Procedures: Runbook Automation that Works


This post was originally published here by Greg Pollock.

One of the challenges of building and running information technology systems is solving novel problems. That’s where frameworks like scrum and agile come in– getting from the unknown to the known with a minimum of frustration and waste. Another challenge is performing known tasks correctly every single time. Here runbooks, checklists, and documentation are your friend. And yet, despite a crowded market for IT process automation offerings, misconfigurations and missed patches are still a problem– and not just a problem, but the root cause of 75-99% of outages of breaches depending on platform.


Executable Documentation

Add Procedure 3.gif

UpGuard’s Procedures feature provides the missing layer of runbook automation to ensure that every machine is configured correctly at every stage of its lifecycle. There are two places to get started: your existing documentation and UpGuard’s library of pre-made procedures. Whether you’ve documented your standard operating procedures in text documents, spreadsheets, a knowledge base, or sticky notes, any information on what your organization needs to maintain secure, reliable systems is a good starting point.


Add Procedure Library2.gif

Every procedure is made up of steps, where each step represents one action you need to perform. The most common step type is to run an UpGuard policy to check that system configurations match expectations. Creating policies can be done either by transforming the discovered state of a node into checks or by writing the checks out. For best practices, you can also choose from the library that UpGuard provides for common system checks.



The Automation Safety Net

Once you know what procedures should govern your systems, you can start automating the critical validation phase. Whether you use a configuration management tool, a collection of scripts, or shoot from the hip on the command line, UpGuard provides the validation that the resulting configuration state complies with the prescribed procedural steps.

Adding a procedure made of policy checks to a node group will cause UpGuard to run all the automatic steps that it can at a scheduled interval. The output of all those automated validation steps is presented as a dashboard showing what procedures are running against each node group and whether they are in the desired state. Procedural breakdowns like configuration drift or missed security hardening can thus be easily detected and remedied.




At the root of almost every failure is a poorly defined process or a process that was not executed completely. The foundation of successful process execution rests on clearly documented procedures that are visible to everyone involved in the administration of those systems. UpGuard’s Procedures not only provide that share layer of visibility, they automate the work of confirming that those procedures have been executed correctly, saving time, money, and frustration.

Photo:INTACT Automation


No posts to display