5 Tips For Optimizing Duo Cloud Operations
"Correct application of any new technique or method by itself is hard enough, but applying it in the context of other methods and techniques introduces some twists that need to be managed."
Cloud operations is a critical component to "keep the lights on" for any deployment, this also applies to software-as-a-service (SaaS) solutions. As a service owner, you might apply IT Service Management (ITSM) frameworks such as Information Technology Infrastructure Library (ITIL) to ensure compliance with regulations and controls. This would encompass change management, continuity management, availability management and configuration management for solutions deployed in the enterprise.
In this post, we will explore five tips for optimizing Duo Cloud Operations and apply the correct application to the context of service management
1. Inactive User Expiration
Capacity management for your licenses is important to manage costs for the company. If you are using directory sync to provision and deprovision users from Duo that would be the ideal source of truth as users are added and removed automatically on each sync. In cases where CSV imports are used, inactive users who are not deleted from the trash are still consuming licenses. Consider pre-setting a fixed number of days of inactivity after which users will be deleted.
2. Monitor the Duo Cloud Service
As part of availability management, you should understand if the communications with the Duo cloud service is active and if the Duo cloud service is up and running. You can do this manually or automatically.
Automated - Using Auth API
A monitoring script can be created and configured to run using your in-house monitoring system. The best practice would be to limit these calls to once per hour:
/Ping (https://duo.com/docs/authapi#/ping): A basic high-level check that verifies the Duo service is contactable and running
/Check (https://duo.com/docs/authapi#/check): Goes a beyond /Ping, as it checks against your account details to verify the integration and secret keys
Manually Using the Status Page
There is a link under “Deployment ID” on the left panel in the Duo Cloud admin panel that will redirect you to the status page. There you can browse the state of the deployment with the associated issues. If you have a Duo Authentication Proxy, that is another monitoring option you can set up.
3. Configuration Management - Help From Device Insight and Endpoints
Configuration management in ITIL tracks and maintains detailed information of any IT components including installed software, versions and patch levels. Device Insight complements this ongoing and iterative process. This information is important as it integrates with other processes such as change management when IT decides to upgrade and change base OS versions and release management when IT decides to implement new apps and need secure authentication. To export this information go to Endpoints select the devices and click on Export.
4. Change Management - Policy Impact Report in the Duo Admin Panel
When IT introduces a new app into the environment, how would that impact be assessed? How would the project owner provide confidence to the change management approval board that it would not affect users? How can we monitor the environment for these impacts on an ongoing basis?
Thankfully, in the Duo Admin panel, there is a feature which helps address those questions and you can refer to the guide on how to read the report.
5. Telephony Credits Monitoring
If you use SMS or phone calls as one of the authentication factors, it is important to monitor the credit usage. Set a transhold to alert the IT administrator's email distribution list so you know when credits are low.
The other thing to consider is to restrict users from overuse. This can easily be configured under Settings-> Telephony credits. I recommend using Duo Push instead because it is free and it is more secure, as it is out of band.
I hope these tips will better help align your cloud operations with an ITSM framework like ITIL. It is important for the cloud operations team to keep abreast of changes in the cloud environment to adequately address issues in a timely manner. I recommend downloading Duo’s free whitepaper “How to Successfully Deploy Duo at Enterprise Scale'' to learn more about considerations when rolling out Duo.
Try Duo For Free
With our free 30-day trial you can see how easy it is to get started with Duo and secure your workforce, from anywhere and on any device.