Talen energy

by | Mar 15, 2023 | Success cases

Talen Energy

Interview with Thomas Novotney, senior computer systems analyst at Susquehanna Nuclear in Berwick, Pennsylvania, which is owned by Talen Energy.

About Talen Energy.

Talen Energy is one of the largest competitive power generation and infrastructure companies in North America. Susquehanna Steam Electric Station (SSES) generates clean, reliable, safe, and affordable energy to power homes, businesses, hospitals, and schools, driving regional economies. The plant has two boiling water reactors capable of generating ~2,500 MW of power, enough to power 2M homes.

1. How did you hear about GLPI?

Thomas Novotney: “I first heard about GLPI when I was searching for an inventory database for equipment at the company I was working for at the time. They wanted to have a way to show depreciation of all their equipment. So we were using a lot of the features that allowed us to calculate the pricing and depreciation value and then submit it for insurance purposes. It was probably five, six years ago. I was searching the internet and “open source” was probably a keyword – looking to see what tools were available to get the job done.”.

2. How do you use GLPI and how it helped you with the bussiness?

Thomas Novotney: “GLPI is an essential tool if you want to find out information about a device or – as we call them “CDAs” (Critical Digital Assets) –  that are in our plant. Basically, if you need to find out if a certain piece of software is on them or if you need to just know where it’s located, we have all that information in GLPI. They just go to that as their resource to pull it up and find out. 

One of the biggest things we did was (specifically since it is in the program), you have the ability to see everything that is rack mounted. 

However, some things are in panels, some things are in cabinets, some things are on tables. So right away we realized that we still wanted to have a graphical representation. When you click on racks not everything’s going to be a rack mounted device and we wanted to keep that workflow consistent for us. 

We created a plugin which allows us to use SVGs as a valid graphical representation in place of the rack display. In cases where you upload a SVG as a document and relate it to the rack, the plugin automatically uses the SVG representation which utilizes the other features within GLPI, like being able to click, add the device and relate it to the racks. When you have a rack, you get the visual representation you normally get, but again, we don’t always have it like that. 

Now we can load up an SVG and then just click on the area of the SVG that would take you to the device for further information.

You probably see the color changing in the background too. We have two nuclear reactor units here on site, they’re color-coded, to help people make sure they’re looking at the correct unit.”. 

3. How do you manage cyber security using GLPI?

Thomas Novotney: “Part of the requirements for our cyber security program and the NRC is to maintain baselines so we can prove that when we go out and have to interact with a device that we can prove that it hasn’t been changed from the previous time, we’re using the XML as a way to prove that. For the most part, it was easy to get into GLPI development. Online documentation was very easy to get a hold of, and the framework is pretty straightforward. 

We have over 3000 digital assets. In addition to that, our Vulnerabilities plugin downloads from NVD (National Vulnerability Database) the CVEs and we have all of that in our GLPI system. There’s over 200,000 CVEs in the system that then get associated with all of the 3000 assets nightly. We have a process that matches them up based on how we have implemented it and makes sure there’s no new ones or changes.

The biggest things are for cyber requirements. We have to maintain a master software list, which GLPI natively does right out of the box with ease, and the inventory plugin just allows us without human error to enter that information into it. 

The fact that we could download GLPI on Linux distribution and get it running on premises is a big thing too, because it can have additional isolation and protection that the NRC and our regulations require. ”.

4. Which is your favourite thing about GLPI?

Thomas Novotney : “GLPI is extremely flexible. Even with the language files and everything else, it is easy to change things up and make things easier for people to understand, even something as simple as language, it helps big time!” .

 

                   How can you try GLPI? 

 

If you have not tried GLPI yet, you can start a free 45 day trial on GLPI Network Cloud (no credit card needed!): https://glpi-network.cloud/ 

If you want to download GLPI on-premise and need assistance, our partners-integrators can support you (you will need to have a valid GLPI Network Subscription). 

 

 

Please, fill in the form and we will contact you:

GO TO FORM

GLPI 9.5.x will be discontinued

by | Feb 27, 2023 | News

Dear GLPI Community!

We would like to announce that official support for GLPI 9.5.x will be discontinued on 30.06.2023. Starting from the 1st of July 2023 (3 years after the first launch of this version) we will have to say goodbye –  there will be no new releases 9.5.x.

It is mandatory to migrate to GLPI 10.0.x in order to be covered by official support. 

How-to MIGRATE:

—OPTION 1: You can do the migration via official partners-integrators (if you have a valid GLPI Network Subscription); or

—OPTION 2: If you choose GLPI Network Cloud, we offer a free data migration from on-premise for everyone.

We ask you to communicate the upcoming changes to your customers and finish migrations before 30.06.2023. 

Thank you! 

New Formcreator 2.13.4 is available!

by | Jan 25, 2023 | News

This version is compatible with GLPI 10.0.

Upgrade from 2.13.0 or later

A database sanity check is done before running the upgrade. If the tables of the plugin have a difference with the expected schema the upgrade will fail with a message similar to the following:

The database schema is not consistent with the installed Formcreator 2.13.0. 
To see the logs enable the plugin and run the command bin/console glpi:database:check_schema_integrity -p formcreator

It is required to fix the database, using the diff produced by the CLI command given in the message. Once done, try again to upgrade.

ℹ️ If you know what you are doing you may bypass the sanity check from CLI with the following command.

bin/console glpi:plugin:install formcreator -f -p skip-db-check

Bug Fixes

  • handle undefined setting for service catalog homepage (411ae3597)
  • typo in french locale (f61ded17a)
  • abstractitiltarget: multiple tag questions set but not displayed in designer (90f2a95d8)
  • checkboxesfield,multiselectfield: default value not displayed (8f36ab726)
  • composite: ignore link to non existing ticket (8502d4b16)
  • condition: allow longer texts (eecdf8a2a)
  • condition: display of tested question shows wrong item (5d34da8b4)
  • condition: width of question dropdown (ce0389efd)
  • dropdownfield: empty SQL IN statement when restricted tickets rights (5c5244a85)
  • form: image upload handling in header field (5dc66a5ef)
  • formanswer: default search filter hides legit access (2dc9f8e3f)
  • formanswer: malformed search option (5339b7912)
  • formanswer: missing newline between sections of fullform tag (61122bc93)
  • formanswer: temporary disable debug mode (e9e8da484)
  • formanswer, textfield, textareafield: escaping (3e0666d4d)
  • glpiselectfield: cannot set empty value by default for entity question (fe2130bbe)
  • glpiselectfield: restore entity restriction for users (e525b3a82)
  • helpdesk: better handling of users that can’t see tickets (a93f03126)
  • install: add empty schema for new version (817a9ec7e)
  • install: resync not needed in upgrade to 2.13.4 (d66a12017)
  • install: typo in method name (eac5d77ac)
  • issue: follow entity change on ticket transfer (434bd3572)
  • issues: Tooltip consistency with core (c45d21550)
  • question: subtype plural and appliance in bad group (1f780370a)
  • tagfield: php warning (cc4b673a8)
  • targetticket: allow more itemtypes to associated elements (#3155) (cee504c24)
  • textfield: useless HTML entity encode (c3d03b51e)

Features

  • drop support for GLPI 10.1 (a99a8bcb2)
  • dropdownfield: always show ticket id (0190adac9)
  • issue: access tickets from service catalog (a6b4f19d0)
  • question: add support for database sub itemtype (45126012d)
  • wizard: selectable home page in service catalog (95103fe54)

Check the changelog and download

GLPI news and work in progress (Fall 2022). 

by | Nov 15, 2022 | News

The presentation is hosted by Alexandre Delaunay, in charge of the GLPI development team and the product owner for GLPI. 

In this video he talks about roadmap and some features development team wants in GLPI for the next major version. Here is the transcription:  

“To keep the presentation short, we will discuss only about: 

Major topics 

Or very graphical ones 

And I would like to insist on the fact that there is no promises of time regarding the delivery.  

We will try our best to add the features, but in function of how the year will go, some will be OK, others not.  

  1. Assets genericity. 

Now, we have in our marketplace 2 plugins to address generic adds: 

– Genericobject 

– Fields 

We want to add the possibility to let you customize each type of objects displayed in the Assets menu (at first). 

The first part of that is to let you define your types. 

We will provide a list of predefined types matching the current assets list and let you add new ones if you want. Like servers in addition to desktop or laptop computers. Or to do something completely different from IT management, e.g: cars, desks, etc. 

Some of the current types will still be not removable like Software, Rack, Cable, Cartridge and Consumable. The reason is their behavior, or their presentation differs from other assets. 

You will still be able to disable these if you want but deletion will be impossible. 

So, GENERICITY covers the creation of new asset types. 

  1. Assets composition 

In addition, on the same setup page, you will be able to define which capacity an asset type use. 

E.g. contracts, management, etc., COMPOSITION of an asset type, with some checkboxes to select capacities. 

This permits you to remove or add tabs to the object. 

Or if an object can be inventoried by an agent.

  1. GLPI Agent 

Let us talk a little about features related to the GLPI inventory agent. 

Remote inventory reminder. 

Before talking about roadmap, let us do a quick reminder about remote inventory feature 

This is a task you can set up for an agent to let it query other computers on your network to construct an inventory file for each. 

The single agent will aggregate all inventory files and send them in one pass to the inventory API of GLPI. 

So, the main purpose is to have only one deployed agent. 

We use SSH and WinRM protocols to achieve that.  

GLPI Agent – Roadmap (1/2). 

The first point we want to improve is to ease the inventory process of your network. 

We currently have two tasks: 

– discover which “ping” addresses in an IP range 

– network inventory, which takes the result of the discovery to do a full SNMP inventory for network equipment and printers. 

We will change the process, by: 

– adding remote inventory of COMPUTERS 

– and let discovery task directly doing a FULL inventory if it knows the type of the remote device. A SNMP query for network equipment, SSH or WinRm queries for computers. 

With one unified task and one setup, we aim to let you discover all your network devices. 

The two last bullet points describe things required by unified discovery. The new toolbox UI will receive forms: 

– to plan tasks for the agent. 

– to save credentials, like SNMP community, login password couple for Windows domain or public key for a SSH connection. In summary, any information to let the agent connect to a remote device. 

GLPI Agent – Roadmap (2/2) 

We thought about rewriting a large part of the agents, and we shortlisted Golang for that. 

The fact the agent is written with the language PERL. 

Recently, finding developers comfortable with this language has been hard. 

We will try a prototype within the year to measure our capacity to switch to this new language. 

We plan also to enforce exchange between agents and backend by adding authentication and registration flows. This will be recommended but you will be able to do simple exchanges if you prefer. 

And we still need to redo all forms to drive remotely the agent in GLPI UI. 

This is still planned. 

  1. GLPI  

Let us talk a bit about features related to the GLPI web application. 

High-level API (1/2) 

Firstly, we will add a new API, again. 

We observe that, despite the old one permits more usage, due to its low-level connection with the framework, it is hard to maintain its stability and avoid regression. 

We maintain an interface to address depreciation for this previous API, but it is getting harder and harder to do. 

So, a new API connected to a higher level with stabilized endpoints and parameters. 

And we took advantage to add some comfort features: 

– we have a dedicated UI based on Swagger UI to ease discovering and testing endpoints and their parameters 

– we also use RSQL, a common Query language for filtering API. 

High-level API (2/2) 

For the second slide, you can see in action a GET request to list users in GLPI database. 

  1. DCIM 

 We want to extend the datacenter features in the next version. Mainly about adding graphical views. 

DCIM – Network equipment’s panels 

 The first and the simpler one is graphical panel for network ports list in equipment forms. 

We will take the front and rear pictures defined in the model of the equipment and display them above the ports list. 

The user will get information about each port directly on the picture panel by hovering them. 

A single click on a port will scroll the page to the good line to get more information. 

In the model setup, you will have a new tab to draw each port’s position. 

DCIM – Graphical enclosures (1/2) 

In the same way, slots of an enclosure can be drawn and indexed to indicate to GLPI where sub items can be placed. 

DCIM – Graphical enclosures (2/2) 

On a rack view where an enclosure is inserted, instead of a single blank rectangle, slots will be displayed and usual controls available, like hovering or clicking to get more information. 

DCIM – Graphical connections 

Finally, for DCIM part, we will try to add some representation for network or power connections. 

The goal is to get links between equipment. 

This is early to talk about this, we have short specifications for this, and it requires more research to find a library, for example. 

Keep in mind the current screenshot does not represent any existing development. 

  1. Misc 

Workflows – Processes 

We have a functional prototype for this. 

A new view to let GLPI administrator’s set up their business processes. 

With steps, transitions, conditions and actions, a full toolkit to describe a full workflow. 

This aims to replace legacy rules. 

And for a start, it will be available for assistance objects like tickets or change. 

Nutanix inventory import 

 Another development currently in alpha is the connector to Nutanix API to get: 

– Clusters 

– Hosts 

– Virtual machines 

– Disks 

The module parses the distant API and sends them to the native inventory API of GLPI. 

The merger with existing devices is done with the rule engine as usual. 

SCIM 

 Another connector, GLPI will serve a SCIM endpoint for your Microsoft Azure instance. 

This protocol pushes changes of users from the directory to connected application. 

So instead of synchronizing the whole user’s database and matching everyone, any change in the directory will be immediately pushed to GLPI. 

  1. Security 

Now, a security feature, two factors authentication! 

Administrators can enforce users’ logins in the security setup to ask them to register an external application like Google Authenticator or Authy. 

Security – 2 factors (2/2) 

After a successful login, a new field will appear asking users to paste a pin code from the authentication application. 

Security – Oauth Server 

We will add an Oauth server to GLPI for 2 purposes: 

– connect applications to GLPI to delegate the login feature and identity management 

– secure our several API like inventory one or the general purpose one. 

Security – misc 

– Vulnerabilities management 

– Scanners integration (vuls, tsunamin) 

– CVE matching 

Some various points: 

In the management menu, a new entry to list vulnerabilities. 

The goal is, with the help of external scanners, like vuls or tsnunamin, as well as some API to get CVE and match them to known software’s to see if a host has some security vulnerabilities. 

Some dashboard cards and alerts will also be added to enhance reporting about this subject. 

Technical changes 

– Web root for the application will be `/public` 

– continue work on twig (removing legacy echo) 

– removal of legacy auto escaping 

– modularization of critical features 

– e-charts lib for dashboards 

Last slide to tell you we continue to improve the core of GLPI. 

The most impactful for you will be the move of the web root of the application. 

Now, it will be a sub-folder named /public. 

Thereby, all other sub-folders (like files for example) will not be available on the web when the webserver is not well set up. 

The next point is legacy codebase we need to clean. 

And to finish, we moved to a new charting library called e-charts. 

It is simpler to use on our side and you appreciate the new colors and its interactivity. 

Timeline? 

– Currently, finish stabilize 10.0 version 

– End of 2023, beta of next major version 

We are still working on bugfixing the 10 version. This last brought substantial changes, especially on the assistance part. 

But we aim to work on the incoming yearly results fully on the latest version. 

New GLPI version 10.0.4

by | Nov 3, 2022 | News

A new GLPI version is available.

This release fixes several security issues that has been recently discovered. Update is recommended!

You can download the GLPI 10.0.4 archive on GitHub.
We also provide a security release for 9.5 branch : GLPI 9.5.10 archive

You will find below the list of security issues fixed in this bugfixes version:

  • Blind SSRF in RSS feeds and planning (CVE-2022-39276)
  • Stored XSS in user information (CVE-2022-39372)
  • Stored XSS in entity name (CVE-2022-39373)
  • Improper input validation on emails links (CVE-2022-39376)
  • Improper access to debug panel (CVE-2022-39370)
  • User’s session persist after permanently deleting his account (CVE-2022-39234)
  • Stored XSS on login page (CVE-2022-39262)
  • XSS in external links (CVE-2022-39277)
  • XSS through public RSS feed (CVE-2022-39375)
  • SQL Injection on REST API (CVE-2022-39323)
  • Stored XSS through asset inventory (CVE-2022-39371)

Also, here is a short list of main changes done in this version:

  • Increase significantly dashboards performance
  • Several bugs on images pasting
  • Fixed and improved inventory locks management
  • Display of printer cartridges
  • Display and hide actors tooltips in tickets
  • Improve display of headers above forms
  • Move breakpoints on responsive displays
  • Inventory API is now disabled by default
  • Dedicated rights has been added for inventory

The full changelog is available for more details.

We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!

Regards.