All posts from Anthony Critelli

Troubleshooting TLS Session Re-Use and Mutual Authentication in HAProxy

We take data protection seriously at Datto, which is why we’ve been increasingly using mutual TLS authentication to secure communications between components in our application stack. Our use of Hashicorp Vault has accelerated this security pattern, as Vault makes it easy to deploy and manage multiple CAs. Recently, we saw an increase in TLS-related errors for one of our mutually-authenticated application endpoints. In this article, I’ll walk you through how we debugged and resolved this problem. I’ll also take you on a deep dive into reproducing this issue, and I’ll hopefully teach you some fun OpenSSL commands along the way.

Automated OS Qualification with Ansible

Upgrading thousands of servers is challenging and filled with uncertainty. This article describes how we leveraged Ansible to build automation that increases confidence in our upgrade process.

Automating Vault and Consul Template Management

Configuring and managing Vault isn't too difficult, but integrating it with our existing configuration management tools provided a unique challenge. We wanted to ensure that we could continue using Puppet, our config management tool of choice, to automatically handle the day-to-day operations of our new Vault deployment.