The Velocity 2008 Conference hosted many excellent presentations and discussions concerning web performance and operations. Adam Jacob, of HJK Solutions, presented how his company goes about “Building An Automated Infrastructure”. To briefly explain what an automated infrastructure is, let’s think of servers and data as office buildings and automobiles. Would it make sense to begin construction of these without electricity, running water and roads? This infrastructure ties together our entire lives and greatly improves our standard of living. Correspondingly, basic IT tasks such as operating system installs, version control systems, configuration management and application deployment tie our servers and data together and greatly improve our ability to conduct business with customers.
I’d like to share my views on Configuration Management (CM) and the role it could play in your data center.
What is Configuration Management?
In keeping with our city planning analogy above, think of CM as a set of standard architectural blueprints for everything in our town. In the context of CM, such specifications are called configuration items and will be used like cookie cutters each time we build a RAID array (bank), firewall (police station), or a webserver (house). Having a standard set of instructions allows any certified sysadmin to easily (and correctly) rebuild or repair any of the documented pieces of hardware in your data center. In fact, by “any” I’d recommend the more junior members of your team. After all, if your chief architect is busy digging ditches, who’s planning the future growth of your city?
How can Configuration Management help me with Scalability?
Seeing a spike in web traffic? Apache instances starting to choke on all the load? Normally, installing and configuring servers takes a day or two. Maybe by then, the majority of that traffic has dried up and gone away after being shown the HTTP 502 error door. But what if you could bring new servers online in minutes because they can be setup automatically by your CM system? Now we’re talking scaleability!
How can Configuration Management help me with Security?
Managing the configuration of your data center equipment can also benefit your site’s security and ability to cope with change. Gene Kim of Tripwire Inc. has made countless studies and publications of how unauthorized changes and undetected intrusions cause the vast majority of server errors and outages. A distributed (network aware) CM system would detect such events and send alerts to relevant staff. Many such systems, if so configured, will automatically revert the changes on the affected servers. Note that even though a CM system can detect such anomalies, its no replacement for a robust intrusion detection system which examines the nature of the actual network traffic to detect an attack.
Who are the major, open source players?
Does all of this sound like futuristic talk of a distant IT paradise? Believe it or not, such CM systems have been around for decades now! In the next articles, I’ll review two very popular open source configuration management tools: cfengine and Puppet.