Introducing: Chef Automate Cluster

We are very excited to introduce Chef Automate Cluster, a new offering that is generally available to Chef customers. Chef Automate Cluster is a set of High Availability, Scale-Out Performance and Disaster Recovery capabilities for Chef Automate. It also includes the Chef Server API, so that customers may simplify their Chef Infrastructure. Chef Automate Cluster is provided exclusively as a Professional Services offering that includes installation, an ongoing maintenance plan, and much more.

What is it?

Designed for Chef customers running more than 10,000 nodes and/or those with demanding SLAs, we are offering a new services-based solution:

  • Chef Professional Services will install and validate a Chef Automate cluster in your private data center or preferred cloud.
  • Additionally, Chef will provide in-person operator training as well as systems documentation (diagrams, runbooks).
  • If the plan is purchased for more than one installation, Disaster Recovery (DR) configuration will be implemented to your RTO/RPO requirements.
  • Systems documentation of each install will be incorporated into your support account records, providing our support engineers full context and enabling full 24x7x365 supportability of your cluster should any incident arise.
  • The maintenance plan also includes both regular check-in calls with a Chef Automate clustering specialist, as well as a yearly on-site system tune-up visit.

Who is it for?

High Availability is for customers who need to minimize downtime by utilizing redundant systems which can take over in case of a failure or maintenance. Chef Infra has become a critical component in many of our customers’ infrastructure, requiring high levels of availability and integrity. The Chef and Habitat Depot APIs serve as a control-plane for system and application deployment tasks. Chef Automate becomes a critical audit trail system for Chef Compliance scans. 

We’ve gained a deep understanding of the challenges that Enterprise IT groups face when deploying and maintaining Chef Server and Chef Automate in HA and scaled-out topologies, particularly around our back-end datastores; Elasticsearch and PostgreSQL. 

The best installation and maintenance experience 

We believe that the surest path to high availability and reliability at scale starts with a professional hands-on installation by an expert who has been trained in the maintenance and operations of Chef Automate, Elasticsearch and PostgreSQL. Installation is more than simply installing and configuring the packages. It also covers cluster validation (load & failover testing), backup and monitoring validation.

The most important time for a Chef Automate Cluster begins on “Day 2” of its lifecycle.  This is why we believe that including operations training, system documentation, and disaster recovery integration is critical for the success of your team. To reinforce that knowledge we provide a monthly Operations Review meeting and a yearly Cluster Tune-up.

Secure by default

During the Chef Automate Cluster installation process, we ensure that all API and data services are restricted to mutual-TLS authentication and transport encryption. Therefore, all data in transit (client-server and intra-cluster) is protected with strong encryption. If your organization also requires protection of data at-rest, we can integrate with full-disk encryption solutions at install time.

For Elasticsearch, we have integrated the security extensions from Open Distro for Elasticsearch – particularly the encrypted transport and clustering, authentication and role-based access control features.

Interested in learning more? Talk to your Chef account team or for more information or if you’re ready to get started with Chef Automate Cluster.

Irving Popovetsky

Irving leads the Customer Engineering team at Chef