Enterprise technology management in an API enabled world | JNUC 2021

Enterprise technology management in an API enabled world | JNUC 2021

Show Video

- Hello, everybody, and thanks for joining. Today I'll be presenting "Enterprise Technology "Management in an API Enabled World." My name is Trent Seed, and I'm the co-founder and chief architect of Oomnitza. My background in software development goes back to the second grade with Microsoft Visual Basic, where I was teaching myself how to build computer games.

Over the years, I've had experience building a wide range of desktop, mobile, and web applications. And for the past decade, I've been pursuing Oomnitza and the challenge of managing enterprise technology at scale. For today's agenda, we'll begin with a brief introduction or overview into Enterprise Technology Management. We'll then talk about an API-enabled world and the role it plays in enabling Enterprise Technology Management. We'll then speak to the asset lifecycle and what it means to truly automate the lifecycle and orchestrate it from end to end. And we'll conclude with some very exciting use cases all made possible through Oomnitza's Enterprise Technology Management solution, and the Jamf REST APIs.

So what exactly is Enterprise Technology Management? Organizations and companies have long used systems of record for key elements of their business. You may use a CRM such as Salesforce for managing your customers, you may have a Workday for employees, you may have an Oracle NetSuite for your financials. In today's complex and expansive environment, organizations also need a system of record for their technology, which is the ETM solution. You're familiar with ERP and HCM, but what exactly is ETM, or Enterprise Technology Management? By technology, we really classify it across five key areas.

There are your technology endpoints, which are your desktops, laptops, mobile devices, and tablets. There's your applications which include not only your desktop installed applications, but all of your SaaS cloud-based applications as well. Technology also includes your cloud infrastructure, so any virtual machines or containers that you may have running across Amazon, Microsoft, or Google's cloud, not to mention vCenter and VMware deployments. It also includes all of your networking gear, so your routers, your switches, your hubs, as well as any virtual networking appliances. And last but not least, technology includes accessories, so your mice, your headsets, your keyboards, any other peripheral devices.

That's what we mean by technology. Management really refers to managing the lifecycle of all of these technology assets, all the way from the beginning with purchasing, through deployment, securing, monitoring, maintaining, as well as end of life. So from a high level, this is what we mean by Enterprise Technology Management. In today's world, data is spread across disparate, disconnected silos.

We all love and know Jamf as our best of breed solution for managing our Apple devices. We may have an additional endpoint tool to manage our Windows devices, to manage our Linux devices. We may have our networking gear in Cisco Meraki. We may have an MDM to manage our Android devices as well as our Chrome devices, not to mention a security endpoint tool installed such as Sophos, CrowdStrike, or Carbon Black.

We're purchasing devices directly from OEMs as well as resellers, so there's a lot of purchasing information at play. And the user directory is another essential component because we need a way to correlate and assign and associate these technology resources to our employees. On the maintenance side, the Service Desk needs to be enabled with all of the context they need to do their job efficiently.

Depending on the issue reported in a service request, you may need to check one or more systems to fully get that context for a device. So as you can imagine, any kind of holistic reporting or holistic process orchestration across these systems is incredibly challenging, if not impossible. Oomnitza is the layer on top of your existing infrastructure that brings all of your data together into a unified and normalized single source of truth. This is all made possible through Rest APIs. We're connected with Jamf and pulling in all of your Apple devices, we're connected to Microsoft Intune, pulling in your Windows devices, and given our agnostic and agentless approach, as your organization evolves and new systems are adopted or change, Oomnitza can live up to that flexibility and integrate all of your data into a single pane of glass, which is very powerful. We do this through an easy agentless deployment, configuration, and orchestration.

And we really like to organize this around connect, automate, and visualize. When you're first deploying Oomnitza, we connect with your entire fleet of information systems in a bi-directional fashion, meaning we're not only consuming and loading devices coming from Jamf, we also have the ability to reach back out into Jamf and make changes or even take administrative actions, such as locking a device. And this is true of all of the information systems in your environment. We can do the same thing with your user directory with Microsoft Intune or any other MDM that may be in your environment. Once we've established these connections, we can start to build out very robust and powerful automations, all using the Oomnitza workflow engine. The Oomnitza workflow engine is a drag-and-drop workflow editor, designed for really any non-technical line of business user to take advantage of.

The beginning of every workflow, you're able to define a set of criteria under which this workflow should run. That can be based on changes of data or schedule directly in Oomnitza, and it can be based on any change of a asset or user in any underlying system that you have connected. As part of these workflows, we can send notifications, we can send Slack messages, we can orchestrate approval processes, we can generate service tickets, and using the power of Rest APIs, we can take action in our underlying systems as well. So again, for Jamf, we could lock a device, wipe a device, and so on. With all of this established, we're now able to holistically visualize our entire technology portfolio.

From a security perspective, from a compliance perspective, we can understand the trends and the--any activity that requires action on our end. Forward looking, we can look at end of life, what's coming up for refresh, and we can be much more informed on our upcoming decisions. Enterprise Technology Management by Oomnitza enables organizations to manage the lifecycle of all technology assets from a single source of truth. An API-enabled world really does lend itself to enabling Enterprise Technology Management.

Industry adoption of REST-based interfaces paves the way for data consolidation and process orchestration. In the past five, ten, 15 years, REST APIs have become table stakes in any B2B SaaS application. Before that, exporting data from a system may not have been an option, or it was something more ruder--rudimentary, such as a CSV file. And when you're looking at multiple systems, correlating that data can be extremely difficult given the variations and structure of data. By the industry adopting these REST-based interfaces, we have the necessary connection points to start orchestrating our lifecycle, collecting data and pushing data and changes back into those underlying systems.

Now, while REST is a standard and helps out quite a bit, there's still a lot of room for interpretation. Some implementations of a REST API may not support the full spectrum of HTTP methods, meaning get post patch, delete, and others. The implementation and behavior of a PUT versus a PATCH could also vary between implementations. And on top of that, while there are increasingly standardized forms of authentication, such as API tokens or OAuth2, there are still unique requirements and needs on a per-system basis. You may need to include additional headers, you may need to format the body in a particular way.

And even with these REST APIs available, there's still that nuance that needs to take place to properly establish and securely establish those integrations and API access. Oomnitza offers a software catalog on top of this where we've already taken care of the hard work of identifying those nuances, so you can simply drop into REST API integration and take full advantage. Now, with the increasing number of SaaS systems in your portfolio, and therefore the theoretical attack surface of your portfolio, it's absolutely critical that we securely store all credentials in an encrypted data store such as Hashicorp Vault. As we all know, it's not okay to store credentials in plain text or in a configuration file and certainly not in source control.

Even environment variables are not secure because they are in plain text. We absolutely need to store this type of data encrypted at REST. Now, some of your credentials may be long lived and will not expire. There are examples such as OAuth2 where your credential may only be valid for an hour or perhaps 24 hours. And you need a system that's not only securing the credentials themselves in an encrypted fashion, but you need that refresh mechanism to automatically take place.

So any dependent integrations or REST API calls that leverage, that credential, are always functional and ready to go. Once we've established our integrations and we're securely managing our credentials, we can start to build a holistic digital twin of an asset. This requires reconciling and normalizing data across multiple sources. In many cases, we can rely on a serial number or some other hardware identifier to help correlate and unify this information.

However, in some cases, such as what we've seen for systems like CrowdStrike and Sophos, the serial number is not available through the REST API. And what that means is you must fall back and look at the network interface details and look at additional attributes of the machine to determine that appropriate association. Now, not only are we dealing with reconciling data between mutually exclusive systems, in some cases, we may get overlapping or even competing information on behalf of the same device. As an example, we may be tracking an asset that's in Jamf and pulling in all that software details. If we have an additional agent installed on that machine, we're going to get another snapshot of that software.

The data structure between those systems will vary, and using an ETM such as Oomnitza, you can define those field level mappings and control the flow of data. With these REST APIs, and a system like Oomnitza for Enterprise Technology Management, we can unlock true lifecycle orchestration. Starting with a brief overview of the asset lifecycle. In Oomnitza, we want to track and manage a device as early on in its lifecycle as possible, which typically is around the purchasing phase.

Whether you're buying from an OEM or from a reseller like CDW or SHI, already, you're getting the PO number, the purchase price, the serial number, where it's getting shipped to. You're getting a lot of information that needs to be tracked, and we can't wait until the device is imaged and online. We need to start tracking it from the beginning. CDW and SHI have actually leveraged Oomnitza's REST API, such that anytime you place an order, a device will automatically be created in Oomnitza with all of that rich detail.

On the receiving end, the Oomnitza mobile application, as well as the web app, gives you full access to acknowledge the device as having been received. Imaging is another key element where once we've received the device, we get it enrolled in Jamf. And now when it comes online, we're going to get a lot of rich information around the hardware attributes, the disk encryption status, the software and much, much more.

What's great is as soon as that device has come online, we're going to supplement and continue to build out that asset record holistically that we already started in the purchasing phase. So now not only do we have the PO number and price, we have all of the hardware attributes coming in from Jamf, or any other connected underlying system. Now in the new world where we're not necessarily receiving a device at our office and imaging it to then give to an employee, we may be doing those steps in advance and actually drop shipping a device to an employee. And that's why you also need a system that supports those kind of auditing use cases where we can confirm and acknowledge that an employee has in fact received a device, and even periodically throughout the year, get their continued acknowledgement that they still have the device in their possession.

Throughout an asset's life, it's going to get assigned maybe multiple times. Certainly in the case of loaner devices, those will be assigned between individuals connecting into your user directories so we can establish those associations is absolutely critical. Securing is another key pillar of the asset lifecycle. We need to make sure that all of our devices enrolled in Jamf are also running a security endpoint tool, whether it's Carbon Black or CrowdStrike. And we need a way to stay on top of the antivirus signature updates and capabilities to make sure that none of our machines are compromised.

Maintenance is another key element of the asset lifecycle. As the device moves throughout its life, we're going to have service requests that require action, and providing the service desk with all the context on that machine is very powerful and reduces time to resolution. And last but not least, Oomnitza supports the full spectrum of end of life processes, from Certificate of Destruction to legal hold to donating and recycling devices. All of that activity and process is captured and managed in Oomnitza.

Now when we talk about lifecycle orchestration, we're really talking about automating this entire process across the entire fleet of information systems in your environment using workflows and REST API's. In Oomnitza, workflows allow you to define business processes and automations that are capable of taking action in your connected systems. So again, any change in Oomnitza could trigger an outbound call into any one of your systems, or a change in one of your underlying connected systems could also do the same and reach out to your other connected systems.

On the right, we can see that in our workflow builder, we have something called an API block. If you're familiar with Postman, or any other kind of HTTP client, this allows you to model any REST API request where we can define the URL, the headers, the body, parameters, and structure how we want to handle that request depending on the response. As part of the Oomnitza software catalog, we've introduced a layer of presets on top of this API block, which provides support for a wide range of SaaS solutions, including Jamf.

Now what that really means is when we're building out a workflow, we can simply drop in an API block, and rather than needing to fill out all the details on the REST API, I can simply search for Jamf and select my desired preset, which may be to lock a device or to update a device, and all of the other action and kinda capability is automatically taken care of. With workflows and APIs, there are a large number of exciting use cases that we can support with Jamf's REST APIs. One major use case is around bi-directional updates. So as we already covered, Oomnitza's fully capable of receiving and ingesting all of your assets and mobile devices for your Apple devices. However, in many cases, we want to push updates from Oomnitza back into Jamf. As a quick example, as we're assigning devices or changing device locations, that's all information that we want to automatically reflect in Jamf.

We don't wanna have to assign a user in Oomnitza, and then in a separate tab, pull up Jamf, find the asset, and make that same update. And by using the Oomnitza workflow engine to keep those records in sync, you're reducing effort and ensuring high data integrity. Jamf extension attributes are also fully supported by Oomnitza. We can ingest that data as well as set and update existing extension attributes in your Jamf environment. Purchasing details is another key aspect that we can help update Jamf. So as soon as that device was purchased from CDW and is enrolled in Oomnitza, once that device comes online in Jamf, we can take a lot of that rich purchasing information you received at the beginning and push it forward into Jamf as well to ensure that our systems are uniform in terms of the data.

Another powerful use case that we support is the ability to lock a device in Jamf. On the right, we can see an example of our API preset that we selected called Jamf Remote Device Lock. Based on any underlying system, we can trigger that event. As an example, if we see that Jamf is reporting a device is active, however, our security endpoint tool is indicating that the computer is compromised, we can use that data to take action and automatically trigger a lock in Jamf.

Now this is a very basic example. We could certainly supplement this with an approval process, we could send out additional notifications, and we could take even more action in Jamf as well. Now, not only are we able to lock a device, but we are able to wipe or erase the device as well. This is certainly important when it comes to a employee reporting a device as lost or is stolen. It's critical that we are able to lock and wipe the device to prevent any unauthorized data access or data leakage. Now since this is a little bit more of a irreversible process in comparing to locking a device, we may want a human step or human approval ahead of this where that employee's manager or another responsible individual reviews the request to erase the device and they can actually make that approval.

Offboarding a device is another key use case. To maintain high data integrity, Oomnitza can automatically clean up or remove a computer in Jamf once it's been set to recycled or disposed in Oomnitza or even archived. And by doing this, we're ensuring that we don't have any stale data within Jamf, and that the full list of machines is completely accurate, especially when it comes to any kind of discrepancy reporting across our connected systems. Legal Hold is another area that we support end to end. As soon as we see that a user has been flagged as under Legal Hold, which could be coming in from your Workday or your Active Directory.

As soon as you mention--Oomnitza sees that trigger, we can automatically update every asset assigned to that employee and flag it with status Legal Hold. We can reach out to Jamf and set an extension attribute, do not delete, so that we do not accidentally remove the device. And we also have the ability to lock a user's device as well as part of this process. Not to mention, send them a direct Slack message or send an email as well. Another key use case is around offboarding a user.

When we're offboarding an employee, not only do we need to collect and reclaim all of their physical and virtual assets, we need to do the same for their cloud software environment as well. If a user is offboarded and they had a license or account in Jamf, the Oomnitza workflow engine can automatically reclaim that seat and remove that user, so not only are you now not spending for that license, but from a security and access perspective, that employee can no longer get into those systems. Oomnitza supports this capability across all of your SaaS applications. So in some cases, we might just be deleting or deactivating a user in other systems such as Google Workspace, we may not want to do that. We may want to have a process that locks them out, resets their password, maybe sets up an auto-reply, so if anyone emails, they're aware that they're no longer with the company, and then 30 days out, we do the full reclamation of the user only once we've transferred all of their files. Which again, is all orchestrated through the Oomnitza workflow engine.

In summary, asset data exists in many systems, making it very difficult to get the full picture. In the API-enabled world, you can aggregate the data for better visibility. Establishing a single pane of glass allows you to drive lifecycle orchestration. And please check out the Oomnitza Enterprise Technology Management solution to help you with these orchestrations.

For more information, please visit us at www.oomnitza.com. Thanks for listening.

2021-11-23 21:22

Show Video

Other news