Glossary
What is Configuration Management?
IT Configuration Management Definition
IT configuration management turns IT configuration from a one-off, error-prone process to a policy-driven, often automated approach that sets up systems consistently, securely and in an error-free way. Configuration management automates the configuration of individual systems such as servers, firewalls, or routers.
IT today is faced with managing more machines and devices than ever, each of which requires proper configuration management. That means loading them with the right software, making sure that software can run, tying new devices properly into the network and myriad other tasks for secure, productive operation.
“Configuration Management enables faster and more efficient deployments. It guarantees that the appropriate configuration is consistently implemented across many environments, lowering the likelihood of mistakes and speeding up the release cycle,” the Developers Per Hour blog explained.
The graphic below shows configuration management processes and underlying technologies and concepts:
Source: US Internal Revenue Service
What is a Configuration Management Database (CMDB)?
A configuration management database (CMDB) is where configuration data is held, usually in the form of a file. The data includes everything IT needs to know about the hardware and software components that reside in the IT environment, their attributes and how these relate to one another such as any dependencies that may exist.
Since a CMDB is a database, it offers a central view of this configuration data, which can be viewed in a variety of ways and updated as device states and the environment changes.
By containing all this data, including how devices are organized, the CMDB helps IT create new configuration processes and policies, both of which are key to effective configuration management. A CMDB is also useful for areas related to configuration management, including change management as well as problem and incident management.
Key Components of the Configuration Management Process
Identity Requirements for Configuration: This includes all components that are part of a configuration project and how they fit together.
Create a Plan: High level view of configuration goals, along with specific processes and procedures for each configuration project.
Build Policies: Distribute and update policies. Ensure they are used for all critical configurations.
Document Changes: This includes updates to the plan, policies or configurations themselves.
Test: IT should test not only configuration code, but that configurations standards are adhered to.
Audit: IT should regularly audit its configuration management processes and implementations to ensure all is up to date and configurations are performing efficiently and result in secure systems.
Key Components of a Configuration Management System
- CMDB
- Infrastructure as Code (IaC) and Policy as Code (PoC) Capabilities
- Network and device discovery
- Configuration code testing
- Automation
Why is Configuration Management Important?
Configuration errors are a common source of hack attacks, not to mention threats to end user productivity and proper IT operations. IT configuration management aims to systematize configuration so only proven, tested and secure configurations are applied. For enterprises which must adhere to compliance regulations, configuration management is an absolute must have.
For security, making sure that permissions, privileges and credentials are all applied properly and consistently – each time – are security and compliance essential, as are implementing proper rules for device ports, firewalls, servers and other critical gear.
Performance and optimum service delivery can only come with well configured, error-free systems. Configuration management not only addresses these issues, but if an outage or configuration error occurs, your management system and processes can quickly mitigate the problem and bring your systems back online quickly and safely.
Benefits of Configuration Management
Configuration management brings discipline to an often unruly, tedious and error-prone configuration process. With a plan and policies in place, IT understands how configuration is best handled and has documents to guide them. By turning configurations into code, IT can simply apply proven code-based approaches to configure critical systems. The result is both efficiency and security.
As the IT environment grows, configuration management makes it easy to add new devices to the mix and ensure that they play well with related pieces of infrastructure.
IT manpower is not free as IT professionals time is precious. Configuration management speeds the process of getting systems online, allowing IT to focus on more strategic concerns. Simply put, configuration management allows IT to greatly scale its ability to set up and manage multiple systems and onboard new gear.
The configuration management plan and policy framework can account for any compliance regulations your enterprise happens to fall under. And by following these guidelines and procedures in every instance, your chances of achieving compliance skyrocket.
Finally, the safety of IT infrastructure is greatly enhanced. Misconfiguration is not only a security hole but is a common cause of performance problems and system failures.
Configuration Management in DevOps
Did you know that 80% of security breaches are caused by configuration management issues? That’s what Gartner and Microsoft both say.
And OWASP recognized the importance by moving security misconfiguration up in their top 10 list.
This is because misconfiguration can happen at any level within the application stack – web server, app server, database, OS, VMs, containers, etc. And also, in any location – cloud or on-premises, servers, edge, etc.
The answer to the misconfiguration woes is to incorporate DevOps configuration management into your IT processes and include automated configuration checks and remediation.
“Today, in an organization the system admins or DevOps Engineer spends more time in deploying new services and application, installing and updating network packages and making machine server ready for deployment. This causes tedious human efforts and requires huge human resources. To solve this problem, configuration management was introduced. By using configuration management tools like Chef, Puppet you can deploy, repair and update the entire application infrastructure with automation,” argued the Intellipaat web site. “Configuration Management keeps track of all the software and hardware-related information of an organization and it also repairs, deploys, and updates the entire application with its automated procedures. Configuration management does the work of multiple System Administrators and developers who manage hundreds of servers and applications.”
With IaC, DevSecOps teams create pipelines that can cross both internal and external boundaries, standardizing environments and processes locally within the data center and up in the cloud. As a result, you get a dynamic environment that’s stable no matter how complicated your configurations are. When your application deployment and infrastructure changes move at the same pace, your entire IT organization functions better.
In fact, environmental configurations are foundational to application and business success. A DevSecOps team that turns configuration into code can leverage the same tools and processes they use on applications to efficiently and successfully prepare environments to run applications.
With IaC, DevOps can:
- Configure systems based on defined business policies.
- Test systems and validate states across environments.
- Patch and remediate vulnerable systems.
Here is how DevOps can drive configuration best practices:
- Test Driven Development: Configuration change testing becomes parallel to application change testing.
- AIOps Support: IT operations can confidently scale with data consolidations and 3rd party integrations.
- Self-Service: Agile delivery teams can provision and deploy infrastructure on-demand.
Configuration Management Principles
- Create a strategy backed up by a plan and set of processes.
- Automate wherever automation is possible.
- Make sure configurations and their implementations are traceable.
- Create a reproducible system that allows IT, QA, developers, management and operations to deploy and apply proven configurations and implement software-development best practices.
- Make configuration as self-service as possible.
Types of Configuration Management Approaches
There are two key types of configuration management approaches: the push model and the pull model.
Pull Model: Here, devices, machines and applications (considered as nodes) get updated dynamically based on configurations present in a configuration server. The clients, or nodes, poll the master configuration server for updates based on a schedule established by IT or DevOps.
Agents are installed on each client to handle node/server interactions.
There are clear advantages to this approach. “In a 'pull' system, clients contact the server independently of each other, so the system as a whole is more scalable than a 'push' system,” the Agile Testing blog argued.
Push Model: With push-based configuration, the configuration server initiates the action and pushes configurations out on the clients. This approach does not require agents, though they can be used based upon the solution or set up.
Configuration Management Policy
An IT Configuration Management Policy makes sure all assets needing configuration are discovered and documented, usually through the CMDB, and sets out rules and guidance for configuration management best practices.
Use Cases for Configuration Management
Here are a few configuration use cases:
IT Configuration Management: This is configuration for hardware and device-oriented IT infrastructure assets.
Software Configuration Management: Configuration management, especially when driven by IaC, helps ensure your software development environment is configured uniformly across all its components and for all its users, reducing errors and deployment/configuration time.
IoT Configuration Management: The Internet of Things (IoT) is introducing hundreds, and sometimes thousands, of new devices to enterprise networks, often in the form of intelligent sensors and other specific-use devices. This IoT sprawl introduces new IT management and security issues, problems that themselves can sprawl out of control without configuration management plans, policies and solutions.
A central database, the CMDB, is vital to track what is in place, and capture new devices as they are brought online. New devices and updates to existing ones is a never-ending process. New versions have to be configured to gain new functionality or enjoy security features that may have been added.
How does Configuration Management Relate to Infrastructure as Code (IAC)?
Infrastructure as Code (IaC) is critical to effective configuration management. But first, what is Infrastructure as Code?
“Infrastructure as Code (IaC) is an IT approach that manages, configures and provisions IT infrastructure through code rather than time consuming, error-prone manual processes. IaC automates common, often complex tasks, and performs them in a proven, tested and error-free way,” the Chef What is Infrastructure as Code? glossary page explained. “Infrastructure as Code had its beginnings in IT scripting, where IT pros use PowerShell and other tools to automate common tasks and processes. These tasks tend to be low-level actions that are performed over and over. In contrast, IaC uses deeper, descriptive code that performs more complex provisioning, configuration, deployment and other IT functions.”
IaC offers a number of configuration benefits. “The only way to instead of disruptive churn is to implement a policy as code-based automation solution that keeps environments consistent. Chef enables DevSecOps teams to create pipelines that can cross both internal and external boundaries, standardizing environments and processes locally within the data center and up in the cloud,” the Chef configuration management web page explained. “As a result, you get a dynamic environment that’s stable no matter how complicated your configurations are. When your application deployment and infrastructure changes move at the same pace, your entire IT organization functions better. In fact, environmental configurations are foundational to application and business success. A DevSecOps team that turns configuration into code can leverage the same tools and processes you use on your applications to efficiently and successfully prepare environments to run applications,” the page concluded.
Here are a few ways to automate configuration management:
- Use policies: Policy as Code brings discipline to your configurations and helps ensure compliance.
- Test policies: By testing policies before applying them to configuration tasks, you ensure the code works and can become an immutable solution.
- Use workflows: Workflows are part of your configuration code development and how this code can be applied.
- Rebuild and Reproduce Systems and Configurations: Proven processes not only apply to new systems and tasks but are used to rebuild or reconfigure existing systems that might have had a problem or need an update.