Streamlining and Securing Package Management At Paessler AG
Paessler AG, based in Nuremberg, Germany, is an IT monitoring vendor whose software products are used globally by more than 300,000 IT administrators in companies of all sizes and from all vertical industries. PRTG Network Monitor, its flagship product, monitors all systems, devices, traffic, and applications in organizations’ IT, OT and IoT infrastructures, so they can detect and fix problems quickly.
Paessler used an internally maintained stack made up of popular open source tools for artifact package management, including Nexus Repository as package proxy, Harbor as a proxy for DockerHub, as well as certain features of GitLab, like the container registry.
The company wanted to tighten security and package management on its build and development processes, centralize and scale package management, and consolidate its package management systems.
The ultimate goal: To ensure the fast and continuous improvement of its products, which its customers rely upon to monitor its networks, and to boost the security and release processes of its software development lifecycle.
Paessler replaced its heterogeneous open source tools stack for package management with JFrog Artifactory, JFrog Xray and JFrog Mission Control — all installed on premises — thus simplifying, centralizing and optimizing critical parts of its CI/CD infrastructure. Paessler’s stored package types include Docker, NPM, C++ and Python. They’re distributed to its customers using AWS as the distribution mechanism.
Today, Paessler’s build systems access Artifactory to make sure dependencies are coming from a trusted source during build time. Paessler actively publishes packets against Artifactory, and also uses it as a proxy for remote repositories. In addition, Paessler’s CI/CD pipeline relies heavily on Artifactory for pulling dependencies. The company also provides container images via Artifactory.
As a result, Paessler has seen significant improvements in the security and speed of its Software Distribution cycle, and in the productivity of its developers.
Specifically, Paessler is now able to find and fix vulnerable software components much faster with Xray, a software composition analysis (SCA) tool for detecting vulnerabilities and license compliance issues in open source software.
Plus, thanks to its use of Artifactory for remote repositories and caching functionality, the CI/CD cycle runs much faster, allowing it to release software to production more quickly and frequently.
Finally, by consolidating on JFrog tools, developers have a single, intuitive, integrated and consistent user experience for package management, instead of having to jump among several different systems, each with its own interface. This has increased the productivity of its developers and streamlined their build and development workflow.
In addition to getting all the features and functionality it was looking for from JFrog, Paessler found its JFrog investment to have the best price-performance ratio of all the products it evaluated, and the easiest and simplest licensing model. During the deployment, JFrog always communicated clearly and promptly with Paessler, making the rollout smooth and on target.
“Over 300,000 users around the world rely on PRTG to monitor vital parts of their different-sized networks. Therefore, it is our obligation to develop and enhance not only our software itself but also the security and release processes around it. JFrog helps us do this in the most efficient manner.” — Konstantin Wolff, Infrastructure Engineer, Paessler AG