What Is Configuration Management and Why Is It Important? | UpGuard

Configuration management (CM) is a systems engineering process for establishing and maintaining consistency of a product’s performance, functional, and physical attributes with its requirements, design, and operational information throughout its life.

Configuration management is a form of IT service management (ITSM) as defined by ITIL that ensures the configuration of system resources, computer systems, servers and other assets are known, good and trusted. It’s sometimes referred to as IT automation. 

Most configuration management involves a high degree of automation to achieve these goals. This is why teams use different tools like Puppet, Ansible, Terraform and other configuration management tools. 

By using automation, it’s easier to build in checks and redundancies, improving the potential for omissions due to human error and the accuracy for keeping assets in the desired state. 

Without automation, a single engineer forgetting to update a piece of software can leave a system with an outdated version of the software that has a known vulnerability listed on CVE. This vulnerability could be exploited to spread computer worms, install ransomware or another type of malware. 

Automation is valuable for another reason, it greatly improves the efficiency and makes configuration management of large systems manageable. 

Configuration management applies to a variety of systems, but most often, you’ll be concerned with these:

  • Servers
  • Databases and other storage systems
  • Operating systems
  • Networking 
  • Applications
  • Software

Why is Configuration Management Important?

Chances are, technology powers your business. If you sell SaaS (Software-as-a-Service, technology is the product. 

Even if you don’t, every company uses technology to automate their processes. 

The configuration of these systems is critical to your organization’s success. Configuration is what makes your systems (servers, networks, operating systems, data centers, configuration files, IT assets and all other configuration items) work. 

Open the settings menu in any software and you are dealing with configuration management. 

You need to manage it carefully and keep track of configuration changes to ensure traceability, or your business and end users could suffer from systems outages, data breaches and data leaks. 

To reduce cybersecurity risk and improve operations, many businesses employ a configuration management database (CMDB), configuration management plan and a configuration manager to ensure successful configuration management. 

Having accurate records of the state of your systems is essential and baselining an attribute can ensure formal configuration change control processes are effective. Which is why version control is critical for al IT infrastructure.

This helps with project management, asset management and audit processes, as well as software development and debugging.

Other benefits of configuration management include:

  • Reduced risk of outages and security breaches through visibility and tracking of the changes to your systems.
  • Cost reduction by having detailed knowledge of all the elements of your configuration, avoiding wasteful duplication of your technology assets.
  • Improved experience for your customers and internal staff by rapidly detecting and correcting improper configurations that could negatively impact performance.
  • Strict control of your processes by defining and enforcing formal policies and procedures that govern asset identification, status monitoring, and auditing.
  • Greater agility and faster problem resolution, enabling you to provide a higher quality of service and reduce software engineering costs.
  • Efficient change management by knowing your baseline configuration, and having the visibility to design changes that avoid problems.
  • Quicker restoration of service. In an outage, you’ll be able to recover quickly as your configuration is documented and automated.
  • Better release management and clear status accounting.

DevOps teams are taking the United States and the world by storm and software configuration management is getting applied across the lifecycle of enterprise IT. 

As you can see from the diagram below, it’s critical to think through how you plan, build, run and govern processes and handoffs, whether you’re doing DevOps or not.

Configuration Management

What Happens If You Don’t Use Configuration Management?

There’s a famous commercial about an auto mechanic talking about a costly engine repair that could have been avoided if the owner had replace his oil filter. The mechanic says:

“You can pay me now, or you can pay me later.”

This quote applies well to configuration management. 

You can avoid the costs associated with configuration management by not employing it at all, however you will likely pay in:

  • Manual effort (months) to determine which system components should change when requirements change.
  • Failed implementations because your project’s requirements changed, and you didn’t communicate the changes to all parties.
  • Lost productivity by replacing system components with flawed new versions, without the ability to quickly revert to a working state.
  • Unexpected outages from incorrectly modifying system components, because you couldn’t accurately determine which components were impacted by a change.

Configuration management is included as a key systems engineering practice because it works! It keeps you from incurring costs preventatively and helps IT stop fire fighting. Moreover, good systems engineers have learned, through practical experience, that it pays for itself many times over.

The lesson to learn is simple: Don’t pay the price later! Use configuration management to focus on fire prevention, not fire fighting.

What is an Example of Configuration Management?

An exemplary configuration management framework consists for four pillars:

1. The issue

A software “glitch” prevented the New York Stock Exchange (NYSE) from processing stock trades for almost 90 minutes.

2. The impact

The financial markets felt the impact even beyond the NYSE trading floor. Since investors couldn’t calculate market indexes without NYSE data, trading also stopped at the American Stock Exchange and some futures and options markets. Trading also slowed on the NASDAQ Stock Market, due to investor reluctance to do business without information on NYSE trading.

3. The cause

A new software installation caused the problem. The NYSE had installed the software on 8 of its 20 trading terminals, and the system was tested the night before go-live. However, on the morning of June 8th, a total of 8 installations failed to operate correctly. The NYSE tried to switch back to its old software, but was unable to do so before the opening of the trading session.

4. Lessons learned

Although you might see this as a failure of the NYSE’s configuration management process, in reality, it was a success. Although the problem didn’t arise until right before the opening of trading, the NYSE had robust configuration management processes and tools, which identified and recovered from the problem quickly. Other than some red faces at the NYSE, the damage was minimized. Had the outage continued for longer than 90 minutes, the repercussions would have been much more severe.

How Much Does Configuration Management Cost?

Unfortunately, configuration management doesn’t come free. Firstly, you will need a configuration management system. The configuration management systems marketplace changes frequently, and there are many different solutions out there, ranging from open source projects to commercial off the shelf technology sold by the likes of Microsoft and IBM. Typically the costs for these configuration management tools are by ‘node’ with varying price points depending on the type of node (servers, databases, network devices, mobile devices, storage, virtual instances, et al.). Open source systems have come a long way, so despite paying for a vendor’s logo and sales team, it is not always value for money to go with a big vendor.

The second cost of configuration management is people, including staff (often contractors, if your internal capability is immature) with the skills to set up configuration management processes and tools. You will also need to factor in training of your existing staff to integrate ongoing configuration management processes into your business.

What is the Return on Investment of Configuration Management?

Some of the financial benefits contributing to positive ROI results found in leveraging configuration management include:

  • IT staff productivity increase. Optimization of IT staff activities through automation reduced IT staff time spent “keeping the lights on”, freeing up valuable staff resources for business-related initiatives.
  • User productivity increase. Reduction of downtime caused by system outages, cyber attacks, security intrusions, and change and configuration activities.
  • IT cost reduction. Optimization of IT operations reduces costs in multiple areas, including infrastructure, outsourced services and management software.
  • Continuous delivery of IT services. Ensuring that the software can be reliably released at any time.

There are plenty of ROI calculations that you can apply for your business. The metric is cost avoidance in areas such as:

  • The number of devices/nodes monitored by a configuration management system.
  • The effort (try $35/hour conservatively) it takes a system/network engineer to handle configuration management processes manually.
  • When (not if) a system outage occurs with no backup configuration.
  • When you inevitably need to apply a bulk configuration update to many systems, or a new rollout needs to happen.
  • When your business has to comply with a configuration audit request, or pass a technology risk assessment.

The benefits of configuration management flow into all these activities. These activities take time, and time is money.

What are Some Popular Configuration Management Tools?

There are many popular configuration management tools, which makes it hard to find a tool or stack of tools that meet the system configuration needs of your organization. 

The essential features and tradeoffs you need to consider include performance, always key for scaling a data center, compatibility with existing systems, ease of use, enterprise support and cybersecurity. 

When it comes to market share, tools like Ansible, Puppet and Microsoft System Center Configuration Manager have sizable communities but there are only great alternatives in the CM space.

Here are some of the most popular tools you could consider, or at least be aware of:

The leader by market share, with around 27% share of the market, Ansible is an agentless orchestration and configuration system that uses playbooks written in YAML to manage your servers. 

Focusing more on server provisioning rather than server configuration, Terraform uses an immutable configuration approach to keep all servers perfectly synced to the desired state, avoiding configuration drift.

An older tool in the space, CFEngine is a configuration management tool that runs lightweight agents on the managed resources and converges their configuration to the desired state.

With around 22% of the market, MSCCM is Microsoft’s system configuration and monitoring tool, which manages the configuration of Windows-based assets from a single central admin machine.

A configuration management tool with almost 12% market share, Puppet uses a Master-Slave architecture to keep resources in the desired state. Along with Chef, it’s one of the CM systems that rely on Ruby domain specific languages (DSLs) for configuration management. 

Chef allows you to store configuration management routines in “recipes” and “cookbooks” that can be easily shared across teams, with support for a plethora of operating systems, including Windows and Linux.

This is one of AWS’s multiple solutions aimed at easing configuration management for enterprises hosting their applications on Amazon’s cloud platform. OpsWorks automates patching, updating, and configuration of servers using Chef and Puppet. 

Salt lets you use the Python programming language to create configuration templates that can be pushed out to clients from a central master or run with a decentralized model.

These tools have many commonalities and overlapping features that provide advantages over managing configuration management by hand, including infrastructure-as-code approaches that make it easy to rollout updates and change infrastructure. 

In addition, these configuration management tools help you keep a record of your assets and understand the exact state across all your servers and other networked assets. 

What are the Best Practices in Configuration Management?

The areas of configuration management, data management and control are fraught with risks, from the possibility of disruptions to application availability, as well as data loss or corruption. 

To ensure your organization’s assets are highly available and configured optimally, use these best practices:

Track changes

For tracking changes to related to system provisioning and configuration management, consider using changesets instead of single file commits. Changesets are packaged commits that track changes to a group of files, directory structure, reasons for change, unit test comments and environment changes in one easy to manage commit. This allows build managers to see which related files have changed with every significant change to your assets, making it easier to roll back unwanted changes or revert to an earlier configuration if needed. 

Early testing

Adopt an early testing approach by testing early and often you can catch bugs and potentially harmful regressions in your configuration management. 

Performance testing

Performance testing gives your DevOps team insight into how their latest changes affect performance and system functionality.

Integrate early and often

Along with performance testing, integrate early and often to ensure new features or changes play well with the rest of your environment. This will help you post problems early before they occur in production and prove costly. 

Avoid fixing problems with code

Unless they have been defined in your configuration management repository. Without a definition of the problem in your repository, future reviewers won’t know what was fixed and if the fix worked, leading to the potential for code conflicts and subtle bugs.  

Configuration Control

Includes the evaluation of all change-requests and change-proposals, and their subsequent approval or disapproval. It covers the process of controlling modifications to the system’s design, hardware, firmware, software, and documentation.

This is a start but there are many other important and helpful best practices that have emerged and some are still emerging for optimal configuration of your computer systems. 

Your team should codify their set of best practices that govern and safeguard your organization going forward. 

This will be an ongoing effort, and your best practices will change over time, in line with the needs of your organization.  

What is the Future of Configuration Management?

Configuration management is in flux and there is plenty of improvements released to the tools and processes we use.

Broadly speaking, proper configuration management achieves three fundamental goals: easily identify all code and configuration deployed into production (also known as configuration audit), the ability to retrieve all configuration items, including code, used to achieve any work product, desired state, or release, and having an effective mechanism for creating a sandbox for bug fixes or accommodation of a change request without regressions in the environment due to missing header file or other such error. 

Tools that promise significant improvements towards any of these fundamental drivers for configuration management will probably find a user base, and this implies a culture of constant change and improvement in CM tools.   

Going forward, some of the tools that look set to contribute enormously to the future of configuration management include Kubernetes, Docker, and tools like Habitat, Kustomize, and Conduit. 

Docker has long been seen as the future of configuration management due to how its containerization model and change management features make it easy to roll back changes to an image. This eliminates a significant part of the configuration management burden. 

Kubernetes, on the other hand, focuses configuration at the level of your app and its dependencies, instead of focusing on configuring monolithic servers. If you already have Docker containers to deploy, Kubernetes makes it easier and faster to get your applications up and running, but migrating virtual machine-based applications to Kubernetes is still a much more challenging process.

For solving some of the problems that Kubernetes leaves to you, such as building your applications, Chef Habitat and Kustomize can help. 

Habitat provides a uniform approach to building and deploying your application, with a final package that can run on bare metal servers, or be exported to Docker and Kubernetes. This provides a consistent workflow that works for running your application on any platform. 

Kustomize helps you customize the configuration of your deployed applications, and makes it easier to use third party applications in your Kubernetes deployment. 

With the introduction of new assets in the internet of things (IoT), organizations will likely have way more assets to manage, which will likely introduce new tools. What seems clear, however, is that containerization platforms and their associated configuration management tools will continue to grab market share from virtual machine based deployments due to their numerous advantages.

Is Your Business at Risk of a Data Breach?

UpGuard can protect your business from data breaches, identify all of your data leaks, and help you continuously monitor the security posture of all your vendors.

UpGuard also supports compliance across a myriad of security frameworks, including the new requirements set by Biden’s Cybersecurity Executive Order.

Test the security of your website, CLICK HERE to receive your instant security score now!