Get Puppet Enterprise First 10 nodes are free!
Try it now
Request a demo
Automate IT and infrastructure, manage complex workflows, and mitigate risk at scale.
Try the full-featured Puppet Enterprise for free on 10 nodes.
Puppet Comply Find and prevent compliance failures
Compliance EnforcementRemediate to stay in compliance
Continuous Delivery for Puppet Enterprise Build, test, and deploy infrastructure as code faster and easier
Content & Modules Pre-built scripts to automate common tasks
CentOS EOL Here’s how to secure your CentOS infrastructure – even after EOL.
Find thousands of component modules built by the community and guidance on using them in your own infrastructure.
Visit Puppet Forge >>
Open Source PuppetPerfect for individuals and small infrastructure
BoltAutomate tasks in orchestration workflows
See all open source projects >>
Contribute to open source projects >>
The old way we’ve thought about configuration management software has passed — we need a new perspective that takes into account the importance of policy enforcement. Let’s dig deeper into what this means for DevOps, your overall security and compliance strategy, and IT.
Table of Contents:
Configuration management software helps organizations track and manage the configuration of their IT assets such as hardware, software, operating system configuration, application deployment settings and other configuration data.
Policy enforcement is the process of ensuring that users and systems comply with organizational and industry standard compliance policies. This includes policies for access control, data security, and network security.
Policy enforcement ensures that users and systems comply with organizational and standard compliance policies, while configuration management generally tracks and manages the configuration of individual IT assets settings. Both aim to accomplish a similar goal: an infrastructure working in compliance and harmony at scale.
Puppet (and other) platforms have been branded as configuration management platforms, aimed at use by skilled administrators to model their desired state, and then turn those models into reality.
Configuration management used to be both the means and the end.
This has now evolved, mostly due to a growing set of needs and increasing infrastructure/cloud presence. Today, policy enforcement handles the specifics, while configuration management has become simply a special case of policy enforcement.
Consider the changing approach of putting standards and compliance first as a way to think about IT. Why?
The problems that policy enforcement solve are narrower and more goal-oriented than a broad platform might try to accomplish. This seems to indicate that organizations are getting specific and cutting out part and pieces of platforms that just aren’t necessary for their needs.
Policies can address things like:
We’ll use the real-world example of a bank with a massive IT team that uses a configuration management-first approach. In this case, the IT team is continually growing to manage the exceptions, rules, and user needs of the organization.
As the bank grows, the IT team grows. It’s not a lean way to work — policies are individualized rather than generalized. The concern with this model is that at a certain size, the bank is supporting the growth of an IT team, and not the other way around.
Configuration management software shouldn’t enable policy enforcement — it should be the other way around. This can help you to ensure that your systems are always in compliance with your organization's policies.
To move beyond configuration management software, you need to ask yourself: what are you actually trying to accomplish? What are you trying to achieve by implementing this software?
Don't let developers spin up individual solutions when the problem can be generalized across the organization with policy. It's tempting for developers to just "wing it" when they need to make a change to a system. However, this can lead to a patchwork of different solutions that are extremely difficult to manage and maintain and can cause significant overhead and technical debt.
Start with a policy-first approach that all developers must follow. This will ensure that your systems are always in compliance with your organization's policies and that changes are made in a controlled and consistent manner.
See exactly what we mean by modern, scalable policy enforcement. Get a free demo of Puppet and we’ll show you how to refine the tasks that take place every day in your infrastructure:
💪SEE PUPPET FOR POLICY ENFORCEMENT💪
Principal Solutions Engineer, Puppet by Perforce