Your address will show here +12 34 56 78
2020 Blog, Blog, Featured

Intelligent Automation for SOX Compliance

By on

July, 2020

- 2020 Blog, Blog, Featured

Many organizations include the assessment of fraud risk as a component of the overall SOX risk assessment and Compliance plays a vital role.

The word SOX comes from the names of Senator Paul Sarbanes and Representative Michael G. Oxley who wrote this bill in response to several high-profile corporate scandals like Enron, WorldCom, and Tyco in United Station. The United States Congress passed the Sarbanes Oxley Act in 2002 and established rules to protect the public from the corporates, doing any fraudulent or following invalid practices. Primary objective was to increase transparency in the financial reporting by corporations and initialize a formalized system of checks and balances. Implementing SOX security controls help to protect the company from data theft by insider threat and cyberattack. SOX act is applicable to all publicly traded companies in the United States as well as wholly owned subsidiaries and foreign companies that are publicly traded.

Compliance is essential for an organization to avoid malpractices in their day to day business operations, during these unprecedented times of challenge change such as what we are experiencing today. There are a lot of changes in the way we do business during the times of COVID. Workplaces have been replaced by home offices due to which there are challenges to enforce Compliance resulting in an increased risk of fraud.

Given the current COVID-19 situation while many employees are working from home or remote areas, there is an increased challenge of managing resources or time. Being relevant to the topic, on user provisioning, there are risks like, identification of unauthorized access to the system for individual users based on the roles or responsibility.

Most organization follow a defined process in user provisioning like, sending a user access request with relevant details including:


  • User name
  • User Type
  • Application
  • Roles
  • Obtaining line manager approval
  • Application owner approval

And so on, based on the policy requirement and finally the IT providing an access grant. Several organizations have been still following a manual process, thereby causing a security risk.

The traditional way of processing a user provisioning request, especially during the time of COVID-19 has become complicated. This is due to shortage of resources or lack of resource availability to resolve a task. Various reasons are:


  • Different time zone
  • No back-up resources
  • Change in business plan
  • Change in priority request

In such a situation automation plays an important role. Automation has helped in reduction of manual work, labor cost, dependency/ reliance of resource and time management. An automation process built with proper design, tools, and security reduces the risk of material misstatement, unauthorized access, fraudulent activity, and time management. Usage of ServiceNow has also helped in tracking and archiving of evidence (evidence repository) essential for Compliance. Effective Compliance results in better business performance.


Intelligent Automation for SOX Compliance can bring in significant benefits like agility, better quality and proactive Compliance. The below table provides further details on the IT general controls.

Example – User Access Management


Risk Control Manual Automation
Unauthorized users are granted access to applicable logical access layers. Key financial data / programs are intentionally or unintentionally modified. New and modified user access to the software is approved by authorized approval as per the company IT policy. All access is appropriately provisioned. Access to the system is provided manually by IT team based on the approval given as per the IT policy and roles and responsibility requested.

SOD (Segregation Of Duties) check is performed manually by Process Owner/ Application owners as per the IT Policy. 		Access to the system is provided automatically by use of auto-provisioning script designed as per the company IT policy.


BOT checks for SOD role conflict and provides the information to the Process Owner/Application owners as per the policy.

Once the approver rejects the approval request, no access is provided by BOT to the user in the system and audit logs are maintained for Compliance purpose.
Unauthorized users are granted privileged rights. Key financial data/programs are intentionally or unintentionally modified. Privileged access, including administrator accounts and superuser accounts, are appropriately restricted from accessing the software. Access to the system is provided manually by the IT team based on the given approval as per the IT policy.


Manual validation check and approval to be provided by Process Owner/ Application owners on restricted access to the system as per IT company policy. 		Access to the system is provided automatically by use of auto-provisioning script designed as per the company IT policy.

Once the approver rejects the approval request, no access is provided by BOT to the user in the system and audit logs are maintained for Compliance purpose.

BOT can limit the count and time restriction of access to the system based on the configuration.
Unauthorized users are granted access to applicable logical access layers. Key financial data/programs are intentionally or unintentionally modified. Access requests to the application are properly reviewed and authorized by management User Access reports need to be extracted manually for access review by use of tools or help of IT.

Review comments need to be provided to IT for de-provisioning of access. 		BOT can help the reviewer to extract the system generated report on the user.


BOT can help to compare active user listing with HR termination listing to identify terminated user.

BOT can be configured to de-provision access of user identified in the review report on unauthorized access.
Unauthorized users are granted access to applicable logical access layers if not timely removed. Terminated application user access rights are removed on a timely basis. System access is de-activated manually by IT team based on the approval provided as per the IT policy. System access can be deactivated by use of auto-provisioning script designed as per the company IT policy.

BOT can be configured to check the termination date of the user and de-active system access if SSO is enabled.

BOT can be configured to deactivate user access to the system based on approval.

The table provides a detailed comparison of the manual and automated approach. Automation can bring in 40-50% cost, reliability, and efficiency gains. The maturity model requires a three step process of standardization, tools adoption and process automation.


For more details or enquires, please write to marketing@relevancelab.com


0
2020 Blog, AIOps Blog, Blog, Featured

Infrastructure Automation using Terraform

By on

July, 2020

- 2020 Blog, AIOps Blog, Blog, Featured

With growing Cloud adoption and need for Intelligent Infrastructure Automation, larger enterprises are adopting Hybrid-Cloud solutions like Terraform. Creating reusable templates for provisioning of complex infrastructure setups in Cloud and Data Centers, Orchestrating Cloud management with self-service Portals and full lifecycle monitoring of the assets can provide a flexible, reusable and scalable enterprise cloud solutions.
Relevance Lab is a Hashicorp partner with multiple successful enterprise infrastructure automation implementations using Terraform covering AWS, Azure, VMWare and GCP with 5000+ nodes setups.


Solution Highlights:

  • Our solution allows you to rebuild stacks using automation completely. It is instrumental in provisioning newer environments with minimal code changes.
  • It has the built in ability to replicate stacks across multiple regions with minimal code changes.
  • Capability to add / remove new instances to components with few code changes.
  • Simple code structure. Any new infrastructure needs can be easily provisioned by modifying the variables.
  • Ability to modify instances such as Volumes, Instance Sizing, AMI changes, Security groups with minimal code changes.

Tools & Technologies:
Terraform from HashiCorp has emerged as the best Infrastructure automation tool. Terraform helps in building, changing and versioning of the infrastructure efficiently. Terraform is a declarative and, with the help of configuration files, we can describe the components to be built and managed across the entire datacenter.


Design Considerations:
Below mentioned are some of our design considerations based on standard practices in infrastructure automation. These structures have helped us gain flexibility and ease in scaling stacks based on demand.

  1. Code Repo Structure:

    2. Each AWS stack is a separated GITHUB Repo while Terraform modules are a shared repo.

    • It makes the code design structure very scalable to create newer AWS stacks in a different region or re-build stacks in case of a disaster or scale more resources based on traffic/load.
    • A separate repo helps in maintaining isolation as each stack would have varied footprints of the resources.
    • It helps in security and compliance as audits can be performed against a specific stack.

  2. Segmentation:

    3. The below design model is showing the Automation build-out for each AWS account. Each layer is well segmented and can be easily scaled based on the needs. Making any specific change to each of the layers is easier.


  3. Integration:

    4. Fully integrated with GITHUB for Continuous Integration and Continuous Deployment.

    • Each change is performed on a branch which is merged via a Pull Request.
    • Each Pull request is reviewed and verified and combined with the Master branch.
    • Infrastructure changes are thoroughly tested during the PLAN stage and then terraform APPLY.

  4. Code reusability:

    5. Modules provide an easy way to abstract, common blocks of configuration into reusable infrastructure elements.

    • Modules can help with this as they significantly reduce duplication, enable isolation, and enhance testability.

Benefits:

  • Provides the ability to spin up an entire environment in minutes.
  • It reduces time to rollout complex network and storage changes to less than a few minutes.
  • Infrastructure is managed as a code, and all changes are tested well; resulting in fewer outages because of infra configuration changes.
  • It is easy to operate and maintain because terraform uses a declarative language.
  • Infra is Idempotent, and a state-based desired system.

Conclusion:
Using design best practices of terraform, enterprises can quickly build and manage infrastructure, which is highly scalable and efficient. Further, this automation can be hooked to a Jenkins pipeline project for automated code pushes for infra changes which can be tied to a standard release and deployment process.


  • Leveraging Chef for configuration management and managing all the application software installation and configurations via Chef cookbooks and recipes.
  • Leveraging InSpec for auditing the properties of the AWS resources.

There are few other additions which could be introduced to this design to do a tight bonding between security and compliance policies and infrastructure as code. That may be achieved by integrating with Sentinel It helps in prevention of infra provisioning if there are deviations in the Infra code which do not adhere to the security policies. Sentinel helps us in building a fine-grained, condition-based policy framework.


For more details or enquires, please write to marketing@relevancelab.com


0
2020 Blog, Blog, Featured

Frictionless and Secure Automation with RLCatalyst and OKTA

By on

July, 2020

- 2020 Blog, Blog, Featured

RLCatalyst OKTA Integration  

Modern Identity and Access Management are foundational to building digital customer experiences. In the area of Intelligent Automation, it is a critical need to have a proper authentication & authorization system and audit trail for BOT led executions. As BOTs handle more workload and user interactions, there is a crucial need to have RLCatalyst BOTs integrated with enterprise IDAM platforms like OKTA using SAML 2.0. OKTA provides a modern platform for IDAM and further by using SAML 2.0 adapter RLCatalyst now supports more secure and flexible security for both UI and API based access to its automation functionality. Our solution provides frictionless integration between ServiceNow, OKTA, Windows AD, RLCatalyst BOTs Server hosted across Hybrid Cloud platforms.



SAML 2.0 is a widely accepted industry standard for user authentication. It separates authentication and authorization from the application and the system of record for users which in most organizations is Active Directory or any LDAP based system. SAML 2.0 standard defines two entities. The first entity is the Identity Provider (IdP) to which applications can request authentication for a user. The other entity is the application itself (Service Provider or SP). Using applications integrated to IdP using SAML 2.0, users in an organization only need to have one set of credentials to log in to any application. Therefore, administrators can centrally administer access to all applications.


RLCatalyst BOTs Server is an Intelligent Automation software that is in use with enterprises and supports single sign-on using the SAML 2.0 protocol. When a user tries to access the application, they will be redirected to the Identity Provider’s login screen. The IdP accepts the credentials and authenticates the user and then redirects the user back to the RLCatalyst (here the Service Provider or SP) with an Auth Token. The SP then provides access to the resource requested. In subsequent requests, the same auth token is passed by the user agent, and the SP validates the token against the IdP and then provides access to the resource.



Supporting the SAML 2.0 standard allows RLCatalyst to seamlessly work with multiple Identity Providers like Okta, Auth0, Ping Identity etc. It enables enterprises to integrate our automation platform seamlessly into their SSO roll-out plans, thus reinforcing their security and compliance.


For more information feel free to contact marketing@relevancelab.com


0
2020 Blog, command blog, Blog, Featured

Secure and Intelligent AWS Cloud Management with Control Tower

By on

June, 2020

- 2020 Blog, command blog, Blog, Featured

For Large Enterprise and SMBs with multiple AWS accounts, monitoring and managing multi-accounts is a huge challenge as these are managed across multiple teams running too few hundreds in some organizations.


AWS Control Tower helps Organizations set up, manage, monitor, and govern a secured multi-account using AWS best practices.



Benefits of AWS Control Tower:


  • Automate the setup of multiple AWS environments in few clicks with AWS best practices
  • Enforce governance and compliance using guardrails
  • Centralized logging and policy management
  • Simplified workflows for standardized account provisioning
  • Perform Security Audits using Identity & Access Management

Features of AWS Control Tower:


a) AWS Control Tower automates the setup of a new landing zone which includes,


  • Creating a multi-account environment using AWS Organizations
  • Identity management using AWS Single Sign-On (SSO) default directory
  • Federated access to accounts using AWS SSO
    • Centralized logging from AWS CloudTrail, and AWS Config stored in Amazon S3
  • Enable cross-account security audits using AWS IAM and AWS SSO

b) Account Factory


  • This helps to automate the provisioning of new accounts in the organization.
  • A configurable account template that helps to standardize the provisioning of new accounts with pre-approved account configurations.

c) Guardrails


  • Pre-bundled governance rules for security, operations, and compliance which can be applied to Organization Units or a specific group of accounts.
  • Preventive Guardrails – Prevent policy violations through enforcement. Implemented using AWS CloudFormation and Service Control Policies
  • Detective Guardrails – Detect policy violations and alert in the dashboard using AWS Config rules

d) 3 types of Guidance (Applied on Guardrails)


  • Mandatory Guardrails – Always Enforced. Enabled by default on landing zone creation.
  • Strongly recommended Guardrails – Enforce best practices for wel-architected, multi-account environments. Not enabled by default on landing zone creation.
  • Elective guardrails – To track actions that are restricted. Not enabled by default on landing zone creation.

e) Dashboard


  • Gives complete visibility of the AWS Environment
  • Can view the number of OUs (Organization Units) and accounts provisioned
  • Guardrails enabled
  • Check the list of non-compliant resources based on guardrails enabled.

Steps to setup AWS CT:


Setting up a Control Tower on a new account is relatively simpler when compared to setting it up on an existing account. Once Control Tower is set up, the landing zone should have the following.


  • 2 Organizational Units
  • 3 accounts, a master account and isolated accounts for log archive and security audit
  • 20 preventive guardrails to enforce policies
  • 2 detective guardrails to detect config violations


The next step is to create a new Organizational unit and then create a new account using the account factory and map it to the OU that was created. Once this is done, you can start setting up your resources and any non-compliance starts reflecting in the Noncompliant resources’ dashboard. In addition to this, any deviation to the standard AWS best practices would be reflected in the dashboard.


Conclusion:


With many of the organizations opting for and using AWS cloud services, AWS Control Tower with the centralized management service offers the simplest way to set up and govern multiple AWS accounts securely through beneficial features and established best practices. Provisioning new AWS accounts are as simple as clicking a few buttons while agreeing to the organization’s requirements and policies. Relevance Lab can help your organization to build AWS Control Tower and migrate your existing accounts to Control Tower. For a demo of Control Tower usage in your organization click here. For more details please reach out to marketing@relevancelab.com


0
2020 Blog, ServiceOne, Blog, Featured

ServiceNow DevOps

By on

June, 2020

- 2020 Blog, ServiceOne, Blog, Featured

Using GIT configuration management integration in Application Development to achieve higher velocity and quality when releasing value-added features and products


ServiceNow offers a fantastic platform for developing applications. All infrastructure, security, application management and scaling etc.is taken up by ServiceNow and the application developers can concentrate on their core competencies within their application domain. However, several challenges are faced by companies that are trying to develop applications on ServiceNow and distribute them to multiple customers. In this article, we take a look at some of the challenges and solutions to those challenges.



A typical ServiceNow customization or application is distributed with several of the following elements:


  • Update Sets
  • Template changes
  • Data Migration
  • Role creation
  • Script changes

Distribution of an application is typically done via an Update Set which captures all the delta changes on top of a wel-known baseline. This base-line could be the base version of a specific ServiceNow release (like Orlando or Madrid) plus a specific patch level for that release. To understand the intricacies of distributing an application we have to first understand the concept of a Global application versus a scoped application.


Typically only applications developed by ServiceNow are in the global scope. However before the Application Scoping feature was released, custom applications also resided in the global scope. This means that other applications can read the application data, make API requests, and change the configuration records.


Scoped applications, which are now the default, are uniquely identified along with their associated artifacts with a namespace identifier. No other application can access the data, configuration records, or the API unless specifically allowed by the application administrator.


While distributing applications, it is easy to do so using update sets if the application has a private scope since there are no challenges with global data dependencies.


The second challenge is with customizations done after distributing an application. There are two possible scenarios.


  • An application release has been distributed (let’s call it 1.0).
  • Customer-1 needs customization in the application (say a blue button is to be added in Form-1). Now customer 1 has 1.0 + Blue Button change.
  • Customer-2 needs different customization (say a red button is to be added in Form-1)
  • The application developer has also done some other changes in the application and plans to release the 2.0 version of the application.

Problem-1: If application 2.0 is released and Customer-1 upgrades to that release, they lose the blue-button changes. They have to redo the blue-button change and retest.



Problem-2: If the developer accepts blue button changes into the application and releases 2.0 with blue button changes, when Customer-2 upgrades to 2.0, they have a conflict of their red button change with the blue-button change.



These two problems can be solved by using versioning control using Git. When the application developers want to accept blue button changes into 2.0 release they can use the Git merge feature to merge the commit of Blue button changes from customer-1 repo into their own repo.


When customer-2 needs to upgrade to 2.0 version they use the Stash feature of Git to store their red button changes prior to the upgrade. After the upgrade, they can apply the stashed changes to get the red button changes back into their instance.


The ServiceNow source control integration allows application developers to integrate with a GIT repository to save and manage multiple versions of an application from a non-production instance.


Using the best practices of DevOps and Version Control with Git it is much easier to deliver software applications to multiple customers while dealing with the complexities of customized versions. To know more about ServiceNow application best practices and DevOps feel free to contact: marketing@relevancelab.com


0
2020 Blog, Blog

Solving Scalability Challenges in Distributed Cloud Network and connectivity

By on

June, 2020

- 2020 Blog, Blog

The industry has witnessed a remarkable evolution in Cloud, Virtualization, and Networking over the last decade. From a futuristic perspective, enterprises should structure the cloud including account creation, management of cloud; and provide VPC (Virtual Private Cloud) scalability and optimize network connectivity model for clouds.


Relevance Lab focuses on optimizing network connectivity model using AWS VPC and services. We are one of the premium partners of AWS and with our extensive experiense in cloud engineering including Account Management, AWS VPC and Services, VPC peering and On-premises connectivity. In this blog, we wil cover a more significant aspect of connectivity.


As an initial step, we help our customers optimize account management, including policies, billing, structuring the accounts and automate account and policy creations with pre-built templates. Thereby we help leverage AWS Control tower and landing zone.


Distributed Cloud Network and Scalability Challenges


As the AWS cloud Infrastructure and applications are distributed across the globe including North America, South America, Europe, China, Asia Pacific, South Africa, and the Middle East, it brings in much-anticipated scalability issues. Hense, we bring in the best practices while designing the cloud network, including:


  • Allocate VPC networks for each region; make sure this does not overlap with On-premises and across VPC peering.
  • Subnet sizes are permanent and cannot change, leave ample room for future growth.
  • Create EC2 instance growth chart considering your Organization, Customer, and partner’s requirements and their Global distribution. Forecast for the next few years.
  • Adapt to the Route scalability supported by AWS

AWS Backbone provides you private connectivity to AWS services, and hense no traffic leaves the backbone, and it avoids the need to set up NAT gateway to connect to the services from On-premises. This brings in enhanced security and cost-effectiveness.


Amazon S3 and DynamoDB services are the services supported behind Gateway Endpoint, and these are freely available to provision.


VPC Peering is the simplest and secure way to connect between two VPCs, and one VPC cannot transit the traffic for other VPCs. The number of peering requirements is very high among the enterprises due to these design challenges, and it grows as the VPC scales. hense, we suggest the VPC peering connectivity model if the number of VPC’s are limited to 10.


On-premises connectivity models for cloud – Our Approach


The traditional connectivity model which connects site-to-site VPN between VGW (Virtual Private Gateway) and Customer gateway provides lesser bandwidth, less elastic and cannot scale.


A direct connect gateway may be used to aggregate VPC’s across geographies. Relevance Labs recommends introducing a transit gateway between VGW and Direct Connect Gateway. This provides a hub and spoke design for connecting VPCs and on-premises datacentre or enterprise offices. TGW can aggregate thousands of VPCs within a region, and it can work across AWS accounts. If VPCs across multiple geographies are to be connected, TGW can be placed for each region. This option allows you to connect between the on-premises Data Center and up to three TGWs spanning across regions; each of them can aggregate thousands of VPCs.



This model allows connecting to the colocation facility between VPC & Customer Data Center and provides bandwidth up to 40 Gig through link aggregation.


Relevance Lab is evaluating the latest features and helping the Global Customers to migrate to this distributed cloud model which can provide high Scalability and bandwidth along with cost optimization and security.


For more information feel free to contact marketing@relevancelab.com


0
2020 Blog, Blog, Featured

Implementing office social distancing policies – Solutions for New Normal

By on

June, 2020

- 2020 Blog, Blog, Featured

Office Social Distancing Compliance in the New Normal


With the ongoing coronavirus pandemic, businesses around the globe are adjusting their work practices to the new normal. One of the critical requirements is the practice of social distancing with employees being asked to mostly work from home and limit their visits to the office. To comply with newly issued corporate (and even government) guidelines around social distancing, offices around the world are faced with the need to monitor, control, and restrict the number of employees attending office premises on a given day. The thresholds are typically defined as a percentage of maximum office space/floor capacity to ensure sufficient room for social distancing.


Office Attendance Control System


In response to the above client needs, an Office Attendance Control System has been implemented which provides capabilities for request/approval workflows for employees with multi-level approvals, monitoring and reporting dashboards for employee attendance, attendance thresholds, and compliance. Employees can raise requests for self or a group of team members and also multiple date ranges. The system is implemented as a responsive web application and with the email used as the tool to approve/reject requests.


The solution is implemented as a scalable and cloud-based solution that can be deployed rapidly for companies with a local or global presense with offices around the world.


Sample Architecture



Conclusion


The coronavirus has altered “what is normal” (and perhaps permanently in a few cases) which requires companies & solution providers to implement innovative solutions to function effectively under the new circumstances. Relevance Lab’s implementation of “Office Attendance Control Solution” helps companies with global offices to effectively implement social distancing practices in the office environment.


Please reach out to us if interested so that we can help meet your critical business needs.


About Relevance Lab


Relevance Lab is a platform-enabled new-age IT services company driving friction out of IT and Business Operations.


Relevance Lab works with re-usable technology assets & proven expertise in the area of DevOps, Cloud, Automation, Service Delivery and Supply Chain Analytics that help global organizations achieve frictionless business by transforming their traditional infrastructure, applications, and data. In the changing landscape of technologies and consumer preferences, Relevance Lab enables global organizations to


  • Adopt “asset lite” growth models by leveraging cloud (IAAS, PAAS, SAAS)
  • Shift CAPEX to OPEX
  • Automate to improve efficiency and reduce costs
  • Build an end-to-end ecosystem connecting digital products to backend ERP platforms
  • Use agile analytics (our spectra platform) to provide real-time business insights and improve customer experiences

Relevance Lab has invested in a unique IP-based DevOps Automation platform called RL Catalyst. Enterprises can leverage RL Catalyst Command Center and BOTs Engine with existing 100+ BOTS for managing IT Operations, ensuring Business Service Availability through Monitoring, Diagnostics, and Auto-Remediation. Leveraging its critical partnerships with ServiceNow, Chef, Hashicorp, Oracle Cloud, AWS, Azure, GCP, etc., the unique combination of Relevance Lab Platforms and Services offers a hybrid value proposition to large enterprises and technology companies. Our specialization helps the adoption of Cloud Computing, Digital Solutions, and Big Data Analytics to remove friction, increase business velocity, and achieve scale at lower annual budget spends for clients.


Incorporated in 2011 and headquartered in the USA, Relevance Lab has 450+ specialized professionals spread across its offices in India, USA and Canada.


Listed among “Best Companies to Work for in 2019” – Silicon India magazine, May 2019


Listed among “20 most promising DevOps companies in 2019” – CIOReviewIndia magazine, May 2019


0
2020 Blog, Blog, Featured

Intelligent Automation For User And Workspace Onboarding

By on

May, 2020

- 2020 Blog, Blog, Featured

Using ServiceNow, AWS and RLCatalyst to create a 1-Click model


AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures. AWS Service Catalog allows you to manage commonly deployed IT services centrally. It helps you achieve consistent governance and meet your compliance requirements while enabling users to implement only the approved IT services they need quickly.


Working closely with AWS and ServiceNow partnership teams, we have created an integrated solution for enterprises to enable Frictionless User Onboarding and Offboarding in these challenging times of COVID-19. The solution brings together the following building blocks.


Automation:


  • Auto-notification from HR systems for new Employee Onboarding or Offboarding or with Self Service Portals
  • Workflow Automation in ServiceNow for user-driven or event generated request handling and auto-workflow trigger
  • Cloud automation with appropriate compliance and policy checks
  • Orchestration dealing with multiple enterprise systems adapters, complex workflows with integrated approval management based on company policies
  • Hyper-Automation using a “Service Bus” Model with BOTs across Cloud and Datacenter workloads of Systems and Apps. These cover End User Computing devices (desktops) & Servers with a combination of Windows and Linux workloads.

Integration Service Bus:


  • Integration with Taleo or Workday HR systems that manage the People Management workflows
  • Integration with Organization Identify and Access Management Tools (Active Directory, SSO, IDAM)
  • Integration with existing ITSM Tools, CMDB/Asset Management and Self Service Portals
  • Integration with Cloud Infrastructure and Hybrid setups with appropriate policy controls with cost & governance management
  • Integration with Automated Vulnerability and Patch management lifecycle for all Dynamic Assets

Intelligent Compliance:


  • Existing SOX processes for assets and resource access controls and compliance.
  • Software Asset Management (SAM) controls as appropriate for the organization (Dynamic Systems and Software CMDB updates).

The following diagram explains the end to end orchestration.



In the sample flow simulated both single-user and bulk user onboarding is supported with an automated multi-stage process that covers Service request creation, AD User provisioning, AWS Workspace provisioning, and notification to end-user post provisioning.


Using RLCatalyst Intelligent automation product the entire solution can be downloaded by customers from a marketplace and enabled in their environments. It is pre-bundled for deployment inside a secure customer environment and includes:


  • A ServiceNow plug-in
  • An RL BOTs server deployment
  • AWS Service Catalog integration and BOTs server deployment inside a secure environment of the customer.

For more information feel free to contact marketing@relevancelab.com


0
2020 Blog, Blog, Featured

Touchless Interactions, Invisible Workforce and Virtual Assets!

By on

May, 2020

- 2020 Blog, Blog, Featured

Does this sound like your new operating guidelines?


Rapid changes are happening in the current situation as companies adapt to the new normal and modify their internal processes, people and technology. It is essential to understand the drivers behind this change, to make a smooth transition.



For a customer to start the journey towards this “Virtual IT” driven Frictionless Enterprise the following approach should help:


Step-1: Do a quick assessment on all internal IT interactions to understand the transition from High-Touch models to Touch-Less modes. Using a web/mobile- based self-service portal with a standard catalog of Asset + Service Requests is a good starting point. The Fulfilment of such requests by Automated BOTs helps improve overal experiense.


Step-2: With the workforce becoming distributed and using all infrastructure and applications remotely requires a solid assessment of Identity & Access Management architecture. There is a fine balance between flexibility and security vulnerability. Also all remote assets need to have a mature Security, Patch Management & Vulnerability management framework. Having a real-time view on access control and security incidents with modern Security Incident management handling SOP is key.


Step-3: Removing dependense of Physical assets and adoption of Virtual assets especially in Cloud can give a quick jump-start. It is critical to have a dynamic Asset Management and CMDB to get a view on real-time hardware & software assets. Automating User Onboarding and Application Provisioning and similarly deboarding are key to respond with agility without compromizing on Governance. The adoption of software driven operations support, virtual assets and proactive SecOps will help deal with the need for speed and security at lower costs.


We are actively changing our internal operations and also helping our customers in faster adoption of the platforms to move towards the same. Our ServiceOne platform, combined with our “touchless” implementation model, helps make this transition in less than four weeks and can jump-start the change. ServiceOne removes friction by adding value to your existing ITSM tool implementation. Or if you don’t have an application, no problem; ServiceOne comes with a de-facto bundled solution for a frictionless, turnkey solution.



There are the immediate benefits to this approach and is powered by the adoption of established Cloud platforms, matured software and stable best practices.



For more information feel free to contact marketing@relevancelab.com

0
2020 Blog, Analytics, command blog, Blog, Featured

Intelligent Automation – Workflow Monitoring for Data Pipelines

By on

April, 2020

- 2020 Blog, Analytics, command blog, Blog, Featured

Automation with simple scripts is relatively easy, but complexity creeps in to solve real-world production-grade solutions. A compelling use case was shared with us by our large Financial Asset management customer. They deal with this customer who provides a large number of properties & financial data feeds with multiple data formats coming in different frequencies ranging from daily, weekly, monthly and ad-hoc. The customer business model is driven based on Data processing on these feeds and creating “data-pipelines” for ingestion, cleansing, aggregation, analysis, and decisions from their Enterprise Data Lake.


The current Eco-System of customer comprises multiple ETL Jobs, which connects to various internal, external systems and converts into a Data Lake for further data processing. The complexity was enormous as the volume of data was high and lead to high chances of failures and indeed required continuous human interventions and monitoring of these jobs. Support teams receive a notification through emails when a job is only completed successfully or on failure. Thus, the legacy system makes job monitoring and exception handling quite tricky. The following simple pictorial representation explains a typical daily Data Pipeline and associated challenges:



The legacy solution has multiple custom scripts implemented in Shell, Python, Powershell that would make a call to Azure Data Factory via an API call to run a pipeline. Each independent task had its complexities, and there was a lack of an end to end view with real-time monitoring and error diagnostics.


A new workflow model was developed using the RLCatalyst workflow monitoring component, (using YAML definitions) and the existing customer scripts were converted to RLCatalyst BOTs using a simple migration designer. Once loaded into RLCatalyst Command Centre, the solution provides a real-time and historical view with notifications to support teams for anomaly situations and ability to take auto-remediation steps based on configured rules.


We deployed the entire solution in just three weeks in the customer’s Azure environment along with migrating the existing scripts.



RLCatalyst Workflow Monitoring provides a simple and effective solution much different from the standard RPA tools. RPA deals with more End-User Processing workflows while RLCatalyst Workflow Monitoring is more relevant for Machine Data Processing Workflows and Jobs.


For more information feel free to contact marketing@relevancelab.com


0
PREVIOUS POSTSPage 2 of 3NEXT POSTS