No prizes for guessing that at Tines we rely heavily on automation to power our DevSecOps program. The Tines platform is not only at the heart of our internal security, IT and CI/CD programs, we also use it to manage customer trials. This includes automated droplet creation and destruction in Digital Ocean, automating Hubspot actions for contact and lead tracking, and even automated creation of DNS records.
In this post we describe some of the DevSecOps design decisions we’ve made and why Tines is a great platform if you need to automate your own complex processes.
Automation is a crucial component of DevSecOps. As you can see from the above diagram, we automate interaction with the following services to support Tines trials:
- Digital Ocean: used to host trial infrastructure including DNS.
- Hubspot: Tracks trial creation and allows us mange trial life cycle.
- Sendgrid: Sends welcome email to trial user and updates Tines support if something goes wrong.
Automating Digital Ocean Droplet Creation
All customer tenants, including Tines trials, are single-tenant and have their own dedicated infrastructure. We use Digital Ocean as our primary infrastructure provider. Additionally, to interact with the Digital Ocean API we use HTTP Request agents.
To speed-up the provisioning of trial tenants, Tines maintains a pool of pre-configured droplets labelled “trial-pending”. When a trial is requested (middle flow in the above diagram), Tines receives the request via a Webhook agent. After deduplicating the request, Tines takes a trial-pending droplet from the pool and begins to configure it based on the requesting user’s details (we use a simple deployment script for this). When no trial-pending droplets are available, an Event Transformation agent delays the flow while a droplet is built.
As part of the configuration process, Tines removes the “trial-pending” label and applies a “trial” label. Tines receives the deployment result via another Webhook agent (left hand side of the diagram), once the deployment is complete. Additionally, a new “trial-pending” droplet is created and added to the pool.
The deployment script sends the details to Tines via a Webhook agent (right hand side of the diagram) when it has completed. Tines uses the Digital Ocean API again to apply a label and create a new DNS entry for the droplet. Finally, Tines powers off the droplet while we wait for a new trial request.
Once Tines has completed trial deployment, we use a HTTP Request Agent and the Hubspot API to check if the contact already exists. If it does, we associate the new trial to the contact. If the contact is new, we add their details to Hubspot and then associate them to the new trial.
We use SendGrid to send transactional emails such as the welcome email we send when a trial is ready for the requester (sample below).
Additionally, if something goes wrong, for example, there’s no trial-pending droplets available, Tines support are notified using an Email agent.
For a detailed walkthrough of this story, talk to us here.
This is an updated walkthrough of how we manage Tines trials as part of our DevSecOps program. The original version is available here.
Sign up for our newsletter!
The Tines security automation platform helps the world's leading security teams automate any manual task.
Making them more effective and efficient.