Automate IT and infrastructure, manage complex workflows, and mitigate risk at scale.
Try the full-featured Puppet Enterprise for free on 10 nodes.
Find and prevent compliance failures
Continuous Delivery for Puppet Enterprise
Build, test, and deploy infrastructure as code faster and easier
Compliance Enforcement Modules
Remediate to stay in compliance
Content & Modules
Pre-built scripts to automate common tasks
Get Puppet Enterprise
First 10 nodes are free!
Try it now
Request a demo
Find thousands of component modules built by the community and guidance on using them in your own infrastructure.
Visit Puppet Forge >>
Open Source PuppetPerfect for individuals and small infrastructure
BoltAutomate tasks in orchestration workflows
See all open source projects >>
Contribute to open source projects >>
With drift and other issues putting your desired state at risk every day, you may wonder: What is configuration management? And how does it work?
Every organization needs to define the ideal configuration of its systems. That ideal configuration, or desired state, is the state in which systems and resources are aligned to support development, network performance, and efficiency.
In short, you want your environment to keep running in a desired state. Configuration management helps you do that. Read this blog to get a complete overview of configuration management, including use cases.
Table of Contents
Configuration management is an automated process that keeps an organization's systems in a desired state. Configuration management helps configure systems like hardware and software as well as correct issues when changes are made.
Configuration management can also automatically correct issues to ensure that your systems perform as expected.
Once the desired state is determined, a well-designed configuration management system can monitor for changes, detect deviations, and correct those deviations (either automatically or after alerting the IT team). It ensures that the environment remains stable and prevents changes from going unnoticed and then becoming a bigger problem.
Configuration management ensures a system performs as desired over time, even as changes are made to the system. Organizations often use configuration management to reduce configuration drift and maintain compliance with IT security standards.
Technology relies on correct configuration to support the organization’s business objectives. When properly configured, that technology enables an organization to move quickly and consistently while also maintaining security and reducing risk. Specifically, the infrastructure involved in supporting the business depends on configuration management. In short, when change is made in the underlying business infrastructure, it needs to be automated and trusted in order to be useful.
Configuration of the infrastructure can either be accomplished through manual or automated means. Automated configuration management lets organizations move quickly and consistently over time while promoting better security and reducing risk for the business.
With automated configuration management, the provisioning of new infrastructure and changes to existing infrastructure is accelerated to meet the application requirements that drive business outcomes. As a result, regardless of where the business needs to head, it can rely on automated configuration management to move quickly, be agile, and maintain consistent configurations.
A configuration management tool also gives you visibility into the state of your organization’s infrastructure. That means you can see the current state of applications and other resources. It also lets you build on top of existing system settings to create a larger, more versatile, more robust infrastructure. Because of this wide visibility, organizations trust automated configuration management to make changes in the organizations at scale – through existing or net new infrastructure.
Understanding what changes are being made begins with understanding that a system has remained consistent since the last set of changes. This is a vital part of maintaining desired state in configuration management. By promoting a better understanding of change management in the organization, configuration management provides teams with the information they need to make better decisions quickly.
Defining, testing, and deploying changes with infrastructure as code (IaC)Assessing configurations, establishing baselines, and automating standardsManaging the state of your infrastructure and tracking exceptions in a repeatable way
The above is a simplified version of a typical configuration management process. A configuration management process can be as simple as a build checklist or document for administrators to follow. In larger organizations and enterprises, it can also integrate provisioning, change management, reporting, and other control processes.
In configuration management, a baseline configuration is an established and described state of the infrastructure at a single point in time. Baseline configuration is used as a control for defining change from a set state.
Baseline configurations are essential to providing consistency in both provisioning infrastructure and change management. Traditionally, adding simple baseline configurations for operating system security has been cumbersome for IT staff and fraught with errors. Configuration items such as user accounts, compliance standards, and Information Security requirements often go unconfigured or misconfigured across operating systems, driving inconsistency and increasing risk.
Baseline configuration management is a common use case for automated configuration management because it drives out these inconsistencies and reduces risk easily. With baseline configuration management of the operating system(s), provisioning and change can be secured across the fleet of infrastructure – whether it resides on premises, in the cloud, or both.
Application configuration is the act of defining and enforcing a state in web applications, database applications, or containerized platforms.
In today’s IT world, applications can exist in multiple locations around the world for a single organization. They may have the same application that exists in their on-premises data center(s), but they may also distribute those applications across cloud environments for redundancy. Manual configuration across this disparate scenario can be extremely difficult, particularly at enterprise scale.
Automating these processes is yet another example of the strength of configuration management. These applications provide a valuable service to organizations. Automated configuration management builds consistency at scale for these applications while also ensuring the applications are configured correctly, secure in their configurations, and consistent across public, private, or hybrid cloud scenarios.
Compliance configuration is the act of configuring infrastructure and systems to enable compliance with regulatory standards such as GDPR, HIPAA, and PCI.
Regulatory and corporate compliance requirements are a significant consideration for initiating and maintaining infrastructure. Many of the compliance requirements are designed around data and privacy regulations required by government entities, like:
Every organization is expected to be compliant with at least one regulatory framework, which is why they should be considered when configuring infrastructure.
Again, automated configuration management plays a large role in ensuring that infrastructure meets regulatory and corporate compliance. Configuring at the system and app level automatically creates consistency and reliability for IT compliance.
Auditing compliance in IT is also easier with automated configuration management. Configuration management helps organizations pass audits by allowing auditors to compare the required configurations with reporting from the configuration management system. Once the two are compared and reporting shows compliance being enforced across the infrastructure, the audit becomes a breeze.
Every configuration management system is designed to do a similar set of basic things. The different types of configuration management and the specific ways it gets there all ladder up to enforcing a desired state in a system.
For infrastructure, that means establishing baselines, configuring applications, enforcing compliance, and more. But at a broader level, the actions a configuration management tool performs can be expressed in four common functions.
A configuration management system performs four basic functions:
Configuration management is essential for software development because it creates a consistent and predictable development environment.
It ensures that software development and infrastructure deployment control processes follow required compliance frameworks, enforce consistency and stability throughout on-premise and cloud-native environments, and reinforce security through application of self-healing infrastructure as code.
In short, configuration management ensures that misconfigurations don’t go unnoticed and prevents them from creating problems across the environment.
At a broader level, it enables automation that supports continuous compliance. It empowers IT teams to determine the ideal configuration across the environment, prevents unauthorized changes, catches deviations, and corrects the system back to desired state (often with self-healing capabilities, depending on the configuration management tool).
Without configuration management, environments can fall into chaos and disorder, with variant configurations on different computer systems. Consistency matters, especially across enterprises, so that changes can be made efficiently at scale. Configuration management enables organizations to facilitate continuous delivery, streamline updates and upgrades, and improve stability across environments.
Configuration management starts with defining the desired state of your environment. Once you understand and codify the components that make up the computer systems in your organization, configuration management can help you establish and maintain that desired state across environments.
The best configuration management processes result in systems that share as much commonality as possible, require as little bespoke work as feasible, and comply with all applicable internal and external compliance requirements.
As mentioned, manually handling configuration management processes isn’t realistic for larger organizations. A configuration management tool like Puppet Enterprise makes this an automated process that frees IT to focus on other priorities. No more 2 a.m. alerts!
There are several factors to consider when selecting a configuration management tool. Provisioning, monitoring, cataloging, continuous delivery, and reporting are all IT infrastructure lifecycle components that should integrate with configuration management.
Configuration management tools should also offer the flexibility to both manage systems on an ongoing basis and perform ad hoc administrative actions when required. Configuration management should also allow systems to be self-healing to enable continuous compliance.
A configuration management tool should enable you to:
Of course, you can’t go from ‘zero’ to 'desired state’ overnight. In fact, before you even pick a configuration management system, it’s best to spend time identifying why you need one. Here’s how to get started with configuration management:
Puppet offers several ways to get started with configuration management. The Puppet Forge has more than 7,000 ready-to-use modules to help install software, maintain websites, run databases, manage operating system parameters, and thousands of other configuration management tasks.
Puppet also offers free configuration management training options including instructor-led classes, web-based labs, and self-contained virtual environments to safely explore how Puppet can help you move from configuration management to configuration excellence.
DEMO PUPPET TODAY