Scribd
Upload
48 views

ZQ410 Unit 5 Transcript: Setting Up Server Security, Approvals, and Quality Gates

Uploaded by

Vhikram Lakshmi Narasimhan
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
48 views

ZQ410 Unit 5 Transcript: Setting Up Server Security, Approvals, and Quality Gates

Uploaded by

Vhikram Lakshmi Narasimhan
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 36

ZQ410 Unit 5 Transcript

Slide 1

Setting up server security, approvals,


and quality gates

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

IBM UrbanCode Deploy uses a flexible team-based and role-based security model that maps to
your organizational structure. In this unit, you learn how to define and configure roles, set up
approvals and notifications, and use quality statuses and gates.

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 2

Objectives
▪ Describe the significance of a system team
▪ Create authorization realms, user groups, and teams
▪ Create and define roles and permissions
▪ Set up notifications and approvals
▪ Implement statuses and gates to ensure testing quality

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 3

Topics
• Configuring server security
• Setting up notifications
• Setting up an approval process
• Implementing statuses and gates to improve quality

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 4

The security system for the server consists of an authentication realm,


authorization realm, roles, and teams

Steps for setting up security

Create an Create an Create roles Create or Create teams


Assign objects
authorization authentication and define import users and assign
to teams
realm realm permissions and groups users

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

From a high level, the security system for the server consists of an authorization realm,
authentication realm, roles, and teams.

The authentication realm verifies the identity of the user or system that is trying to log on to the
IBM UrbanCode Deploy server.

The authorization realm manages user groups. Roles manage permissions. Teams bring together
users with roles and specify which objects the team can access.

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 5

You can access the security system from any of these links on the Settings tab

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

You access the security features from the Settings tab.

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 6

Authorization realms manage user groups

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

Authorization realms verify the identity of a user or system attempting to login. There are three
available types for the server, internal storage authorization, an LDAP authorization realm, and an
SSO authorization realm:
• Internal storage authorization: Does not retrieve users from any external source. Instead,
you add users to internal storage authorization realms manually.
• LDAP authorization realm (Lightweight Directory Access Protocol): LDAP is a widely
used protocol for accessing distributed directory information over IP networks. It uses an
external LDAP server for authorization.
• SSO authorization realm (single sign-on): Uses an external server for authorization and
allows a user to sign on with one set of credentials for multiple applications.

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 7

An authentication realm is a source of information about users

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

Authentication realms manage users and determine user identity within authorization realms for
the server. Users can be created manually or imported from external systems, such as LDAP.

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 8

A role is a set of permissions

Role

Objects

Permissions

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

Permissions define what can be done; roles define who can do it. Separate permissions are
available for each type of object on the server, including components, applications, and
environments.

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 9

Groups identify users with the same role

Group name

Group members

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

Groups are containers that grant permissions to multiple users; members automatically share a
group's permissions.

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 10

Keep the roles simple but ensure sufficiency for performing work

Role Object and Permissions


• Resources (create, edit, view)
• Application (create, edit, manage, snapshots, run component process)
Configurator • Environment (create, edit, execute, view)
• Component (create, edit, manage versions, view

• Resources (view)
Release • Application (view, manage snapshots, run component applications)
Engineer • Environment (view, execute)
• Component (view)

• Resources (view)
• Application (view)
Approver • Environment (view, execute)
• Component (view)

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

When defining the roles for your team, start by keeping the roles simple, but make them sufficient
to perform the appropriate work.

10

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 11

Groups grant permissions to multiple users

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

You can grant a group of users the same role and permissions by dragging the group to the role.

11

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 12

Users are granted permissions by being assigned to teams

Any users who are assigned to the


Developer role will have the
permissions associated with this role

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

You can also assign individuals to teams to give them the proper permissions.

Teams provide two important functions:


• First, a team provides the mechanism to assign roles to users. When a user is assigned a
role, all permissions that are granted to the role are automatically granted to the user, but
only for objects that the team has access to.
• Second, teams secure objects such as applications, components, and environments. When
a team is attached to an object, only team members with the appropriate permissions can
interact with the affected resource.

12

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 13

Restrict permissions by assigning teams to objects

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

You can assign an object, such as an application, to a team in the Team Object Mappings
section.

13

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 14

Security reports provide information about user roles and privileges

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

Security reports track information about roles and permissions. The application security report
shows the user roles and permissions that are set for applications.

14

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 15

Topics
• Configuring server security
• Setting up notifications
• Setting up an approval process
• Implementing statuses and gates to improve quality

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

15

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 16

Notifications can be sent when user-defined trigger events occur

Process failed!

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

Notifications are emails that are sent whenever user-defined trigger events on the server occur,
such as when a deployment finishes or an approval is required.

16

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 17

IBM UrbanCode Deploy requires an external SMTP mail server to send


notifications

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

Before you can send notifications, users must have e-mail addresses attached to them on the
server; email addresses are not automatically imported.

17

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 18

Notifications are sent to appropriate parties based on scheme

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

To set up notifications, display the Notifications pane: click Settings > Notification Schemes.

18

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 19

Notifications include triggering events and roles

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

When you set up the notification, you determine which users receive notification by selecting both
the triggering events and the role. The role is inherited from the security system.

19

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 20

Notifications are sent to appropriate parties based on scheme

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

You can assign notification schemes to applications and environments at creation or in the
Configuration tab.

20

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 21

Topics
• Configuring server security
• Setting up notifications
• Setting up an approval process
• Implementing statuses and gates to improve quality

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

21

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 22

Approvals provide more visibility into deployments for audit trails

Steps for setting up approvals

Select Verify Enable


Identify the Define the
notification appropriate approvals on
approval approval
schema for approvers in an
roles process
application role environment

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

An approval specifies the job that needs approval and the role of the approver. The main tasks for
setting up an approval process include selecting the notification scheme, enabling approvals on
an environment, and defining the approval process.

22

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 23

An approval process specifies the job that needs approval and the role of the
approver

Select approver and


Select to require notification type
approvals

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

To ensure that components cannot be deployed to the environment without first being approved,
select the require Approvals check box. This option enforces an approval process before the
deployment can be deployed to the environment. Approvals are usually attached to
environments.

23

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 24

When a request for approval is made, the users with the corresponding role are
notified through email

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

The approver can approve or reject a deployment, as well as provide comments to the decision.

24

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 25

The Deployment Details report tracks approval status

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

You can see the status of the approvals by clicking Reports > Deployment Details.

25

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 26

Topics
• Configuring server security
• Setting up notifications
• Setting up an approval process
• Implementing environment gates to improve quality

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

26

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 27

Gates specify the conditions that must be met for deployment

DEV SIT QA UAT PROD

Quality Verified
Ready for Testing
Deployment Ready
Necessary Bug Fix

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

An environment gate is a requirement that must be met before component versions can be
deployed to an environment. A version status adds a tag to a version to indicate that it has met
those requirements and can be deployed to the environment.

27

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 28

Using statuses and gates requires initial configuration

Steps for setting up and using gates

Select
Create Configure Add step in Check status
components
version environment component in Versions
with “latest
statuses gates process tab
with status”

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

When you set up gates, you first need to create the version statuses and configure the
environment gates. Then, you add a step in the component process to check the version status.
When you select the components for your deployment, choose “latest with status” prior to
deployment. This deploys only those versions that have met the appropriate status.

28

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 29

Version statuses identify when component versions meet criteria

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

On the statuses tab, a table displays the currently configured version statuses. When you create
a status, you can set the required role field as a specific role to restrict the ability to assign a
status to a version.

29

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 30

Environment gates check the version tags on component versions

Choose an environment
that requires gates, and
add conditions.

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

After you have your statuses configured, you can set up the application gates on your
environments. This is done from the application’s Configuration tab.

For each environment, you can set version statuses that the version must have before it can be
deployed to that environment. In this example, only versions that have the status “Ready for
Testing” are allowed to be deployed to the UAT environment.

30

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 31

Statuses can be added to versions automatically from component processes

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

You can add statuses to versions in component processes using the “Add Status to Version” step
in the IBM UrbanCode Deploy Versions plugin.

31

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 32

Adding version statuses to component versions becomes part of the process

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

Now the component process includes adding a version status.

32

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 33

Version statuses are tracked in each component

Shows when a
status was added

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

In order to view a version status, navigate to the component containing the version and then to
component’s versions tab. Click into the version. You’ll see a table containing the version’s
statuses and will be able to add or remove statuses from this interface.

33

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 34

Select the latest components with a status

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

When you select components for deployment, select “latest with status” to view the components
that have passed the gate.

34

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 35

Unit summary
• The security system for the server consists of an authentication realm, authorization
realm, roles, and teams
• Permissions define what can be done, not who can do it; roles define who can do it
• Users are granted permissions by being assigned to teams
• Notifications are emails that are sent whenever user-defined trigger events on the server
occur
• Approvals provide more visibility into deployments for audit trails
• An environment gate is a requirement that must be met before component versions can
be deployed to an environment
• Version statuses identify when component versions meet criteria

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

35

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
ZQ410 Unit 5 Transcript

Slide 36

Exercises: Setting up server security


• Create a new user and role
• Create a team
• Associate the team to the existing application and environments
• Log in as a developer

Unit 5: Setting up server security, approvals, and quality gates © Copyright IBM Corporation 2017

36

© Copyright IBM Corporation 2017


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

You might also like