Typical DevOps handles code deploys in a single direction: from Dev to PROD, from lower environments to higher environments, and for this there are many well known solutions like Jenkins, Terraform, Octopus. But in the opposite direction the situation is not so good.
Yes, in many companies there are home-grown processes to copy databases from higher environments to the lower ones (with hiding/removing sensitive data) to reproduce problems, found on PROD. However, in complex scenarios an access to PROD is needed to find the root cause. Developers need at least logs. And in the Enterprise world it's all depend on the level of
paranoya how sensitie the information is.
In the worst-case developers have no access to PROD at all (even temporary and audited), and they are told rumors (lol) about what happens there. As an option, there might be a Teams of Webex meeting with 20+ participants with screen sharing, and a developer has at least a chance to tell where to click. Needless to say, such meetings are very ineffective.
With a better luck developers can obtain a temporary access to production using different tools. One example could be CA PAM, but such solutions (with any type of Remove Desktop Access) have significant drawbacks and they typically provide all-or-nothing access.Potentially, they can ruin the production while typically to investigate a problem they need just read-only access, and there is no such thing as "read-only access" in Remote Desktop. Even for databases, where there is an explicit read-only role, there is a problem:
Because of what you see in a second like, when working with production you have copy/paste functionality disabled in Citrix or RDP session, and this is making your work a real nightmare.For example, if you have a useful query which is used to show you some technical data, you can't copy/paste it into production, because copy/paste is disabled completely.
The mission of the project is to create a safe access method to the higher environments, combining easy friendly interface and interactivity with the full audit of all operations and controlled manner of what users can do and what they can't.
What is already done
The project is fully functional and is used in a company where I currently employed. This is a project site is here I will not repeat what you can find there, I just wanted to highlight few moments.
Project is open source. Powershell is used to develop modules, and server itself works on Windows server, even there are no hard dependencies on Windows. Even Powershell can be used on *nix, but any other *nix scripting language can be used as well. But we expect a help form community to port it to *nix smoothly.
The development is very easy and fun - like making something from LEGO. Like in Jenkins, initially server is 'blank' - in Jenkins you start from creating yout own jobs, in Bell you write you own modules, or download the existing modules and adjust them to specifics of your environment. The following modules are ready:
MSSQL - SQL server - statistics, metrics, logs
WMI - shows LUNs, free space, status of Windows services
VMware - inventories and statistics from VMware servers (data from Postgre)
FileBrowse - allows developers to read log, txt, xml, config files on Windows servers
PerfMon - reads Perfmon stats on Windows servers and plots charts
EventLog - displays Event Log
Postgres - everything for Postgres database
MySQL - everything for MySQL
AWS - displays status of EC2 and RDS instances and allows to browse files on S3 buckets
What we plan to do
Modules: one of the participants of this project is MSSQL DBA. This is why Postgres, MySQL and AWS modules have more limited functionality - I just tried to copy what I've done for MSSQL, when applicable. If you are Postgre, MySQL (and compatible) or AWS guru you will probably have a lot to add. oracle module is also wanted.
Server: Frontend is written on vue.js v2, backend on Node.js. may be it makes sense to update the stack.
Linux: to use any other shell, not only ps1.
UI: further improvement
Zoom In/Out for Charts
Live Charts (auto-updated every few seconds)
Actions (not read-only operations) - forms to enter parameters.
We are waiting for the others to join this project!
Contact me or my colleague @Writer4