homeguidebookwhat is configuration management

What is configuration management?

Configuration management is a process that helps organizations configure, maintain, correct, and ensure that computer systems and hardware remain in a desired state — without needing to track every change manually.

puppet it compliance icon
Maintain desired state
puppet it configuration management icon
Ensure compliance
puppet it automation icon
Reinforce security

Once the desired state is determined, a configuration management tool can monitor for changes, detect deviations, and correct those deviations (either automatically or after alerting the IT team). It ensures that the environment remains stable and prevents changes from going unnoticed and then becoming a bigger problem.  
 
You want your environment to keep running in a desired state. Configuration management helps you do that.  

What is the configuration management process?

The configuration management process can take many forms. It can be as simple as a build checklist or document for administrators to follow, or a highly automated process that integrates provisioning, change management, reporting, and other control processes.  
 
While very small businesses may be able to use a manual process, larger organizations and enterprises usually require an automated approach.  
 
An automated configuration management process can include:

  • Defining, testing, and deploying changes with infrastructure as code using task-oriented or model-driven workflows
  • Assessing configurations, laying down baselines, and automating standards for continuous enforcement of desired state
  • Managing the state of your infrastructure with a dashboard view of inventory across the organization and tracking exceptions in a repeatable way

Why is configuration management important?

Configuration management is essential for software development because it creates a consistent and predictable development environment. It ensures that software development and infrastructure deployment control processes follow required compliance frameworks, enforce consistency and stability throughout on-premise and cloud-native environments, and reinforce security through application of self-healing infrastructure as code.

In short, configuration management ensures that misconfigurations don’t go unnoticed and prevents them from creating problems across the environment.

At a broader level, it enables automation that supports continuous compliance. It empowers IT teams to determine the ideal configuration across the environment, prevents unauthorized changes, catches deviations, and corrects the system back to desired state (often with self-healing capabilities, depending on the configuration management tool).

Without configuration management, environments can fall into chaos and disorder, with variant configurations on different computer systems. Consistency matters, especially across enterprises, so that changes can be made efficiently at scale. Configuration management enables organizations to facilitate continuous delivery, streamline updates and upgrades, and improve stability across environments.

What are best practices for configuration management?

Configuration management starts with defining the desired state of your environment. Once you understand and codify the components that make up the computer systems in your organization, configuration management can help you establish and maintain that desired state across environments.

The best configuration management processes result in systems that share as much commonality as possible, require as little bespoke work as feasible, and comply with all applicable internal and external compliance requirements.

As mentioned, manually handling configuration management processes isn’t realistic for larger organizations. A configuration management tool, like Puppet Enterprise, makes this an automated process that frees IT to focus on other priorities. No more 2 a.m. alerts!

What do configuration management tools do?

There are several factors to consider when selecting a configuration management tool. Provisioning, monitoring, cataloging, continuous delivery, and reporting are all IT infrastructure lifecycle components that should integrate with configuration management.

The tools should also offer the flexibility to both manage systems on an ongoing basis and perform ad hoc administrative actions when required. They should also allow systems to be self-healing to enable continuous compliance.

A configuration management tool should enable you to:

  • Define, test, and deploy changes with infrastructure as code using task-oriented or model-driven workflows
  • Assess configurations, lay down baselines, and automate standards for continuous enforcement of desired state
  • Manage the state of your infrastructure with a dashboard view of inventory across the organization and track exceptions in a repeatable way
  • Manage changes at scale with control and auditability; track and report on corrective and intentional changes from a centralized interface
  • Reduce operational risk with a consistent and predictable environment that meets security and compliance requirements
  • Manage drift between the desired and actual configuration state with agent-based drift alerting
  • Safely scale automation across teams with greater insight into proposed code changes while avoiding conflict and collisions
  • Stay compliant with automated patching workflows and eliminate multiple tools and manual, error prone processes
  • Build security, compliance, and operational policies right into your infrastructure with policy as code
  • Enforce your system’s desired state; automatically assess compliance with specific guidelines such as CIS and NIST

How can I get started with configuration management?

Here’s how to get started with configuration management:

  1. Begin by assembling manual checklists and build documents into a common grouping of configuration options that exist on all (or most) systems. Focusing on the most common patterns first will help save the most human effort and bring immediate automation benefits to your organization.
  2. Ensure that monitoring, anti-virus, and other highly common software are included in the checklist as well.
  3. Categorize systems based on what must change to make them specific to certain applications, geographic regions, or other categories to build reusable, recomposable blocks of infrastructure as code.
  4. Select a configuration management tool.

Recommended for you

Puppet offers several ways to get started with configuration management. The Puppet Forge has more than 7,000 ready-to-use modules to help install software, maintain websites, run databases, manage operating system parameters, and thousands of other tasks.

Puppet also offers free training options including instructor-led classes, web-based labs, and self-contained virtual environments to safely explore how Puppet can help you move from configuration management to configuration excellence.