 Hi everyone and welcome to the final video on integrating Octa with servers, securing Octa with servers without requiring keys. In the previous videos, we set up Octa to secure your server. We did that only with one server and then we included additional security through MFA, and then we work it through granular access control, through pre-authorizations, grants, et cetera. Now we want to scale that to many other servers, and there's no better way of doing that than integrating to your continuous integration, continuous delivery, or infrastructure as a code tools. There are many great tools that do that, like Incebo, Chaff, Terraform, or Softstack, which you can take advantage of. That's what we will do. So first thing we will out-present you to some of the integrations we have in advanced server access to take advantage of CI and CD. We're going to pick one of those to play with today. I'm going to go with Chaff. We're going to configure this client, this Chaff recipe, and we're going to test it out. The reason why I'm going with Chaff is because Chaff has this pretty cool feature called Kitchen CI. So what Kitchen CI allows you to do is to basically run your own Chaff test bench with as many servers as you need. And those servers are actually hosted in a virtual box that's running in your computer. So it's a great way of test benching your recipes in your automation without actually going straight production. It's okay. As I was saying, it's way easier to use a CI, CD, or IAC2 in order to roll out the server agent from advanced server access into your servers because with the same recipe, with the same cookbook, or with the same plan, you can have many servers getting all that you need. And if you looked at, these are the notes we had from the first tutorial when we re-enrolled our first server, all the commands you need to enroll ASA or advanced server access with your server, they're plain standard bash commands. And that means that anything you use to push bash commands to your server fleet, whether it is Terraform or something else, can be also reused here to enroll the ASA or advanced server access agents. We have many tutorials that teaches you how to do that with whatever you use, whether this is Chef, Ansible Terraform, Puppet, CloudFormation. We also have integrations with Jenkins and other solutions. But again, I'm going to use Chef. And to do this, I will go with this tutorial. So I'm going to follow along the tutorial. You can get the link yourself and do it as you see fit. And you can run back here if you have any questions. Many of the steps here, I kind of already did just by setting up my free octa tenant. So I'm going to skip some of those, but I'll try and stay as close as possible. So first thing, I'm going to head over to my octa and create an enrollment token in a project to have all my servers in. I could be reusing our task project, but you know what? I'm going to go with a new one and call Chef-test. I won't require pre-authorization. I'm just going to hit submit here to meet the rest of time. You already know how this works. If you check the first video, I'm going to assign this to all my users that are going to be administrator on these computers, sorry, these servers. And finally, I'm going to create an enrollment token specifically for Chef that will be used by the Chef recipe in order to enroll securely these servers at all. Cool. Now that's done, I'll jump over to the tutorial and see what else we need to do. Oops, I opened this multiple times. Now I need to see our sample recipe. So I can clone this from GitHub. So before actually I do this, let me show what we have. So this is available for everyone to check it out. So it's a public repo. It shows you how you can use Chef or the test kitchen in order to roll out ASA to multiple servers. Cool. Now, I'm going to go ahead and show you how to do this. In order to roll out ASA to multiple servers. Cool. So let me clone this. Okay, Git clone here. If you're not familiar with Git, you could just go and download this and unzip and it would get in the same place. Now that I unzip it, if I enter the directory, I'll see all the files that you see here reflected here. Because I want to show this better to you, let me use my BS code so you can see the files in everything side by side. No, okay. So my readme came up here. All the information I need, including the files are here so we can follow along the tutorial based on that. Okay. So according to this tutorial, I have key files. So I'm just going to work through the most important ones. I feel the most relevant ones. Guess the most interesting one you will see is called install ASA. And what you have here are basically all those steps we talked about before. I don't know if you remember and if I can find that script here. All the steps I would execute on my regular Bash script to have ASA installed in my server, they are ported over to Jeff. So it's on the Ruby format, which is used by Jeff. So when I apply this recipe, regardless of the server, it will identify the distro. It will install that agent. It will do all the work of setting the enrollment token, putting everything in order for me. Sweet. So I don't need to do that work of scripting myself. I can just use this recipe to get to expedite the process. So continuing with this, I have the uninstall, which is a different recipe in case I won't throw this off. I have a kitchen, which is the file I'm going to use to set up my kitchen test, some additional files for validating the kitchen, and also a default attributes, which is very important here for us. So let me go after that one. According to the tutorial here, I need to enter my enrollment token from ASA here, and this will be used by Jeff in order to enroll my servers. So I just paste at that value, I'm saving this. Okay. Next step. Oh, I can go straight and test my cookbook. Okay. If I want to do this with test kitchen, I need to make sure I installed virtual box and vagrant, which I already have. So if I go here and do with our vagrant, actually virtual boxes like this, it's installed. Cool. Vagrant is installed as well. So I'm all good here. I don't need those. One other thing I need to do is make sure that I'm using the same interface where I have my bridge. Connections, which for me is my airport Wi-Fi, and have that in my kitchen EMO. So that's fine. Let me head over to my VS code and review the kitchen file. So the kitchen file has two key information here. This is of information you might need to add it. The first one is what's going to be your network in which the kitchen servers will connect to. It's a place where they can exchange information. So for me, I'm going to use my Wi-Fi airport. You know, so which distros or operating systems you want to bootstrap and test with the advanced server access, install the agent and see it running. I'm going to leave all these different distros so you can see that the product or the solution works seamlessly with any distro. If you don't want to run all of them, you can just cherry pick which ones you would like to. So it's really your call when you do that to just make sure you save the file. So let me revert all my changes here. I'm all safe. Now I can go create my kitchen, list the servers, and hit converge. When I do converge, that recipe will be applied. Okay, it's time to test things out then. Let me start by creating the kitchen. And I'm going to skip this video because it's going to take a little while. Usually it takes 10 minutes. But if you're running the first time, it also downloads those images you will need from virtual box. And this will take like even an hour depending on how many servers you decided to run here. So I'm going to do the kitchen create. Okay, after five minutes, we're back. And all the servers are running from my kitchen. So if I enter kitchen list, I can see all of the created. Now that I have my infrastructure running on my own computer in my own kitchen, I can use Chef to apply all my recipes and see all my servers being rolled in advanced server access. So for this, I need to just enter the command kitchen converge. Okay, so three and a half minutes back, we're done with enrolling those five servers in advanced server access. So if I go here to the audits, I can see that all these servers they got in and they're associated with my Chef test project. So if I go here to the servers, I can see all of them listed. And this means that, let's go and test it out. If I go in, that's my servers, they will all show up here. And now if I try to SSH into the servers, it should be ready to do these, whether regardless of their OS distribution. So I'm into my ASHF Oracle. So who am I? Beautiful. Okay, if I try the same, let's say on my... No, you know what? Let's write that in. Oops, sorry. That'd be in 7, I mean as well, but this is that in. Okay, so by following the steps here from this tutorial, I could get Chef working on my kitchen, also using advanced server access. I could enroll all the servers very fast, very efficiently. And I could test access to all of them, which was pretty sweet. What we'll be, usually we'll do next, we'll be rolling out this recipe into your fleet. So in case of Chef, you might have Chef Manage, where you could upload your recipe, connect to your cookbooks, and have all these done to your servers without having to do things manually. So this wraps up our series around how to secure servers using Noctis. So if you have any questions around how you would do in different situations with different kinds of operating systems, you can ask your questions here and I'll be ready to answer those in the comments. So thank you very much for being here with us and see you in the next one. Bye-bye.