introducing/playbook/v3.0

Playbook 3.0 has a more flexible and streamlined interface that's easier to navigate. We've improved search so that it "just works" the way you'd expect it to when you enter addresses and names. We've improved navigation so that it's quick and easy to jump to a device or area of the network. We've made the dashboard page configurable and cleaner. And we've added utilities to solve some of the simple annoying problems people deal with when they have to write firewall rules.

Here's a whirlwind tour of the features of Playbook 3.0.


Smart firewall configuration editing

Playbook makes it safe, quick, and painless to change firewall rules. Your configurations are all managed in a central web interface, and editors don't need to log directly into devices.

  • Changes are tracked in an industrial-strength version control system
  • Nothing is ever deployed to a device without approval
  • Configuration lines are fully parsed and checked for errors
  • Addresses and ranges are detected, made clickable, and indexed for search


Intelligent search

Everything in Playbook is indexed, like a search engine. Because Playbook understands the syntax of firewall rules, it can search inside CIDR address blocks. And because every revision is indexed, you can find hosts and services in any change, even if it isn't currently deployed.


Track customer requests

Playbook has a simple request tracker that is tied directly to the change tracking system. That means that when an operator makes a change in response to a customer request, Playbook can tie the change back to a ticket. It also means that customers can file change requests and track status without calling your team on the phone.

  • Customers submit requests using a simple "retail" interface, and they don't need accounts, logins, or passwords.
  • We keep track of which request each engineer is working on, and tie changes back to tickets.
  • Tickets have a submit/edit/work/approve lifecycle to handle multiple levels of authorization.


Quickly research requests and navigate the network

Change management, request tracking, and search all work together in Playbook. When you get a request, Playbook can suggest which firewalls are the right place to make changes. When you make a change, your team can see it immediately in the request screen and approve or modify the change.


Searchable, traceable change histories

Because Playbook is built on a version control system, you can't make a change that Playbook will forget about.

  • Get visual diffs and change comments for every change
  • All changes are tagged, when appropriate, with customer requests
  • Get annotated views of firewall rules broken down by request
  • Get changes across multiple devices associated with requests


Filtered, bookmarkable timeline reporting

Any time a ticket is opened or changes, any time a rule or a note is changed, any time Playbook ever talks to a device, Playbook records the event and displays it in the timeline view. You can filter the timeline down to firewall events, or down to events for just this week, or down to the last several events. You can bookmark different filters for quick reference. You can even subscribe to them in RSS.


Deploy rules with the push of a button

Playbook knows how to talk to your devices, so you don't have to. Better still, you can empower your team to manage those devices without creating tens of different logins on those devices. And nothing touches a device in production until you tell it to.


Document your network in a wiki

Playbook uses wikis, which are editable web pages, to help teams share information and to present information about network protocols. Teams can track information about specific hosts or applications (which are then linked to the firewall rules that deploy them), or store information about physical devices and contacts. Like everything else in Playbook, our wiki is backed by strong version control.


Keep tabs on the network with the Dashboard

Playbook has a configurable dashboard page which summarizes activity, shows tickets assigned to you, displays selected wiki pages, and reports device status.

Host firewall support

Playbook 3.0 also supports host firewalls (first, the Mac OS X host firewall; Win32 coming soon).

Designed for teams with mobile workers (and great for desktop environments), Playbook allows network security teams to keep end-user machines up to date.

It works like this: end-users get invitations to visit a URL in Playbook, where they're given a customized and cryptographically secured installer that places a very lightweight agent on their machine. The agent periodically makes secure requests back to Playbook to sync up rules. End-user machines appear just like any other firewall to Playbook administrators.

Changes in 3.0

For those of you keeping track at home:

  • Improved user interface
  • Utilities and navigation bar in the UI
  • "Merged" search results display both text and rule matches
  • Greatly improved performance for rendering large rulesets
  • A rewritten rule editor that does in-place editing of lines
  • A redesigned configurable dashboard page
  • Jump to "recent" devices and areas
  • Versioned per-line rule comments
  • A hugely simplified upgrade system for future releases of Playbook
  • A CIDR netmask calculator
  • Quick stats from the menu bar on any protocol in the wiki
  • Improved UI for cross-firewall search-and-replace
  • Improved UI for ticket editing
  • Support for OS X host firewalls