Chef sets new compliance, IT fleet management, and learning dishes on the table

Chef Compliance

ChefConf’s move from Seattle and London to the internet has not stopped the company pulling a wide variety of products from its IT automation bag. In the lead-up to Chef’s annual get-together, Chef CTO Corey Scobie sat down with DevClass to explain some of the new tools.

“Customers have long told us that acquiring and customizing the content that they need to go along with our automation engines is difficult and so, systemically across the entire product portfolio, we’ve been working on making the first steps into that world much easier for customers,” Scobie said, looking at now available Chef Compliance

The tool is made up of an Audit and a Remediation offering, that are meant to make security and compliance automation easier since “it’s configurable as opposed to programmable, so you can go into a single file, you can define the properties of which controls you like and which controls you don’t like. And it’s all, basically, zero coding.”

Scobie added: “Chef Compliance Audit is basically akin to what we’ve been selling with Inspec in the past” he went on, referring to the ability to do a security policy audit against CIS standards in an environment. Remediate goes a step further, providing “continuous and automatic remediation for all the things that are incorrect in your environment across the entirety of your compute resource.”

To make sure the more tangible site of operations isn’t left behind, the newly introduced Chef Desktop looks to “bring automation to IT resource management”, as the announcement blog states. “It’s really focused and targeted at IT operators who are managing laptops, desktops and kiosks and sort of the distributed workforce kinds of items that we see in IT” Scobie said, contrasting it to the server/data centre aspect Chef is normally connected to.

Among the Desktop features are things like “zero touch provisioning”, meaning that “if you’re working with a vendor like Apple, for example, and connect brand new out of the box devices to Apple MDM, we can automatically bootstrap into a Chef Desktop managed offering”. “From there,” Scobie explained “you can then treat it as a managed device.” 

“You will automatically pick up whatever configuration management profiles you create for it. We are also shipping with a bunch of profiles that do things like CIS hardening [..] to do all the things that you expect of an IT department to have to do manually or through a series of actions in order to provision a new device. It also has an option for integrated compliance.”

The accompanying dashboard has been simplified to show “how many systems are under management, when’s the last time those systems checked in, what are the errors that they’re experiencing or where do we see configuration drift happening in the fleet”.

Chef also took a swing at improving the existing product catalogue, fitting Chef for example with “a bi-directional data feed with the ServiceNow CMDB”, and making Chef Workstation generally available. Part of the latter milestone is the inclusion of Upgrade Lab, which, according to Scobie, “is a set of tools [..] that helps customers evaluate their existing content and make it upgrade-ready so that they can move to Chef 15 or Chef 16”.

Looking forward, Scobie also teased a “content delivery surface” which will be launched “later in the year”. The new offering is meant to be giving users a place “where they can acquire the latest content, whether it’s security and compliance content or remediation content or, chef cookbooks, habitat plans, etc.”

As hinted at earlier this year, Chef also used its conference to push its revamped learning platform “Learn Chef” online. With live training off the table for a while, Chef CMO Brian Goldfarb mentioned in April that the company saw “the need for online learning now more than ever”, which led them to focus on the self-learning experience for the first months of the year. 

The updated platform features new and reworked courses on topics like infrastructure security with Chef Automate, fleet management with Chef Infra or auditing and remediation with the new Compliance offering. The courses are said to contain “in-browser hands-on labs” so that learners don’t have to switch contexts in order to test out their new skills, and come with a badging system meant to facilitate progress tracking. Proper certification, however, seems to be still a while away.