Skip to content

About

Enterprise Service Hub (ESH) is a specialized application that is designed to empower end-users or business units to request and manage their infrastructure resources in a totally self-sufficient manner. This alleviates the burden on DevOps and Cloud teams who might otherwise be overwhelmed with deployment requests.

ESH offers an intuitive and secure interface that enables authorized users to seamlessly request, provision, and oversee infrastructure resources with ease. It simplifies the process by concealing complexities and automatically configuring options based on the user's team affiliation. This user-centric approach ensures that individuals from diverse backgrounds can effortlessly acquire the necessary resources independently.

Additionally, ESH incorporates built-in approval mechanisms, particularly for Templates that demand closer scrutiny before deployment, such as AWS accounts. This ensures that critical resources undergo appropriate review and authorization, maintaining the highest levels of security and compliance. The approval process also extends to cost management. Administrators have the capability to establish cost thresholds that, when exceeded, trigger a requirement for further approval. Comprehensive cost details, inclusive of traffic costs, are presented before deployment. This allows authorized personnel to make informed decisions regarding resource sizing and cost implications before any expenses are incurred.

Infrastructure and application Templates are created once by your development teams and then published to end user teams, with granular control over who can access which Templates. The Templates undergo security scanning at both creation and deployment time to ensure your organizations policies are adhered to.

Thanks to its robust set of APIs, ESH seamlessly integrates with various DevOps automation initiatives. It offers a structured organizational framework centered on Tenants, comprehends users' team affiliations, designates the Target environments they can deploy to, and grants access to specific Templates.

Furthermore, the API extends the capability to initiate resource deployments on behalf of teams while maintaining team autonomy to manage these resources through the ESH console after deployment. This flexibility enhances collaboration and streamlines resource management within your organization's DevOps processes.

Key Concepts

Here are some key points regarding ESH and its benefits:

  1. User Empowerment: ESH gives users more control and autonomy over their infrastructure needs. They can request and manage resources without having to rely on DevOps professionals for every deployment, which reduces bottlenecks and accelerates time-to-market.

  2. Standardization: ESH enforces standardization and best practices within an organization. Users can select predefined Templates or configurations, ensuring that Deployments are in line with company policies and compliance requirements.

  3. Security: When a Template is loaded into ESH, it is automatically scanned in order to provide security posture feedback to the Template developer. In addition, when a Template is deployed, the Deployment plan is scanned using Open Policy Agent (OPA) to ensure it complies with the organizations policies. Deployments that do not pass policy checks are directed to a reviewer who can deny or approve the request based on the contents of the OPA report.

  4. Resource Optimization: By enabling users to request resources as needed, ESH empowers organizations to streamline resource utilization effectively. Resources are allocated or de-allocated automatically in response to user requests, ensuring that organizations pay solely for the resources they actively utilize. This dynamic resource management approach optimizes cost efficiency and resource allocation within the organization.

  5. Streamlined Workflow: ESH provides a user-friendly interface with guided workflows, making it easy for users to specify Deployment parameters and requirements without in-depth technical knowledge.

  6. Automation: With a strong API, ESH integrates with Infrastructure as Code (IaC) tools and CI/CD pipelines to automate the provisioning process. This reduces the manual effort required from DevOps teams.

  7. Resource Governance: ESH includes access controls and approvals to ensure that resource requests align with the organization's policies and budget constraints. See section on Roles Based Access Controls (RBAC) for more details.

  8. Self-Service Catalog: A self-service portal offers a catalog of available resources and services, making it easier for users to select the right options for their needs.

  9. Cost Transparency: ESH provides users with insights into the cost of the resources they request, helping them make informed decisions and promoting cost-effective resource usage. See Cost Reporting and Approvals

In summary, ESH is valuable in that it improves the efficiency of resource provisioning and management, reducing the workload on DevOps and Cloud teams, and empowers end-users to take more control over their infrastructure needs. It's particularly beneficial in organizations that want to strike a balance between agility and governance while leveraging Infrastructure as Code (IaC) and cloud technologies.

Roles Base Access Control (RBAC)

One of the key pillars of an enterprise ready self-service solution is robust Role-Based Access Control (RBAC). ESH ticks that box, robust and flexible RBAC regulates access to resources based on roles assigned to users or groups within an organization. In the context of ESH, strong RBAC is paramount for several reasons:

  1. Security and Compliance: RBAC is fundamental to ensuring security and compliance within an organization. It allows administrators to define who has access to what resources, which helps prevent unauthorized access, data breaches, and ensures adherence to regulatory requirements.

  2. Finely Grained Access Control: Strong RBAC in self-service system enables finely grained access controls. This means that access permissions can be tailored to the specific needs of individual users or groups. For instance, not all users require the same level of access, and RBAC allows for granular control over what actions and resources each user can manage.

  3. Least Privilege Principle: RBAC aligns with the principle of least privilege, which is essential for reducing the potential impact of security breaches. Users are granted the minimum level of access necessary to perform their job, reducing the risk of accidental or intentional misuse of resources.

  4. Resource Governance: ESH has a wide range of resources available for provisioning. RBAC allows administrators to restrict access to sensitive or costly resources to only those users or teams that truly require them. This ensures effective resource governance and cost control.

  5. Self-Service Portal Customization: Strong RBAC enables the customization of the self-service portal based on user roles. Different user groups may have access to different aspects of the portal, which streamlines the user experience and simplifies resource requests.

  6. Audit and Accountability: RBAC allows organizations to track who accessed which resources, when, and for what purpose. This audit trail is crucial for accountability, compliance reporting, and security incident investigations. See Auditing for more information.

In summary, strong Role-Based Access Control is an integral component of a self-service platform. It enhances security, facilitates finely grained user access controls, and ensures that access to resources is aligned with an organization's security policies and compliance requirements. With RBAC in place, organizations can strike a balance between granting autonomy to users through self-service while maintaining a high level of control and security.