Configuration Management is the process of maintaining systems, such as computer hardware and software, in a desired state. Configuration Management (CM) is also a method of ensuring that systems perform in a manner consistent with expectations over time.
Originally developed in the US military and now widely used in many different kinds of systems, CM helps identify systems that need to be patched, updated, or reconfigured to conform to the desired state. CM is often used with IT service management as defined by the IT Infrastructure Library (ITIL). CM is often implemented with the use of configuration management tools such as those incorporated into VMware vCenter.
Configuration Management helps prevent undocumented changes from working their way into the environment. By doing so, CM can help prevent performance issues, system inconsistencies, or compliance issues that can lead to regulatory fines and penalties. Over time, these undocumented changes can lead to system downtime, instability, or failure.
Performing these tasks manually is too complex in large systems. Software configuration management can involve hundreds or thousands of components for each application, and without proper documentation IT organizations could easily lose track of which systems require attention, what steps are necessary to remediate problems, what tasks should be prioritized and whether changes have been validated and propagated throughout the system.
A Configuration management system allows the enterprise to define settings in a consistent manner, then to build and maintain them according to the established baselines. A configuration management plan should include a number of tools that:
- Enable classification and management of systems in groups
- Make centralized modifications to baseline configurations
- Push changes automatically to all affected systems to automate updates and patching
- Identify problem configurations that are underperforming or non-compliant
- Automate prioritization of actions needed to remediate issues•
- Apply remediation when needed.
As organizations increasingly adopt a microservices architecture composed of many code segments of various size connected by APIs, the need for a consistent configuration management process becomes even more apparent, where each service utilizes metadata that encodes specs for resource allocation, secrets like passwords, and endpoints that define connections to other services for registration and initialization.
Through the use of these tools, a configuration management plan provides a ‘single version of the truth’ for the desired state of systems across the organization by giving visibility to any configuration modifications, enabling audit trails and tracking of every change made to the system.
The configuration management process begins with gathering information including configuration data from each application and the network topology. Secrets such as encryption keys and passwords should be identified so they can be encrypted and stored safely. Once collected, configuration data should be loaded into files that become the central repository of the desired state – the single version of the truth.
Once data has been collected the organization can establish a baseline configuration, which should be a known good configuration that can perform its intended operations without bugs or errors. Typically this baseline is established by noting the configuration of the working production environment and storing those configuration settings as the baseline.
When the baseline has been established, the organization should adopt a version control system. Many organizations utilize Git to create a repository of configuration data for this purpose.
Auditing and accounting help to ensure that any changes that are applied to the configuration are reviewed by stakeholders and accepted, ensuring accountability and visibility into configuration changes.
Utilizing a Configuration Management system helps avoid problems that occur when hardware and software systems are improperly configured. Simply tracking changes can help avoid expensive remediation projects down the road. CM is insurance you pay for today so you can prevent issues tomorrow. For example, Configuration Management helps ensure the development, test, and production environments are the same, so that deployed applications will behave in the manner that is expected of them.
When problems do occur, CM can re-create the environment where an error occurred, or can replicate an environment to ease scaling and migration of workloads either on-premises or between clouds.
Configuration Management tools use scripting to automate these administrative tasks, and enable rapid provisioning of servers, VMs and containers to the desired state in minutes, rather than days or weeks.
If improperly used or overlooked altogether, organizations put themselves at risk for downtime and errors caused by improperly configured hardware and software. This could impact the bottom line in terms of unplanned downtime, additional expense, and countless hours wasted remediating errors, quality issues, and missed deadlines due do downtime. As with most IT automations, CM keeps organizations from constantly fighting fires and lets IT focus on more productive work.
Without CM, organizations would be extremely challenged to understand how even the smallest changes to the environment will impact operations for development, test, and production. This extends to the inability to comprehend all the component pieces of a system and the resulting inability to determine how each service, configuration parameter, and piece of hardware contributes to the system.
Root cause analysis, remediation, and maintaining service level agreements (SLAs) would become increasingly difficult without a CM solution deployed, and without CM organizations would be challenged to:
- See if changes to configurations were authorized or rogue.
- Determine how changes will impact the organization overall.
- Rapidly uncover security holes caused by unauthorized configuration changes.