Pôle Emploi Logo
Industry: Public Sector
Location: France
Download Full Story

Pôle Emploi adopts Configuration as Code for speed and efficiency

Highlights

  • 6,000+ servers patched in less than a week – 60% faster.
  • 30% faster response times to patch requests.
  • One tool for managing multiple Linux distributions.
  • Accelerates patching across a large and diverse Linux landscape.
  • Simplifies management of software repositories.
  • Drives greater consistency and standardization in server configuration.

Products

Introducing Pôle Emploi

Formed in 2008 from the merger of two existing French government agencies, Pôle Emploi provides support for returning to work and financial compensation for job seekers. Employing 55,000 officers, Pôle Emploi provides a preferred point of contact for employment information and assistance.

At-a-Glance

With a growing estate of more than 6,000 instances of Linux to manage, Pôle Emploi realized that its existing homegrown configuration management tools would soon be overwhelmed. By adopting SUSE Manager as its strategic tool for managing server configurations, OS repositories, patches and security updates, the organization has enhanced its ability to operate its large and heterogenous server landscape in an efficient and highly standardized manner. The SUSE solution is also helping Pôle Emploi to adopt a Configuration as Code approach, in which server configuration can be largely automated and standardized for higher speed and improved consistency.

The journey to Configuration as Code

Whenever two organizations merge, there are inevitably challenges and complexities to manage in the IT infrastructure and the application architecture. When French government labor agencies ANPE and ASSEDIC came together to form Pôle Emploi, the new combined IT team began a long process of consolidation and rationalization.

An early task in the process, the team needed to select a standard Linux operating system; Pôle Emploi chose SUSE Linux Enterprise Server (SLES), in part for SUSE’s ability to support the transition from legacy NetWare environments to Linux (through the Open Enterprise Server product) and in part because of existing successful deployments of SLES.

Sébastien Gravil, head of the Operating Systems and Tools division at Pôle Emploi, says: “It made sense to select SLES as our strategic Linux platform. Naturally, we also have some other Linux distributions in place, notably Oracle Linux to support our Oracle Database platforms. We were managing approximately 6,000 Linux instances in total using a large set of customized scripts owned and managed by multiple teams. Although we had good visibility and control over the environment, we felt that this approach was not sustainable as the number of servers grew and as our philosophy changed.”

Seeking a best-practice approach

The landscape of Linux at Pôle Emploi is extremely broad, covering everything from third-party solutions, such as SAP and SAS, to in-house application frontends and mission-critical databases (each of which had its own specific OS configuration requirements for optimal performance, reliability and security).

“As we were scaling up the Linux landscape, we wanted to introduce the concept of Configuration as Code, whereby server configuration is formalized, documented and standardized across the organization, so that it can be automatically deployed and audited,” says Gravil. “The scripts developed in-house “With SUSE Manager we have really simplified the management of software repositories, which is a big positive.” Sébastien Gravil Operating Systems and Tools Pôle Emploi worked fine. In fact, we continue to use them as we evolve, particularly for older environments that will be transitioned to more modern platforms. However, the scripts were highly customized by each team, making it very difficult to share the competence within the organization. We wanted an approach that would enable us to define best practices and break down these monolithic configurations so that any engineer could easily understand any system.”

Without shared best practices and a single, consistent way to manage configurations, Pôle Emploi faced risks every time it changed a script, since this could create unpredictable errors. In the past, the application landscape had been largely static. However, new business imperatives meant that it needed to become much more dynamic and better connected with the outside world. This also implied the need to enhance the speed of patching — both to ensure high reliability and availability across large numbers of servers and to avoid potential security issues.

“With SUSE Manager we have really simplified the management of software repositories, which is a big positive.”

Selecting SUSE Manager

Identifying SUSE Manager as the solution to increase security and consistency, Pôle Emploi worked with SUSE on a proof-ofconcept (POC) exercise.

SUSE Manager supports multiple Linux distributions, including SLES, Red Hat Enterprise Linux, Oracle Linux and Ubuntu. It also delivers full-lifecycle management (develop, test and production), as well as: remote installation, cloud orchestration, automatic updates, custom configuration, compliance and security audits. The SUSE Manager POC not only demonstrated Pôle Emploi’s needed features, but it also proved capable of replacing the company’s most complex, custom configuration scripts.

“Choosing SUSE Manager gave us the immediate benefit of well-defined best practices and documentation around server configuration and updates,” says Gravil. “In addition, having a more standardized solution makes it easier to maintain operational readiness across large numbers of servers, precisely because we can roll out the same known good configuration across the entire estate. Our confidence in choosing SUSE was certainly justified, and we now have a very close working relationship with their technical support teams. This benefits both organizations, because we get easy access to their technical expertise, while they get the benefits of learning from our practical experience with their products.”

Greater speed in OS patching

New Pôle Emploi team members who had experience with Configuration as Code accelerated the internal adoption of SUSE Manager. Today, there are three main use cases for the SUSE solution at Pôle Emploi: the management of operating system repositories; the maintenance of systems in a state of operational readiness (through patching and security updates); and the management of server configurations.

“SUSE Manager simplifies the management of software repositories, allowing us to automate and simplify configuration changes, which is a big positive,” says Gravil.

SUSE Manager has also enabled Pôle Emploi to improve patching efficiency and speed.

Gravil says: “In general terms, server patching is much faster today. Our speed of response is significantly better than before, whether that’s for regular scheduled patches or urgent ad hoc security issues. As a result — and this is taking into account a number of rules and constraints around our mission-critical platforms — we can now patch the entire estate of more than 6,000 servers in less than one week with SUSE Manager. Before, when we were also constrained by technology issues, that would have taken at least three weeks.”

He adds: “We don’t have exact metrics, but it’s very clear that we can respond much faster and more efficiently to patch requests. I would estimate that our speed of response is up by at least 30% across the board.”

Consistent, auditable processes

With SUSE Manager in place, Pôle Emploi is steadily standardizing the configuration processes across its large and diverse Linux landscape. Previously, configuration management was handled in different ways by different teams, using their own preferred tools and approaches. While this could be highly effective within each team or service, it meant a potential lack of clarity for other teams. Knowledge about each environment rested with a small group of people, creating a risk for the organization if experienced team members moved position. Today, with SUSE Manager, Pôle Emploi applies best-practice standard configurations to Linux servers depending on their proposed usage.

Gravil says: “In addition to standardized configurations, SUSE Manager gives us a much clearer view across the estate when it comes to responding to inquiries from our security teams. Using the built-in OpenSCAP auditing tool in SUSE Manager to cross-reference with the data held by the security teams, we can quickly identify potential vulnerabilities. With its ability to improve our visibility into the security of our infrastructure, SUSE Manager is becoming a key element in our reference architecture.”

SUSE Manager also offers built-in functionality for integrating with third-party tools such as Microsoft Active Directory. Pôle Emploi has taken advantage of this integration to strengthen security by ensuring that only authorized users have access to sensitive platforms.

What’s next for Pôle Emploi?

One of the next steps for Pôle Emploi will be to standardize its Linux operating systems wherever possible on the same build of SLES. When this is done and processes are standardized, it will be much faster, easier and less risky for the team to apply patches across the entire estate.

As Pôle Emploi continues to work toward its vision of Configuration as Code, the organization will introduce significantly more automation and accompanying best practices. This will include automated patching, a topic on which the organization is working closely with SUSE technical support teams.

“While we continue optimizing what we already have in place, we are also looking at new functions in SUSE Manager, such as auto-patching and remediation, as well as the automated creation of configuration templates,” says Gravil. “We value SUSE’s consistent support and we know that SUSE also gains from working with our internal experts: we encounter real-world issues with the software, which helps SUSE to make enhancements to the product. In this way, it’s a genuine win-win relationship.”

Pôle Emploi also plans to expose some SUSE Manager functionality directly to users through APIs, meaning application owners will be able to consume new services without the infrastructure team getting involved.

Gravil concludes: “SUSE Manager is becoming a vital tool for us in gathering and sharing information about our infrastructure, and it also has the potential to extend control over certain services beyond the infrastructure team. Naturally, that will also require some cultural changes, but in general the solution is helping us to share capabilities so that we can respond faster to new challenges.”