the operations were more and more difficult with controlling costs, controlling access to resources you know? It gets out of control really quickly if it’s not set up properly in the beginning.

Jeremy

Yeah, yeah, for sure. Access control can be all over the place so that’s actually the easiest spot to get started with infrastructure as code is simply provisioning things like projects and IM roles and managing who has access to what. It’s very easy to manage now with something like Terraform and live the lifestyle, manage it every day. You need to give someone access to something, go ahead and add in new code, commit that, and it’ll push right into your environment. It’s an easy way to get started.

Han

Do you think that besides Terraform, what other tool sets have we been seeing that customers kinda migrate to? Cause I think the challenge is old school IT on prem as they move into cloud, have a difficult time releasing the tools, methodology, and processes of like managing the pet based approach to infrastructure into this new kinda ephemeral, scalable, open ended kind of infrastructure universe. What other tool sets do you see that would easily port over from on prem into lets say the Cloud world versus the ones that don’t really work as well?

Jeremy

Yeah, I mean, good question. Terraform’s definitely the strongest tool set in terms of infrastructure as code and we see a lot of skill sets out there in config management products like say, Ansible for example. There’s no reason you couldn’t bring those tool sets into Cloud and maybe even have a mix right? Like everything isn’t ephemeral in Cloud right?

Han

For sure.

Jeremy

You have stuff like databases and other things that just aren’t gonna go away. We need a pre-exist something along the way and maybe those are good tools sets to mix in. We’ve also found that cross training to learn, if you know Ansible, the config language is all totally different but the mindset isn’t that far off.

Han

Yeah, right, well, I think as long as it’s more declarative and allows us to kinda track state, I think a lot of tool sets will fit the bill and there’s plenty coming up now that are web based I think as well that will lend to that same model, declarative model of infrastructure network and policy.

Jeremy

You know, there’s numerous different dev ops roles and I think understanding micro services architecture is a really important role to have so, if you have performance problems are a great example where it’s tough to diagnose what’s going on without understanding the apps and how they talk to each other and what their dependencies are, that’s an example of definitely where you need quite a bit of dev skills to be able to troubleshoot that.

Han

Where do you think server lists and things that are kinda moving a little more into the future, where do you think that plays in in terms of infrastructure as code or in infrastructure kind of concepts?

Jeremy

Sure, yeah, I mean it kind of is, we need to use infrastructure as code to set up the plumbing in order for the pipelines to be deployed right? So, we don’t manage as much stuff with infrastructure as code, but it still needs to exist in order for things to work so it still is relevant in that space for sure.

Han

Well, do you think that like in terms of a policy as code, or maybe even infrastructure in general as code lets organizations control like costs more so? Cause I know the primary or chief complaint is that it’s easy to look through shift VM’s over but then there’s no inherent process or model to manage or see or it be visible to how much things will cost. How do we manage that better with infrastructure as code?

Jeremy

Yeah, I mean good question. So, we know very well what we’re provisioning with infrastructure as code. Some wild cards there like Egress for example, wouldn’t be really controlled with infrastructure as code but we’re able to see that in the config right? We know HashiCorp just released the capability and enterprise to give you a price and to set a policy based on that price so we could maybe follow a separate work flow if something costs more than it’s allowed. So, we can set some policies around what they cost. Totally emerging space there, I mean, in general infrastructure as code helps us to understand what we’re deploying so that we could maybe make a quick calculator around what it costs.

Han

So, like, we’re starting to see how policy and how you see infrastructure as code can then distill down to the management modality or the business level management of Cloud.

Jeremy

Yeah, yeah, agreed.

Jeremy

Thanks for watching this episode of Cloud Up.

Han

Leave your comments and questions below and win some Agosto swag.

Jeremy

Thanks and see you next time.

CloudUp: Getting Started With Machine Learning For Predictive Maintenance

Predictive maintenance is a growing buzz word in the industry, but how many companies are actually making progress? Some companies are reporting a reduction of equipment downtime by up to 50 percent with predictive maintenance using IoT. The main takeaway is that you can save a lot. On this episode of CloudUp, we’ll be getting past predictive maintenance as a buzzword and get into the what, why, and how your company can make progress.

Meet the Speakers

Rick Erickson from CloudUp headshot

Rick Erickson

Co-Founder and Chief Cloud Strategist

Mark Brose Cloudup Headshot

Mark Brose

VP of Software Engineering

Transcript

Mark

What we’re seeing is there just hasn’t been quite as much pick up of it as we would have expected, so a lot of interest, a lot of value, perceived value, but it’s moving a little bit slowly. I think what we’re seeing, even for single-use cases, you’ve got clients that are seeing hundreds of thousands of dollars that can be saved even with single-use cases so, the take away there is there’s a lot of stored value here in doing something with predictive maintenance, so definitely worth taking a look at and seeing if there’s any value you can add to your company.

Rick

On this episode of Cloudup, we’re gonna be getting beyond predictive maintenance the buzz word and focused on the what, why, and how you can make progress quickly.

Rick

So welcome to Cloudup, the series where we explore the coolest things built on the cloud today brought to you by Agosto. Today’s topic we’re gonna use machine learning to predict maintenance events and there’s a ton to dig into here so let’s jump into it. First off let’s talk about how companies perform maintenance today. Is it proactive, is it reactive, and what’s the impact of that?

Mark

Yeah, we definitely see companies doing both reactive and even proactive maintenance. You know I think the more advanced companies we’re seeing are doing proactive maintenance in the sense that they’re really doing maintenance on a schedule right, so preventative maintenance. Over time you can develop some experience with when you should replace things, but what we see there is that’s not optimized, right? So that’s not, in some cases you’re gonna replace things too early, in some cases you’re gonna wait ’til it fails, so it’s difficult to get it just right. So there’s some cost to that. You do it too early, you’re losing some material usage that you could’ve gotten and at volume and scale, that can be a lot of money and it you wait ’til it fails obviously you might have, if we’re talking tires in a fleet, trucks out of service, maybe has an accident, liability issues, so there’s cost of waiting too long. What we can get to with predictive maintenance using machine learning is you get that a lot tighter. Not saying we’re gonna ever get 100%, but you’re gonna get a lot tighter inside that window so what we’ll be able to save on material, but also prevent more of those failures from happening. That’s to me is the big impact.

Rick

Yeah, so going back to your point about just reacting and not being able to predict the impact of failure, not good, right? Sounds kinda like how I rolled in high school with my Malibu. Let’s talk a bit about how using predictive maintenance can help avoid some of those unexpected costs.

Mark

Again, it’s really being able to optimize that time window. We’re doing that by having a lot more data. We’ve got kind of a wider range of data that we can take advantage of so we can use somewhat static data like making models of a tire, a piece of equipment which tells us something about how it’s constructed, and there’s some predictive value to that, to how long it’s been running, what conditions it’s operating under, to real-time telemetry data like temperature, tire pressure, vibrations, that kind of thing. All those things together then really can be used to build a good model.

Rick

So these are key attributes that ultimately humans can even understand the basis of those key attributes, but I imagine that at scale when you have millions and millions of events, it’s really hard to understand what’s happening, how to use that data and create classified information that fits into categories that we understand.

Mark

Yep.

Rick

I imagine by using machine science and Cloud ML, we can use some of that information to train models so how does that all work?

Mark

Yeah, so that’s a good question. We find still in machine learning there’s a lot of value still to human input and the primary value of that is in this area we call sort of feature engineering. It’s the fancy word for knowing what data elements will be predictive of failure. So it’s still helpful to have domain knowledge to sort of pick those data attributes that should be included, but then what we can do is we can take advantage of the machine learning technology to take that data and create the algorithm for it based on machine intelligence, so it’s not something the human has to spend all this time engineering the algorithm. Their focus is on getting high quality data in place that we can use to be predictive. With the cloud, the cloud really brings to us the platform to run all that on so a lot of time the data scientist that’s working in this space won’t have infrastructure background or development background. So what cloud platform can give us is a lot that just as a service so we don’t need to spend a lot of time or having broader skill sets in that team to build out these models.

Rick

Sweet. So now we’re gonna take a quick break to hear from our sponsor and then we’ll come back and do some jamming on the jam board.

Sarah

More and more we’re seeing organizations wanna be really strategic with their success and part of that means they’re moving to the cloud. At Agosto, we’re seeing a big uptick in clients using Google Cloud platform for their online business operations. So whether you’re thinking you need a boost with AI, machine learning, or you just wanna build something new and fast, Agosto is an award-winning partner who would be happy to help you with your needs. We’ve been Google’s Cloud partner of the year multiple times. We’ve got a few other awards as well and we would love for you to get to know more about us, okay, can’t take anymore, by visiting agosto.com. You can get a free guide to your company’s strategic plan for heading into the cloud. We’d love to see you there. Now back to the show.

Rick

Welcome back to Cloudup. In today’s deep dive session, we’re gonna focus on how you can get started on predictive maintenance and

Mark’s gonna take us through our approach.

Mark

Yeah, so definitely where you usually wanna start is pretty basic just framing your business problem. Essentially that’s just thinking about use cases that make sense for your business. Pretty simple approach, we essentially start out with ID’ing the business area we’re focusing on. An example of that is gonna be, so let’s take the tire example we’ve talked about a little bit. You’re spending too much money on recovering from failures of tires in our fleet. So just framing up that’s an area you wanna focus on and then what we wanna do is dig in a little bit deeper in that and create an actual business question that we’re trying to answer. So in this case, that’ll be something like can we use predictive maintenance with machine learning to better predict failure than we’re doing right now with our preventative maintenance program? What is a more specific thing that we’re trying to target?

Rick

And this is really an impact right? So we’re trying to frame this up as high value, low risk, but a problem that’s going to impact this organization in a material way that’s considered financially viable.

Mark

Yep, but it’s a high-level problem, it’s a framing of the problem in a way that we can target, is it something we can do? You have to think about here you’re typically thinking about well, what does failure mean? Tire case is pretty easy, tire blows up. But with a machine, does it just slow down, does it actually shut down the line, you have to frame what is failure for us, what is the thing we’re trying to detect and some sense of what’s different than what we’re doing today? That leads you to selecting a business metric. Say we’re trying to target tire failure. Business is really our success metric that we’re trying to get to. Say we’re trying to get to, for us right now we’re predicting at about 70%. Can we get to 90? So we have a target. In this first phase, you’re just trying to narrow down the focus of what it is that you’re trying to do.

Rick

And percentages obviously matter when you frame it up like this, but in some cases, if the impact, even if it’s 75 or 80%, so let’s say it’s 5% or 10% better, in some use cases that can be really impactful.

Mark

You can turn that into we’re moving from 80 to 90 and you’d be able to turn that into dollars. That might be for you 50 grand, maybe it’s like hundreds of thousands of dollars depending on what that looks like for you.

Rick

And so the way to think about this is I’ve got humans today that maybe can react to a problem, but when I’m using a system that can handle massive amounts of information and then predict an outcome and I can alert on that prediction. You can also think about sort of downstream as I’m framing the business problem, what’s the ultimate impact if I can go from this sort of narrow use case to something that adds scale?

Mark

Absolutely. You should think about this is a place to start and a lot of times what we’ll do is we’ll look at a whole bunch of use cases. You might start out with maybe 10 or 12 ideas, run this process through with those 10 or 12 ideas and out of that we’ll get to hey, if we can hit these success metrics, these things logically bubble to the top, so we’re looking for hey we found some high value potential here and then what we’d move into is how do we start to test that out and see if we can actually do it.

Rick

Cool. All right.

Mark

So that’s framing where we start and then where we’re going to here is really we’re trying to get to somewhat of a iterative process of learning. We’re gonna frame this up as kinda think about this as a circular pattern here where we’re doing a continuous process and what we’re starting is where all the really needs to be is in data prep. So data prep is really, talked about this a little bit already, but it’s essentially pulling in data from a bunch of different places and doing some data exploration, making sure we can suss out what are predictive variables? So again with the tire example, we’re talking about things like make and model of tires, talking about how long the tires have been running, we’re talking about temperature, tire pressure, all these kinds of things. We’re pulling that together and then this is the place where domain knowledge is important. You build this stuff up, you explore it, you do some visualizations maybe, you’re doing some graphing, you have some thoughts on what’s predictive, but in this phase you’re really spending time determining whether it really looks like it’s gonna be predictive and in this case, you’re sometimes maybe you’re creating some absolute values, you’re looking at median values, or moving averages of data of variables, so this is a part where you’re spending probably the most of your data engineering and science time really is pulling that data together and shaping it in a way that you can use it.

Rick

Are we trying in this phase do we try to understand what a representative amount of data or a relationship means to humans yet, or are we just trying to make sure that the data is in a form that’s sort of repeatable and consistent?

Mark

It’s a little bit of thinking about what you can actually operationalize and then from a model-building perspective, it’s about throwing out things that aren’t useful, shaping things in a way that look predictive, it’s really kind of all of that. You hear terms around data engineering, data normalization, that’s kinda what’s happening in this phase.

Rick

Okay.

Mark

We mentioned a little bit earlier sort of your feature engineering and you’re really pulling together the things that look like they’re gonna be valuable.

Rick

Okay, and throwing those things out that maybe won’t be.

Mark

Exactly.

Rick

So it’s not just getting everything, it’s also trying to be smart about what you are using because we’re trying to again, move relatively quickly to get to some validation of the business problem.

Mark

That’s right. In some cases, you’ll already have this, like in a data warehouse. In some cases, there’s gonna be some work to get the data. This is the foundation really. We have to have good data and lots of it.

Rick

Cool.

Mark

So then from there, we move into what we call model involvement. So here, this is really where the machine learning part kicks in and sometimes there’s straightforward answers to what type of ML approach we’ll use here, but you may experiment with a few different options and kind of see how that susses out. There’s a little bit of data science to this part, but here’s a lot of our letting a machine now use all this data that we got and building models from it. And so we’re doing this typically with a subset of our data as we’re engineering models that look like they’ll be valuable.

Rick

Okay.

Mark

This is the machine part and then we’ll move from there into an evaluation and review. In this phase, what we’re doing again we’ve taken a subset of our data to build a model, now we’ll run that model against a test holdout set of that data. So we’ll have trained a model and here we’re running that against some test data to see is it actually predictive? Sometimes the model may get overfit to the data you used if you have other data that doesn’t look exactly like that data, maybe it isn’t quite as good as you thought. You wanna do some work here to make sure that it is as predictive as it looks like it was when you were building that model.

Rick

Okay, so you’re actually looking at how well this information, this model is predicting the outcome that you’re hypothesis is expecting?

Mark

That’s right, is it performing as you thought? At this point we’re all operating here very much in the cloud, cloud platform tooling, usually a couple of data engineers, data science people can do this all this work. Here already, you might have some iteration. If this is bad, you may go back here and like, all right, we need to take a new approach. That can happen.

Rick

Sure.

Mark

But ideally, from here then we’re moving on to looks like we’ve got something that’s useful, now we’ll get into deploying that model. This can be straightforward if you got a lot of the things in place, but this could involve okay now we’re putting sensors in the field, maybe we have some edge processing that we need to do, so we might engineer a mini data center close to that edge where the data is.

Rick

So you’re gathering more data?

Mark

You’re actually gathering more data, but definitely creating the infrastructure to wherever the feedback loops that we want are available. So put a model out there and now what do we want to have happen? If we’re predicting tire failure, we wanna alert somebody that hey the tire’s about to fail so somebody does something. So here is the work we do to get the model out there, get whatever tech deployed to do the alerting. If we’re alerting a driver directly, maybe it’s notification immediately in the vehicle or maybe it’s to a dispatcher that lets them know, depends how we wanna architect it, but this is when we’re operationalizing the whole thing. And in the first rev of this, this may be a small group, you’re gonna wanna not affect your whole fleet ’cause when you go to the field you inevitably figure out things you didn’t think were gonna happen. At this point, you’re again validating all this stuff works in the real world.

Rick

Okay.

Mark

And making tweaks that will fit for your business.

Rick

when we go back to this first process, which is framing of the business problem, understanding these key components, defining some sort of targets of success that are important for the stakeholders in your organization, and then we start iterating on this sort of loop of processing. How long does this usually take us?

Mark

We can typically do a small run of this in a short time period. You might be able to do something as fast as four to six weeks. A lot of it will depend on where you’re at with your data. Sometimes there’s work that needs to be done to get that data in place so that can take a little longer so that data engineering piece, that will drive a lot of how quickly the rest of it will go.

Rick

In our experience, we typically will run workshops and help the executives and the engineers that we’re working with at organizations that our organization partners really help understand what’s possible so that they’re not stepping into mistakes that typically because of inexperience and not understanding this process real well, that they won’t do that. They’ll make good choices and we’ll help them so that they’re focusing on the right problem with the highest value and ultimately is gonna have the highest impact to their organization.

Mark

That’s it.

Rick

All right.

Rick

Thanks for watching this episode of Cloudup where we focus on the coolest technology delivered on the cloud. We’d love to hear your feedback comments on how you can use predictive maintenance in your own industry, how you’re making progress in this space and if you have questions or challenges that we can address here around predictive maintenance, leave a few comments, leave a few notes asking questions, and we’ll give you some swag. Thanks again.

Sarah

Cloudup is brought to you by Agosto, a leading Google Cloud platform partner. Like this episode and subscribe to our channel on YouTube to learn more. We would love to help you out. Visit agosto.com to learn more.

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from Youtube
Vimeo
Consent to display content from Vimeo
Google Maps
Consent to display content from Google