9 min

In today’s hybrid world, configuration management is one of the most important topics on the agenda of companies and organizations. Especially when it comes to application delivery. DevOps specialist Puppet is responding skillfully to this and focuses on cloud-native and open source. We recently discussed this with CEO Yvonne Wassenaar, who took office at the beginning of this year.

Puppet is an American DevOps specialist in the field of tools for software-based configuration management. This concerns software for the automatic configuration and management of infrastructure, whether it is bare metal, virtual, on-premise or in any public or private cloud environment. Puppet only uses code for configuration management, making it a supplier of infrastructure as code (IaC). In this way, code is used to fully automatically manage and provide applications for infrastructure in hybrid or non-hybrid environments.

Last year we wrote about exactly what the DevOps company can offer its customers and in which direction it wanted to move. As her predecessor Sanjay Mirchandani left for Commvault, the arrival of Yvonne Wassenaar as CEO is a reason to take a look at the current state of the company.

Changes in product portfolio

Wassenaar, who has Dutch roots, is no stranger to the IT world. She filled her resumé at Accenture, VMware and more recently SaaS-specialist Airware, among others, and has been able to leave her mark on Puppet from the very beginning.

The most notable change is the simplification of the extensive product portfolio. In the past, in addition to the open-source basic version of Puppet, this consisted of the three-stage rocket Puppet Enterprise, Puppet Discovery and Puppet Pipelines. In addition, there were additional services, such as Bolt and Insights for analytics and the various community platforms, which complemented the entire stack.

After the CEO took office, the entire portfolio was thoroughly overhauled. The reason for this is that customers only saw Puppet as a tool based on so-called declarative definitions – a client-server-based architecture – for configuration management for mainly node-based infrastructure. Today, they also need more extensive automation tasks.

Security and compliance can also be reasons. The fact that a combination of task-based and declarative automation can also be used for this purpose is very interesting for many companies. This is especially true when it comes to the trust that the solutions can give customers. That way, they are always able to return to a configuration that is known to be the right one.

Finally, the rise of cloud environments and the standardization of cloud-native applications in which everything, for example in containers, is packaged as software, has also become important for customers. These services, too, will soon have to be able to be automated in a simple manner.

There were, therefore, several reasons to tackle the product portfolio and to develop more specific services.

Improvements and new solutions

The portfolio of the DevOps specialist now consists of the open-source ‘basic version’ of Puppet, the paid business platform Puppet Enterprise, the open-source Puppet Bolt and the new, also open source, Lyra for cloud-native, mainly container-based environments. The portfolio thus devotes much more attention to automation processes for so-called ‘node-centric’ environments and for cloud-native environments.

The basis of Puppet’s solutions, in addition to the basic version of the platform, is Puppet Bolt. This long-standing open-source solution now has more functionality, giving DevOps specialists an agentless task runner for task-based automation of infrastructure, wherever it is located. Among other things, the solution helps to automate complex workflows, such as the roll-out of applications. This makes these processes simpler and faster, which in turn can save costs. The application is suitable for anyone who wants to start with task-based automation and orchestration of their work processes for infrastructure, without the need for knowledge of existing Puppet products.

As customers grow and need to manage larger infrastructure environments, the paid Puppet Enterprise version 2019.1 comes into view. The latter version now includes the previously standalone product Pipelines, in the form of a Continuous Delivery pipeline for Puppet code. In addition, the latest version of the large business Puppet platform offers much more integration with Puppet Bolt.

Cloud-native becomes important

A new feature of the Puppet portfolio is the recently introduced and widely available Lyra solution. This solution is also offered as open source. Lyra focuses on orchestrating cloud-native environments. Especially when it comes to continuous delivery (CD) possibilities.

The solution is also suitable for container environments, especially Kubernetes. Lyra is actually an extra abstraction layer on top of other cloud-native infrastructure abstractions. The CEO especially mentions the Terraform solutions. What Kubernetes does for container management and Terraform for provisioning, Lyra must ensure that the automation for the deployment and delivery of applications can take place within and outside these environments.

Security and Compliance

Finally, the DevOps specialist announces that it is making a new paid tool generally available for security and compliance applications. Puppet Remediate should bring customers more security and compliance for all their environments. This will enable customers to share automated vulnerabilities that are detected by security scanners, such as those of Qualys, Tenable or Rapid7.

Puppet Remediate

The vulnerabilities found are also assigned a priority and recommendations are then made for the recovery of these vulnerabilities, which administrators can implement with a single click. For example, updating software, modifying a configuration or running a script. This helps the specialists in particular to limit the time between the discovery of a vulnerability and the recovery. Ultimately, the intention is that the automatic handling with the Puppet tool will greatly reduce the security risk.

Puppet and open source

In addition to the review of the product portfolio, Puppet, under the leadership of its new CEO, has also started to focus more on open source. This goes against the tendency to wonder whether the use of an open-source model can ultimately be profitable for a company.

Wassenaar sees this differently. According to her, open-source has brought a lot of benefits to the tech industry. It is a basic element that has ensured that the development of technology has accelerated and continues to accelerate. In addition, open-source ensures that technology becomes accessible to everyone and that everyone can participate in it. According to the CEO, the combination of the fact that open source makes rapid technological innovation possible and that everyone can contribute to it is the real strength that comes with it. According to the CEO, open source is more a strategy than a revenue model.

Strategy with a pyramid model

When looking at Puppet and its products, the translation of the above idea is very noticeable. Of course, there is money to be made, and investors also expect an ROI. The DevOps specialist has built a few things into his model.

The whole Puppet model should be seen as a pyramid. At the bottom is the real functionality of the software-based solutions. This layer can be widely used for customers, whether they are startups, SMEs or large companies. The layer is also where the company expects the most cooperation and development from the open-source community. According to the CEO, Puppet not only wants to do all the work; it also wants the development of the products and technology to take place in cooperation with the customers and users. Whatever offers the masses the most added value, will also be developed by the same mass. This is why the products that form this layer are offered open source.

Specifically, these are the open-source version of the Puppet platform and the Bolt and Lyra products. There are also several other projects and the Puppet Forge environment available as open source. With ‘the Forge’, members of the community or partners can develop special modules for the software. These modules can be used in all products.

With these open source products, the DevOps specialist wants to grow sufficient mass to raise the technology to a higher level from a user’s perspective. Puppet, therefore, invests a lot in open source because it is actually investing in the community itself. In addition, these open source products can also be seen as a useful stepping stone to more advanced functionality. Especially when companies really want to scale up.

Large business variants at the top of the pyramid

This brings us to the top of the pyramid. These are features and services that are interesting for a smaller group of users. These are the companies that want to scale up or are already large businesses. This is because they are often faced with much more complex workflows for both their infrastructural node-centric and cloud-native workflows. The large business companies can, of course, develop the necessary functionality themselves – nowadays they do have the means to do so, says Wassenaar – but it is much more convenient for them to outsource this to companies such as Puppet.

The DevOps specialist does this by adding extra functionality -Puppet’s ‘secret sauce’- to the open-source products. This means that you have to pay for it. In concrete terms, this is the large business version of the Puppet Enterprise platform and the recently launched product for security management Puppet Remediate. Wassenaar adds that in the short term a special large business product for cloud-native environments will also be presented. Probably an enterprise version of Lyra.

Hybrid cloud still very important for the time being

Finally, we talked to the CEO about how Puppet deals with other trends within the tech sector, and in particular, the hybrid cloud and artificial intelligence. She is clear on the first topic. Although Puppet now seems to rely heavily on cloud-native, it does not expect the current trend of hybrid cloud environments to disappear quickly. Many companies today still run 70 percent of their applications on node-centric environments. According to her, not all of these are going to be converted, including in the form of containers, into a cloud-native environment. In addition, there are many other applications that companies consider it nonsensical to run in a cloud-native environment.

However, she notes the trend that new applications are now mainly developed in a cloud-native way, and of course, the rise of container environments as a result of this. As a result, companies are faced with a long transition process. But at the end of this process, according to Wassenaar, due to the rapid technological developments, the successor of the container will certainly be ready again. According to Wassenaar, companies are therefore faced with increasingly complex hybrid environments. And it is up to companies like Puppet to make it as simple as possible for these customers to be able to manage them properly.

Machine learning gets full attention

In the field of artificial intelligence – in the eyes of the Puppet CEO this is mainly focused on machine learning – Wassenaar sees a strong development. It is therefore logical that Puppet looks at this with great interest. Especially because the company sees artificial intelligence – in the form of machine learning or other algorithms – as a development that will promote the advent of ‘self-driving’ and ‘self-healing’ environments. Software-based automation is important for this, and that is where Puppet’s products come in.

She indicates that the DevOps specialist looks at the development and deployment of its own products in two ways. Firstly, it does this itself by looking at how machine learning can best be applied to the products and services. This is based, among other things, on the large amounts of measurement data that the company receives.

Secondly, it uses the technology developed by its partners and – by incorporating this technology into the various products – also allows customers to use this technology. This should accelerate the emergence of self-driving and self-healing environments.

Interesting developments expected

With the simplification of the product portfolio and the increased focus on open source, Puppet seems to have taken a new direction. Particularly interesting is the focus on how a broad majority of companies will soon be able to use DevOps technology for software-based automation of infrastructure for node-centric as well as now specifically for cloud-native environments. Certainly because there is now an even bigger focus on meeting all the security and compliance requirements for these environments.

Also interesting is how Puppet is going to stimulate the community to take the technology to the next level. We are therefore curious to see which other products will emerge from this collaboration and especially how they will find their way into the pyramid model.