![beyondcorp open source beyondcorp open source](https://cloud.google.com/beyondcorp-enterprise/images/access-protection-flow.png)
![beyondcorp open source beyondcorp open source](https://aster.cloud/wp-content/uploads/2021/12/codeflare-335x186.jpeg)
Both configuration and trust decisions are keyed off of inventory information. Furthermore, we monitor various status attributes of our fleet which allows us to detect issues before they spread widely.ĭevice management depends on the quality of device data. Rollouts to the client fleet usually follow multiple stages and random canarying, similar to common practices with service management. At Google, we have automated test labs which allow us to test changes before we deploy them to the fleet. This way, we aim to guarantee user satisfaction and security simultaneously.įleet testing, monitoring, and phased rolloutsĪpplying changes at scale to a large heterogeneous fleet can be challenging. Depending on the type of exception, they may either be managed self-service by the user, require approval from appropriate parties, or affect the trust level of the affected device. This way policy owners and device owners can manage sensible defaults or per-device overrides in the same system, allowing audits of settings and exceptions.
![beyondcorp open source beyondcorp open source](https://i2.wp.com/www.tfir.io/wp-content/uploads/2021/03/trace-3157426_1920.jpg)
In combination, this allows us to easily scale infrastructure and management horizontally as described in more detail and with examples in one of our BeyondCorp whitepapers, Fleet Management at Scale.Īll device management policies are stored in centralized systems which allow settings to be applied both at the fleet and the individual device level. The same system is used for distributing configuration settings and management tools, which enforce policies on client systems using the open-source configuration management system Puppet, running in standalone mode.
BEYONDCORP OPEN SOURCE SOFTWARE
Software for all platforms is provided by repositories which verify the integrity of software packages before making them available to users. The focus is on operating system agnostic server and client solutions, where possible, to avoid duplication of effort. By using and developing open-source software and integrating it with internal solutions, we reach a level of flexibility that allows us to manage fleets at scale without sacrificing customizability for our users. We scale the engineering teams who manage these devices by relying on reviewable, repeatable, and automated backend processes and minimizing GUI-based configuration tools. Google manages a fleet of several hundred thousand client devices (workstations, laptops, mobile devices) for employees who are spread across the world. Where possible, our platforms use native OS capabilities to protect against malicious software, and we extend those capabilities across our platforms with custom and commercial tooling. This allows us to determine divergence from the expected state and verify whether it is an anomaly. Independently, we observe the state of our hardware and software. We use automated configuration management systems to continuously enforce our security and compliance policies. To uphold this defensive position at scale, we centrally manage and measure various qualities of our devices, covering all layers of the platform