Take the Guesswork Out of Server Security

Let’s be honest — keeping your servers secure and compliant isn’t just hard, it’s overwhelming. Between shifting security policies, complex environments, and never enough hours in the day, it can feel impossible to know where you stand — until an auditor shows up and the panic sets in.

We’ve been there. And we believe there’s a better way — one that doesn’t involve drowning in manual tasks or juggling a dozen disconnected tools just to prove you’re compliant.

Watch to see how teams are using the Itential Platform to bring automation and orchestration into their server compliance workflows, turning fire drills into routine check-ins. You’ll see how to:

⚠️ Build and run compliance checks across Linux and Windows servers — no manual digging required.

📊 Generate reports that make sense for both execs and engineers.

🔄 Automatically update tickets and send results to the right people, in the tools they already use.

⏰ Set up recurring checks so compliance isn’t a one-time scramble.

 

Whether you’re hands-on in the console or leading the charge from above, this session will give you the tools to tighten your security posture — and finally be audit-ready.

  • Demo Notes

    (So you can skip ahead, if you want.)

    00:00 Intro
    01:10     Server Configuration Compliance
    08:39     Danger of Ignoring the Problem
    10:16     Implementation Difficulties
    17:46     Server Compliance with Itential
    19:12     Demo
    26:17     Creating Golden Configuration Templates
    35:21 Compliance Reports
    44:26 Wrap-Up & Summary

  • View Transcript

    Rich Martin • 00:04

    Hello everyone, welcome and thanks for joining. My name is Rich Martin, Director of Technical Marketing here at Itential. Today we’re going to cover a really cool, interesting, and somewhat unique topic. We’re going to talk about how to orchestrate server security and compliance and how to really make it easy. In order to do that, I need a lot of help. Today, I’ve got the most tremendous amount of help that I could possibly get on this subject, the expert here at Itential, Ankit Bansali. Ankit, give us a brief background on yourself.

    Ankit Bhansali • 00:35

    Yeah, Rich, again, always a pleasure to join you on these kind of conversation. I come from a lot of background in terms of electronics and telecom and software engineering and I’ve been with Itential for around eight plus years. So we have talked a lot about automation, orchestration, not just network domain, but in general infrastructure, and I get to play with a lot of tools. So I’m very fortunate for that opportunity from Itential giving me always, you know, trying to be there on the leading edge, trying to investigate, research, and then always work with you guys to close the loop, basically.

    Rich Martin • 01:09

    Yeah, and on top of that, working with a lot of prospects and existing customers, which really leads us to this topic today, doesn’t it?

    Ankit Bhansali • 01:17

    Absolutely. And this is, again, that space, like you said, it’s kind of hidden in the background, but it’s something which customers and when talking to leaders, they’re like, you guys do a lot of cool stuff on infrastructure, but something about compliance and security on virtual machine in general, I think that was a very hot topic. It’s been pretty much consistent because of a lot of auditors and a lot of security, especially with the age of AI and how things are going. But it’s a consistent ask from a lot of our customers looking to expand their horizon, especially using Itential for compliance on server security.

    Rich Martin • 01:57

    I’m going to be really selfish and come from the perspective of a network engineer. I’m in my silo. That’s really my background. I’m familiar with network configs, with routers and switch configs. And from an Itential perspective, that’s really what our product has been focused on for a majority of the time that we’ve been here, that we’ve applied this technology to server network, cloud config, even like CLI API, even firewall. So in one way, it’s been focused on event infrastructure, but another way, it’s really the flexibility of the platform has allowed it to expand beyond your traditional router and server configuration and compliance. So I find that that’s really interesting that that flexibility has now lend itself to find our customers asking people like you the question, can you do the same thing you do for our infrastructure with our servers?

    Ankit Bhansali • 02:51

    Correct, and that’s only possible because of the way we chose. We always try to build software from a framework perspective. We always try to make it self-service. We don’t want to be that middleman that charges for integrations, makes it harder for people to onboard new technologies. So I think that vision and philosophy coming from Itential is the reason why we have that flexibility to just go across the board with respect to protocols and the type of technologies we interact with. And I think that is that unique capability and the confidence we have with the architecture is to take it forward and do really cool things with really smart technologies around us.

    Rich Martin • 03:36

    Let’s expand this point and pivot from networking to server compliance in a unique way here. When you and I started talking about this, and again, I’m very network centric. When you and I started talking about this, this discussion opened my eyes a bit. Because especially if I think in the datacenter, where we apply a lot of config compliance use cases to the datacenter, although it’s important across all the domains. But in the datacenter particularly, when I think about how you deploy a network in the datacenter, I think, okay, I’ve got a top of rack switch. For as many racks and rows that I have, there’s going to be a top of rack switch across one of them. I really don’t think in terms of what’s connected to them, honestly, because that becomes a demarcation point for most of the networking team.

    Rich Martin • 04:20

    is, you know, we’ve got a bunch of ports, whatever plugs into it, plugs into it. But in terms of the number of devices that, you know, that need to have compliance on them, there’s actually a multiplicative order here between network devices that need configuration compliance, like a top of rack switch or router, and all of the individual servers, virtual or physical, that they service. And so that kind of was an eye-opening moment, and maybe it’s obvious to some, but sometimes we get in our silos and we don’t really think about the similarities, but then the differences between the two different infrastructures that have to operate with one another.

    Ankit Bhansali • 05:01

    Yeah, and that is something where when we were talking with a lot of leaders, right? This is exactly what they said. We are diving into one of the biggest hidden risks inside the modern IT, which is basically server configurations. And it’s never been easier to spin up a server, right, on-prem cloud containers. And to your point, data centers are only going to grow with the amount of AI deployments we’re going to have across the board. So again, it’s been never that simple to just click a few buttons and get it up and running from an organization standpoint. But with speed also comes with a lot of risk, right?

    Ankit Bhansali • 05:39

    You’ve got to maintain, you’ve got to standardize, and which means if you’re kind of off on that level, it’s potential for a lot of attackers to find their ways into your network. Just not quantity anymore, right? It’s the complexity from different teams using different tools like Terraform and OpenTofu and different agents that monitor these kind of VMs. And it’s not always a universal way to do that thing, where you can consistently maintain standard, not just on the provisioning side with respect to the technology you’re going to use, but at the same time, which is the most critical, is the compliance and security side, which I think was kind of not considered in that way because of the amount of explosion with immutable VMs and femoral VMs, right? So there’s a lot to… take in from a leadership role, especially on how to maintain security with the risk associated with that.

    Rich Martin • 06:37

    Yeah, no, those are all great points. We’ll kind of get a little bit deeper in each one of those in a moment. But let me start like from my universe. If I’m familiar with network config compliance, I know there’s a team that’s a compute team, there’s an application team. They’re suffering through the same types of stress and worry about is my infrastructure, is my compute, is my server, is my application secure? So we’re all in the same bucket there. There’s a greater scale for them.

    Rich Martin • 07:05

    So if I’m already having problems managing the config compliance on the networking side of things, then I can only imagine what it looks like for them, right? Correct. If I’m losing sleep at night, they must be losing more sleep at night.

    Ankit Bhansali • 07:17

    Correct. And you said it right, the challenges have not changed. It’s the same set of challenges that were proposed on your regular networking infrastructure is pretty much put on the virtual machine data center infrastructure, which is so funny. The checklist is still the same, is the NTP server income plan, which is so funny because we’ve been talking about NIST and all these frameworks around this. That same framework applies to even these kinds of assets. Yeah. And it kind of opens up another way of seeing the larger picture from an organization standpoint than actually just focus on the networking infrastructure, firewall infrastructure in general.

    Rich Martin • 07:58

    Cool. Yeah. So, so things that we should understand coming from the network, networking data center infrastructure perspective, that I tend to usually focus on is your colleagues and these other groups have the same problem, but worse, right? And just like in the world of networking and infrastructure, all the different network domains. we all have configurations, they all must be audited, they all must be maintained, they all must adhere to some sort of best policy or security policy or some sort of standardization, some sort of governance. And so that’s important to understand that this is a universal problem amongst all of us. So we’re all in the same boat. Now, that being said, what about the potential damage that can occur? Is that also universal?

    Ankit Bhansali • 08:45

    I mean, to be honest, it’s real world consequences are still the same, right? It’s not theoretical anymore with the scale and the dangerous way of just exploiting a network is still the same. The GDPR fines, they are over a billion dollars. The average U.S. breach cost is around approximately 9.4 million. So beyond money, there is loss of customers, brand damage, right? And a lot of execs get into trouble, especially on the auditing side because we have to make sure it’s not just the server configuration, right? It’s the ability to make sure your network and infrastructure is healthy as a whole, not just portion of your network because you just need one backdoor to get it.

    Ankit Bhansali • 09:31

    And that’s where a misconfiguration, especially that’s not being monitored from like the monitoring tools can lead to massive outages and extortions in the scenarios we have kind of seen.

    Rich Martin • 09:42

    100%. So there is a universal problem and a universal result if we ignore the problem. And again, the big fact of the matter is coming from the network perspective. there are more potential points of security risk in the server world, right? Correct. And so that’s one thing that I really kind of was eye-opening for us. And so this is something that every enterprise, regardless of size, needs to address.

    Rich Martin • 10:15

    Now, why aren’t they addressing it, Ankit? What is the difficulty of making this happen? And maybe you can infer some of it from our previous discussion, but maybe some of it’s not so obvious.

    Ankit Bhansali • 10:24

    Yeah, that’s what I was saying. It’s a two-part thing where one was, again, the scale was a big factor, how fragmented teams are, and there’s a lack of visibility on how teams function, basically. That was like the obvious first one, which was out of the box, like looking at a lot of teams, how they manage, they have a team for… infrastructure, but then you have a Windows team, Linux team, and a different OS team. It is, again, fragmented on the choices of tool. You have to pay licensing costs on each VM to monitor them. If you think that VM is not that important, you might not deploy the right agents on them.

    Ankit Bhansali • 11:03

    It’s basically a lot of factor comes into picture is different teams, fragmented tool set, and lack of visibility from an organization standpoint. Those are very standard concepts. But the second piece which I found out was, you as a network engineer, Rich, you have the luxury to run something called a show running config on a Cisco router. Right, right. And suddenly you have full configuration or at least 95% of the important configuration you would like to see from that box.

    Rich Martin • 11:34

    Yeah, that’s true.

    Ankit Bhansali • 11:35

    And this is funny because there is no such thing on any of the boxes, whether it’s Linux or Windows. That’s what I found out. There’s no concept of a show running config, which was very kind of, you know, it was funny in the sense because I’m used to playing with a lot of networking devices and we know that that’s a feature. And somehow it’s missing on like one of the most scaled and used product, the virtual machines with the hypervisor and things like that. But it was a very big miss from my understanding, especially from a technology standpoint, which somehow was not addressed. I do not know why. Would you like to comment on that?

    Rich Martin • 12:14

    Oh, I’m sure there’s history and complexity and the ability on servers and applications to kind of choose the best the best options that you want. So maybe it’s harder. You know, if you think about, you know, a server, whether it’s Linux, whether it’s Windows, you can drop all kinds of different apps, what kind of database you want, what kind of web server do you want, all of them have different configurations from different organizations or companies. So having one kind of monolithic configuration for that whole server that represents everything that’s going on there, isn’t probably a lot of extra work for folks, right? And things change all the time. So once you’ve created one config, if I swap this out for that, even if it’s a different version of the same application, that configuration may tangibly change, which causes all kinds of extra work. So I can see, you know, from their perspective, why it is we have plenty of in the networking world, old technologies that we’ve had to, you know, consider going forward.

    Rich Martin • 13:17

    So I don’t blame them for that. But that is kind of an eye opening piece is that, wow, that it really is fragmented. on their side, which does increase the difficulty of doing compliance on a consistent basis.

    Ankit Bhansali • 13:30

    So you said it very nicely, right? It’s because the way we have been provisioning VM, it’s not a consistent process, which means we cannot have a show running config because people want to monitor different things. They deploy different things on those VM. So to your point, it’s already that, that is one of the main reasons why you cannot even then run compliance on things, because you really do not know what you have deployed unless that team that have deployed knows about that. And that’s why there is always an IT infrastructure team that manages a lot of these kind of tooling where you have to wait for seven days for an application to be deployed on the VM. It goes through those process, which is built because they have no confident way of doing compliance once it is out of the box. You know, like once you start deploying application and services, they do not really know how to stop that or at least they would not figure out in the right time to limit the damage if somebody starts downloading packages which are not allowed from a repository or something like that.

    Ankit Bhansali • 14:33

    So you’re 100% there, the way people deploy applications and different services on this VM is very fragmented, very disjoint, and there is no complete overall visibility. And that’s where I think we came up with some solutions where… We allow folks to write their own pseudo show running config that is good for that organization and the services people want to monitor, which I think is very unique to how we were looking at the problem before like, to your point, there is no single command to get retrieve that because it’s so uniquely defined by organizations. Absolutely. Absolutely. Yeah. So I think we have that capability.

    Ankit Bhansali • 15:19

    We made it so flexible that people do not really have to learn how to do that, where we give that single interface. And I’ll definitely show you when we do the demo. Yeah. Fantastic. But that is one of the key attributes, which I think helps you close the gap by providing that layer additional single interface to do a show running config on a VM.

    Rich Martin • 15:40

    Right. Right. And I think this expands upon the philosophy and the strategy at Itential from the very beginning where we focused on multiple network domains, cloud and even security, API or CLI driven, different vendors. And so when we approach this as a problem, we’re approaching it from a very different state of mind and different framework of tools within our platform to accomplish that. So the concept of, well, you have different operating systems. How do you manage them, CLI or API? You want to use CLI? Fantastic.

    Rich Martin • 16:16

    What are the applications that you have? What are the commands that you would normally leverage to take a look at the state or the configuration of all of those things? What are the different tools that your teams use? If you’re familiar with Itential, none of these questions scare us because our whole point is to leverage all of the tools that teams use in our platform, and then with the flexibility within our golden Configuration Manager application, it lends itself perfectly well to everything that’s going on in the world of servers. Now, where you didn’t have a universal tool that could do this, with Itential, you can have a universal tool that does all this for all of your servers, applications, and teams.

    Ankit Bhansali • 16:56

    Yeah. Very fair statement. I think that is something which I think people were missing because they did invest a lot of tools to keep things secure, but they never had the flexibility to do it the way they like. They always did it with disparate scripts and things like that, because you still have to make sure you do some hardening on that piece, especially on that level. But it was still very disparate. It was very engineering-driven, not from an organization standpoint, it was maybe from an engineering style on how people were running compliance. I think we broke a lot of barrier of entry in this case by providing that simplicity in running compliance on something that is very differently provisioned from organization to organization.

    Rich Martin • 17:45

    Fantastic. Well, why don’t you walk us through what we’ll take a look at today in this demonstration to give everybody a feel for exactly how we can accomplish this in their particular environments.

    Ankit Bhansali • 17:57

    Right. And the other thing is the automation side of the world, right? And like we are in this age of automations where it’s a must, right? And that’s why compliance should not be an afterthought. That’s like my first point. With the ability to have automations and tools like Itential, you can continuously monitor compliance. And it’s no longer like once a week or a year kind of a thing. It can be done on a daily basis because scale is no longer a challenge.

    Ankit Bhansali • 18:24

    We have customers who have deployed large networks, which spans in hundreds of thousands of devices. So I think there’s a lot of good bits coming out of that architecture, which you can rely on and especially use it for server provisioning and compliance, which I think was the missing piece. In addition to your existing tool set, There’s one comment I really want to make is we are not trying to replace any existing tool sets here We’re trying to give you that flexibility Which other tools won’t and and it’s up to you on how you architect and design the solution And that’s why I was saying the freedom and the flexibility Coming from an engineering side without having to learn a lot of new tool and structure is is a lot of value with Itential So what I’ll do is let me share my screen and I’ll walk you through this process, which is very cool Okay Yeah And while we were discussing, right, we were thinking about how the world is deployed with what kinds of VM and like the most too popular kind of, you know, technologies people like is Linux, especially in Windows. Yeah, that’s that’s pretty much covers a lot of like around 90% of what type of VMs are deployed, generally, on prem or in cloud, femoral or not, right. And I think focusing on just two gave us so much insight.

    Ankit Bhansali • 19:55

    And it basically sticks for any, any and every of our every customer who’s actually doing this right now. Right. So I’ll go to something called as configuration manager, give me one second, I’ll try to share my screen. So Rich, this is where things get very interesting. We’ve been talking about how Itential brings in different kinds of technology, whether it’s API interfaces or CLI interfaces, especially whether it’s Cisco or Juniper from a native networking site or from a cloud provider, you can bring in VNet as an asset. That same idea applies here where you can bring your VM as an asset. So if I’m gonna look for one of the VMs, do you have a choice?

    Rich Martin • 20:40

    I’m a Linux guy, so.

    Ankit Bhansali • 20:43

    There you go. So we look for a Linux VM we have, and basically this is where things get cool. The experience you’re getting is very simplified from a consumer standpoint or an operation standpoint, where by just coming into this platform, you get that single interface where you can see all your VMs. And you can also see that it’s very easy to see your running configuration. And this is where this is unique because Nowhere in my, when I was researching on this, I could not find a single way to retrieve the configuration I wanted to see from a box. That is that single interface once configured, now you can have it as a standard across your organization.

    Rich Martin • 21:27

    This is what we were talking about earlier. You were calling me spoiled as a network engineer because I can do one command, show running config, or even on a different vendor, the same kind of commands apply, and I can see everything that that particular network device is configured for, or as, or what it does. And now what you’re showing me here is you just pulled up a configuration from a Linux server, and you have an entire configuration that you’ve custom built so that we have a one place that you can grab all the configuration that’s relevant for that particular server and application and team.

    Ankit Bhansali • 22:06

    Correct, and I think that is a game changer for an operation side of the world, especially for VMs, because we did not see anything that’s capable of doing this, especially how easy it is to configure the backend side of it where you give full ownership to the engineering team to decide what’s good for the organization with a single tool, right? So you get to not just have the monitoring tool that with the agents you’re going to deploy, but you can now run compliance if the agents are deployed correctly or not on those machines too. With this, in addition to any adjacent configuration which you would like to do on routine basis, especially for audits or different kinds of things.

    Rich Martin • 22:49

    Right, so there’s everything here from OS information, it looks like, to system services like DNS configuration. Basically, anything that is on that server that you want to identify as a unique configuration to run consistency and compliance across, it’s available.

    Ankit Bhansali • 23:09

    Correct. I was the architect here where I googled on what are the good ways to check and do balances. We found out there’s a lot of customers who have this information already in their PDFs and things like that, which are basically commands people would run as a script, or they would try to then do something with that PDF, where they will manually run commands on the box, gather information, do the eyeball diff, and then see if it’s good and bad. Right. It’s time to eliminate, again, scale is the biggest factor here. How many engineers can do how many compliance for how many servers? Like, it’s a very big question mark. If you’re gonna compare, especially machine doing that.

    Ankit Bhansali • 23:54

    Machine is great at doing this at scale. It’s great at running validation at scale. You’re not eyeballing it. You get the consistency with machines, but this is where we want engineers to contribute their skills to make the best robust plan, which they can to run across these VM infrastructure.

    Rich Martin • 24:15

    Excellent. Okay, this is so already off to a great start something very unique and much needed in the world of servers and compute and applications. Where do we go from here?

    Ankit Bhansali • 24:27

    Yeah. What else can we do? Second part which you guys are used to doing on a networking device is taking backups, right? Absolutely. Which was so funny when we talked about like, how is it that nobody’s talking about this is my first question, right? Maybe people are doing it in disparate tools with monitoring tools. But we kind of came to a understanding, especially from the networking side, that having a snapshot of the configuration kind of helps you troubleshoot when you go back and do a diff.

    Ankit Bhansali • 24:58

    Because we know which interface was modified. You exactly know which neighbor is missing. You exactly know which VLAN was modified. Right. So I think we took that similar approach and once applied here, this blew my mind that it makes it so easy to exactly pinpoint what might have gone wrong, especially during a troubleshooting session by just comparing backups, which was not an option available to a lot of people. They would run these scripts and gather information in a very disparate concept, but not from an organizational visibility concept. Right.

    Ankit Bhansali • 25:33

    So I think something that stands out and again, since we were already in this process, very easy for us to take backups by just clicking a few buttons and making it possible. And again, we don’t want to, we don’t expect humans to come in and click here, we’ll have an automated process with scheduled backups and things like that. But now you have the ability to make comparisons on backups, which is very cool, which you never had before, especially for a VM compute concept. Thanks a lot. Yeah. So this was very basic. We didn’t do a lot here, but this is something we got really good feedback with a lot of customers saying, this is something already helps them troubleshoot faster than before. If we take this one level up, how about you start adding policies and rules around things?

    Ankit Bhansali • 26:23

    Let’s say in this next case, we go for a Windows example where I have a Windows box and I want to make sure I can set certain rules and standards. These people are familiar with this interface, they didn’t have to learn a lot except they just need to be Windows SME. A Windows SME knows exactly what they’re looking for, what is good on the box and what should not be on the box. So by just knowing that basic understanding of the configuration on Windows, they can pretty much come in here and start setting rules and standards on disparate sections, where in this case, I’ll make sure that there should be no remote desktop service running on that VM. I no longer want radio management service, so I can just come in here and disallow and make it that simple and straightforward for engineers to start writing rules and policies around configuration standards for Windows, and it’s very similarly true for the Linux side of the world.

    Rich Martin • 27:25

    Yeah, and this is interesting for folks to understand too, especially if you’re watching this from the compute side of the business, is that what you’re looking at is something that networking teams and other infrastructure teams have been using to have config consistency and compliance run across their network devices, which is routers, firewalls, even Cloud services, and you’re using the exact same tool sets. But again, because of the flexibility of being able to leverage these configurations generated from these commands, then you can use the same tool set. So we’re not really creating anything new here, we’re just applying what we’ve been using for all these other teams now to the compute side of the house.

    Ankit Bhansali • 28:11

    Correct, and these set of configuration like you’re looking here, you’re pretty much owning it from an engineering team. So you’re not going away from this. You get to take full ownership on how you how this needs to be done. So I’m going to show you very basic stuff where I as an engineer is coming up with a bunch of commands, which I do monitor. So this is where I think you get that real flexibility. And you can look at the Windows one. But since you said you’re good with Linux, let’s go into Linux Windows two, you know, whatever, whatever you want to do. We’re flexible here, right? Yeah. So this is where we’re looking at Linux one, right? And you’re used to seeing a host name, what do you do to get a host name, you want to run a host name, that’s right, where do you get the release information in the Etsy file folder, like so now you want to get the uptime, right? So you, we know people are doing this, but they are doing this as a disparate scripts, which are not consistent, they are hidden somewhere, they’re running on running from from places which are not secure, they are sharing a lot of credentials, a lot of people are logging into a lot of systems. So kind of this, this kind of encompasses a lot of your existing work in the way your engineering team understands. And we make it so simple that your engineering team can now start writing rules on top of it, which is the validation step, which, which was missing, or it was it was buried in in a lot of scripting process.

    Rich Martin • 29:36

    Okay, yeah, now this makes a lot of sense. And to continue to bridge the parallel to the networking team, we do the same thing on the networking side of the world. If I want to, I can do a show running config. But if I need to look at operational things as well, what is the command? And what am I looking for? Right? What should be there? What do I expect to see? And what should I never see?

    Ankit Bhansali • 29:54

    Correct. Yeah, and and that this is your single interface, right? So imagine this file is basically a interface for show running config Which you define for your VM boxes and super flexible like nothing here can can stop me from fine-tuning this From what I want to capture especially for that type of organization because we have health care. We have utilities We have banks right? So they all check different things differently And this is the flexibility that comes with with configuring your show running config for your VMs Which is which is the the MVP feature here, which I do to the folks. Okay, that’s excellent, right? So we do a great job at doing this and then you you come in here Basically, you can import that running configuration from load configuration and then you can start adding rules Just like how I did on one of those Sections and then This is where things get even better for the engineering team. So the way we have understood is there’s an infrastructure team and they have SMEs for Windows and Linux, just for this case. They know exactly what needs to be done, what needs to be looked at. But as an organization, if I’m a manager, I really care about my complete infrastructure. I do not care about the security that’s doing well on Windows or Linux.

    Ankit Bhansali • 31:16

    I want to see from an objective standpoint, is my infrastructure in compliant? If it is not in compliant, what is wrong with it, right? So I can find the right resources to go fix the problem. So this is where we have kind of coupled the idea of compliance plan, which I think is again, very unique because we have a lot of folks. that want to do things, but it’s again still gets very disparate with technology, an SME for firewall, we’ll know what is a good compliance on these firewalls on different things. Compliance plan is where we bridge the gap for the management side of the wall, where now your Linux team can focus on all the great standards, your Windows teams can focus on all the great standards for that organization, but you as a management gets the complete visibility on your compute infrastructure with compliance plan. So this is again very unique on how we are bridging that gap from stakeholders that care about individual technologies to managers that manage a lot of stakeholders.

    Rich Martin • 32:25

    Correct. Now that makes perfect sense because we see the same thing in the world of networking, between network domains. I’m a data center network engineer. I really only care about the data center, but I have a colleague over on the Cloud side or on the security side and they’re worried about their form of infrastructure that they manage. But you know what? We all report to somebody up the line who’s responsible for all of that and wants to ensure we are all achieving the same goals in regards to compliance and security.

    Ankit Bhansali • 32:57

    Correct. Correct. And this is where we want to show you how you can consume this, right? So there’s different ways you can consume compliance and security. Let me go into one of the services I created for this. It’s called Itential compliance service. Okay. So this is where we talked with a lot of customers and they’ve actually kind of, everything is pretty much scheduled like a cron job.

    Ankit Bhansali • 33:21

    They want to run compliance because Itential can do it so fast and frequently. They want to make sure they keep doing this and they can schedule it by days, week, hours, right? And it’s all depend on the critical nature of that asset. So if it’s critical to the business, you should be doing this frequently, which then gives you a time spread on that. Right. Do analysis on how things are working over time. And at the same time, they want to make sure the operations team has the ability to do this on demand, right?

    Ankit Bhansali • 33:54

    Okay, okay. So this is where you’re leveraging the same function in two different ways. So we’re going to hit run now and we should see a form where we can provide on demand process. Okay. In this case, you see a bunch of compliance plan, but for this demo today, we are focused on compute. So I’m going to pick that compute infrastructure from a management standpoint and I would like to get a report of what’s happening. So I’m going to put my email here and that should trigger the flow, which basically runs the plan and it’s going to send me a prettified report on an email.

    Rich Martin • 34:34

    Okay, so while it’s doing this, walk us through the process. So you’ve got a front-end form, so this is kind of that self-service model. It’s running a workflow in our platform, that workflow we would call an orchestrated workflow. So it not only runs the compliance execution and compares it to the golden configuration we saw earlier, but what else is it doing?

    Ankit Bhansali • 34:56

    So yeah, there’s two things happening. It’s going to individually check for all the Linux boxes against the Linux standards and Linux boxes against Windows standards. But as management, I don’t want to consume that as an individual report. I want an overview of what’s wrong with the network or how things are trending in that format. So it’s going to send you a report, which you can then either ship it to Power BI or Tableau or another tool which you guys use for dashboarding. Or in my case, I’m sending it as a report on an HTML format.

    Rich Martin • 35:35

    Okay, so the workflow is also generating the port, pulling the information, generating the port, and then you can now send that report to whatever other systems. And I guess this is, and I’m trying to point out here, is a key feature of our platform. The config and compliance piece of it. is an application, but really it’s part of a greater set of applications that allow you to automate and then what we’re seeing here is the orchestration of all of this together, which would include perhaps sending this not only to an email into an email, but it could be put into a slack or teams channel right or it could be sent to service now and have it part of a ticket that gets opened up just so that there’s some documentation on what’s going on.

    Ankit Bhansali • 36:19

    Correct. This is something which they wanna know that they could have a trend analysis, they could see how the scoring is working on those boxes, and they could see if these failures or out of compliance issues are something severe, which needs to be looked right now or in the next week or in the next month. So they can now start thinking about allocating the right resource to make sure things are staying in compliant, and especially, Rich, when the auditor show up to your door, you wanna make sure that there are certain reports that you can ship it right away instead of reaching out to a lot of resources, spend at least 20 to 30 days to build those report because you gotta then investigate, run commands manually, spreadsheets, PDFs, WordDoc. There’s a lot of mess around that because everything is not structured in the way which you can leverage right away, especially with the results and these continuous compliance processes, which you previously did not have to rely against or get data from.

    Rich Martin • 37:25

    Yeah, yeah, yeah. I’ve spent some time doing PCI compliance audits on network. We call that chaos. Right before audit time is chaos where you’re trying to generate these necessary reports. And what we’re looking at now is with the tools that we have in our platform, the ability to not only ensure that your server infrastructure maintains compliance across all of the different flavors of Linux and Windows and applications you have, but at the same time generate the necessary documentation that you’re going to need at some point to feed to not just a manager, but to the auditor, which is even scarier than your manager.

    Ankit Bhansali • 38:01

    Correct. Okay, got it. Yeah, and Are you able to see my screen right now? Yeah, absolutely. You see the compliance report summary? Yeah.

    Ankit Bhansali • 38:10

    Yeah. So this is what I got back from that flow, right? And I want to consume this in a very friendly way because this is a compliance across my infrastructure. And it tells me what are the devices I have. So in this case, if I want to understand the overall picture, it tells me all the passes, all the warning. I have three errors which are severe, which means somebody should look this right now. And this is just providing that visibility to the management. They said this is like 85 to 95% of the work.

    Ankit Bhansali • 38:41

    They want to have that visibility in seeing what’s wrong and what’s good, what’s bad. And this solves that process. At the same time, fixing is another thing, right? How do I remediate? How do I allocate the right resources? And how do I automate that process? That’s the real goal here.

    Ankit Bhansali • 38:58

    Because imagine if I have thousand devices or thousand VMs, right? And you cannot have manually review all of this, right? So in the backend, what we suggested is we can always hook it up to your ITSM tools. So imagine us creating tickets for anything that’s severe, which means it’s going to be an error if you don’t fix it, but by creating an incident in maybe ServiceNow or Jira or Zendesk, for that matter, and then allocating the right resources. So you’re no longer even trying to figure out who this should go to, because if you have a networking group from an operations site, they can go fix the networking site, same practice applies for the infrastructure site. If you have an IT management team, we can allocate the right group with the right tickets, so they already know what to fix rather than them trying to figure that out all the time.

    Rich Martin • 39:52

    Yeah, and that’s the big burden. Now I understand, that’s 80-90 percent of it, you’ve just solved that problem. Now you can laser focus on the things that are truly broken and need to be fixed in the configuration.

    Ankit Bhansali • 40:04

    Correct. In this case, you want to pick Windows. Right, so let’s pick Windows and it basically tells you what’s happening here, right? You can imagine running compliance on hostname. Imagine somebody changing your NTP servers, when you see, I mean, there’s implications on in the backend, right? Because there’s monitoring tools that are relying on certain standards, which they monitor on. So if somebody messes up those configuration, you lose connectivity, you lose the visibility of of what that that VM does or is doing right now. So and with these, you can also see the malpractices, right?

    Ankit Bhansali • 40:43

    What if somebody has installed a service which was not not supposed to be there in the first place? So so you get that flexibility right away where you can see disallowed. This radio management service is disallowed in the organization. But somebody has has installed a RMS service on the Windows machine, which is which we should not have been in the first place because it’s not approved. Similarly, the RDS, the remote desktop services is on the box. So this is a very good example to do standard compliance across the board for Windows. And the other field, the look and feel is it’s very consistent.

    Ankit Bhansali • 41:20

    You no longer have to like learn Windows or Linux, right? The experience you’re getting is very consistent. And you can see what it tells you, whether a disallowed configuration is found, a required configuration that is not found. In this case, imagine knowing what version number is approved, right? You want everything to be on 24 because right now this is 25. But you you see that it is not on 24 right now, which means somebody has to now investigate why this is not on 24. And you can make it a regex and make it cool where you can have a range where you can allow for 23 to 24.

    Ankit Bhansali • 41:55

    So you have more engineering teams that can contribute in this process without being alienated with like the idea of automation, right? Because people get scared when we say we want to automate, they think like people are going to lose their jobs and things like that. But in this case, they are contributing in the way they understand best with the tools, which lets them extend their existing expertise into something much more structured, which the organizations can rely. I know that was a mouthful, but I want you to break it down if you have any other questions around this.

    Rich Martin • 42:30

    No, no, this is great. It does remind me again to draw the analogy from the networking side of the world. It’s kind of nice and kind of scary to see that my friends on the compute and server side still have the same problems we do. But the nice thing is that we have a problem solution to the problem that can help them. But at the same time, if I’m a network engineer, There’s dozens and dozens and dozens of things I would like to do to fix the network to make it more Performant to optimize it things like that But I never can because of the tedious work that needs to be done and that’s just not network CLI stuff But that’s opening tickets and making documentation and things like that on top of the backlog of stuff that has to get done day-to-day That’s net new or delete this or add this or modify this With tools like this and I tensile that that that are flexible flexible enough to work throughout your entire Ecosystem with the tool sets and the systems that you have This is how you solve this problem. Not just for the networking team for the compute team across Really all of the IT infrastructure teams

    Ankit Bhansali • 43:34

    Correct. And absolutely. And that’s why automation is non-negotiable because we saw the scale at which VMs are being deployed. We want to make sure, you know, compliance reduces the breach risk. We want to make sure folks can contribute without having to learn a brand new technology. And we want to make sure that security and compliance should be done right and should not be a bottleneck, right? So it should be a growth enabler. They should be able to add more VMs without fear, because now you can run compliance on every VM that comes online in the network with the policies your engineering team sets out with. So I think it unlocks a better customer experience, a better customer trust, and it simplifies audits, which is again, one of the most, most called out pain points across all of our customers.

    Rich Martin • 44:26

    I’ll sum it up this way. Make your boss and your auditor happy. Excellent, Ankit.

    Ankit Bhansali • 44:32

    And make your infrastructure healthy.

    Rich Martin • 44:34

    That’s right. That’s right. Well, Ankit, that was excellent. I really, really do appreciate you walking us through how to leverage the Itential platform to do something that’s just as important, maybe even more important based off of numbers with server and compute and application compliance.

    Ankit Bhansali • 44:54

    Absolutely. Been a pleasure. Thank you for inviting me, Rich.

    Rich Martin • 44:58

    All right. Well, again, thank you very much to the audience for joining us. I’m going to tee up. There’s another add-on to this where Ankit and I are going to walk through. You’ve just seen how we can leverage the Attentional Platform for Server and application config compliance. We mentioned, if you weren’t already aware of it, the fact that we also do this for all types of other infrastructure. I think in our next one, we’re going to show how we can tie all of this together. We had a couple of hints here on how you can tie multiple things together, but tying this all together so you can start to look at your application as a stack of resources and run compliance across that entire stack.

    Rich Martin • 45:38

    Join us next time for that. Ankit, once again, thank you very much, sir. It’s always a pleasure to work with you and to see what genius stuff you’ve come up with to help our customers in the platform.

    Ankit Bhansali • 45:49

    Absolutely. Looking forward to the next one. All righty. Thank you very much and goodbye, everyone.

Watch More Itential Demos

Related Content
From Chaos to Compliance: How a Utilities Company Adopted Itential to Modernize Configuration Management  
Blog
From Chaos to Compliance: How a Utilities Company Adopted Itential to Modernize Configuration Management
Read More  
EMA Research: From Scripts to Platforms – The Path to Scalable Network Automation  
Analyst Report
EMA Research: From Scripts to Platforms – The Path to Scalable Network Automation
Download Now  
How to Audit Network Security Vulnerabilities from Cisco PSIRTs with Itential’s Automated Configuration Compliance  
Demo
How to Audit Network Security Vulnerabilities from Cisco PSIRTs with Itential’s Automated Configuration Compliance
Register Now