homeguidebookwhat is configuration management

What is configuration management?

Configuration management helps organizations configure, maintain, correct, and ensure that computer systems and hardware remain in a desired state — without needing to manually track every change made. It automates the process so that once the desired state is determined, a configuration management tool can monitor for changes, detect deviations, and either first alert the IT team or automatically correct the deviation and then notify the team. It ensures that the environment remains stable, in the desired state, and prevents changes from going unnoticed and then becoming a bigger problem.

You want your environment to keep running in a desired state. Configuration management helps you do that.

What is the configuration management process?

Configuration management can take many forms, from something as simple as a build checklist or document for administrators to follow, to a highly automated process that integrates provisioning, change management, reporting, and other control processes. While very small businesses may be able to use a manual process, larger organizations and enterprises largely require an automated configuration management approach.

That approach can look like:

  • Defining, testing, and deploying changes with infrastructure as code using task-oriented or model-driven workflows
  • Assessing configurations, laying down baselines, and automating standards for continuous enforcement of desired state
  • Managing the state of your infrastructure with a dashboard view of inventory across the organization and tracking exceptions in a repeatable way
puppet it compliance icon
Maintain desired state
puppet it configuration management icon
Ensure compliance
puppet it automation icon
Reinforce security

Why is configuration management important?

Configuration management ensures that software development and infrastructure deployment control processes follow required compliance frameworks, enforce consistency and stability throughout on-premise and cloud-native environments, and reinforce security through application of self-healing infrastructure as code.

In short, configuration management ensures that misconfigurations don’t go unnoticed and prevents them from creating problems across the environment.

At a broader level, it enables automation that supports continuous compliance. It empowers IT teams to determine the ideal configuration across the environment, prevents unauthorized changes, catches deviations, and corrects the system back to desired state (often with self-healing capabilities, depending on the configuration management tool).

Without configuration management, environments can fall into chaos and disorder, with variant configurations on different computer systems. Consistency matters, especially across enterprises, so that changes can be made at scale and efficiency is improved. Configuration management enables organizations to facilitate continuous delivery, streamline updates and upgrades, and improve stability across environments.

What are best practices for configuration management?

The best configuration management processes result in systems that share as much commonality as possible, require as little bespoke work as feasible, and comply with all applicable internal and external compliance requirements.

Leveraging configuration management requires a thorough understanding of the components that make up the computer systems in your organization, and the most successful organizations take time to codify these configurations before writing any code. Once the desired state is codified then it can be applied across environments.

As mentioned, manually handling configuration management processes is not feasible or wise for larger organizations. A configuration management tool, like Puppet Enterprise, makes this an automated process that frees IT to focus on other priorities. No more 2 a.m. alerts!

What configuration management tools should I use?

There are several factors to consider when selecting a configuration management tool. Provisioning, monitoring, cataloging, continuous delivery, and reporting are all IT infrastructure lifecycle components that should integrate with configuration management.

The tools should also offer the flexibility to manage systems both on an ongoing basis and perform ad hoc administrative actions when required, and they should allow systems to be self-healing to enable continuous compliance.

A configuration management tool should enable you to:

  • Define, test, and deploy changes with infrastructure as code using task-oriented or model-driven workflows
  • Assess configurations, lay down baselines, and automate standards for continuous enforcement of desired state
  • Manage the state of your infrastructure with a dashboard view of inventory across the organization and track exceptions in a repeatable way
  • Manage changes at scale with control and auditability; track and report on corrective and intentional changes from a centralized interface
  • Reduce operational risk with a consistent and predictable environment that meets security and compliance requirements
  • Manage drift between the desired and actual configuration state with agent-based drift alerting
  • Safely scale automation across teams with greater insight into proposed code changes while avoiding conflict and collisions
  • Stay compliant with automated patching workflows and eliminate multiple tools and manual, error prone processes
  • Build security, compliance, and operational policies right into your infrastructure with policy as code
  • Enforce your system’s desired state; automatically assess compliance with specific guidelines such as CIS and NIST

How can I get started with configuration management?

Here’s how to get started with configuration management:

  1. Begin by assembling manual checklists and build documents into a common grouping of configuration options that exist on all (or most) systems. Focusing on the most common patterns first will help save the most human effort and bring immediate automation benefits to your organization.
  2. Ensure that monitoring, anti-virus, and other highly common software are included in the checklist as well.
  3. Categorize systems based on what must change to make them specific to certain applications, geographic regions, or other categories to build reusable, recomposable blocks of infrastructure as code.
  4. Next, select a configuration management tool.

Recommended for you

Puppet offers several ways to get started with configuration management. The Puppet Forge has more than 7,000 ready-to-use modules to help install software, maintain websites, run databases, manage operating system parameters, and thousands of other tasks.

Puppet also offers free training options including instructor-led classes, web-based labs, and self-contained virtual environments to safely explore how Puppet can help you move from configuration management to configuration excellence.