Updated on July 4, 2017 by UpGuard
Chef is one of the most widely-used CM tools today, arguably playing second fiddle to the mighty Puppet. The tool is written in Ruby and Erlang, uses a pure-Ruby DSL in the Knife CLI, and includes a nice GUI for easy management. Developers and DevOps types will prefer using Chef, much more so than sysadmins.
Two versions of Chef exist: the free, open source tool and the enterprise offering, which is then subdivided into hosted and on-premises (private) versions. Its eponymously-named parent company (previously known as Opscode) also entices potential clients by offering a free trial version of either Enterprise flavor, but only for a maximum of 5 devices and without corporate support.
Hosted Chef is cloud-hosted, and includes configuration support and provisioning assistance.
On Premises (Private) Chef is the enterprise version, but implemented within a customer’s private infrastructure. Minimal assistance and support for server provisioning is available.
Open Source Chef is free but with comes with no support and without many of the useful add-ons available in the enterprise versions.
There are a few more variants, such as Chef Solo: a decentralized, serverless mode of Chef, akin to a peer-to-peer Windows network with no domain controller. There’s also Opsworks, the tweaked version of Chef developed by Amazon specifically for use with AWS.
Hosted Chef is one flavor of the Enterprise offering. In this mode one’s cookbooks, roles and node definitions are stored in a scalable, cloud-based Chef server provisioned by Chef, Inc. No need to worry about hardware management and maintenance or software upgrades – one simply uploads the cookbooks and Chef does the rest.
There is a price to pay for this, though-- a steep price! Hosted Chef is priced as follows:
Launch package: $120/month, 20 nodes, 10 users
Standard package: $300/month, 50 nodes, 20 users
Premium package: $700/month. 100 nodes, 50 users
All these tiers are exceedingly expensive for most small and medium sized organizations. There is a small reprieve, however-- as mentioned earlier, one can get the full Enterprise Hosted Chef on free trial basis for up to 5 nodes, 2 users, with no support included.
Another point to keep in mind is that as a publicly exposed cloud service, Hosted Chef is vulnerable-- as are all externally-facing cloud services-- to nasty experiences over which one has no control like service outages and DDOS attacks.
On Premises (Private) Chef
With On Premises Chef, a Chef server to be run on-premises is provisioned by the customer. The main advantage over Hosted Chef, of course, is that full control over the server is maintained. Faster rollout and better integration is also possible since the server is likely to be physically closer to the rest of the customer’s network. And because On Premises Chef servers reside behind the customer’s own firewalls, the machines are shielded from any public global issues that may affect Hosted Chef customers.
With the release of Chef 11 in 2013, On Premises Chef has shifted away from a perpetual-license model to a monthly, per node model costing $6 per node/month-- the same as Hosted Chef. Standard support is an additional $3 per node/month, and the premium version is $3.75 per node/month.
Setting up On Premises Chef is no simple task. For instance, CouchDB, RabbitMQ messaging, Java, Solr, Ruby, OS-level dependencies, and web server configurations need to be set up/configured prior to setting up Chef on Ubuntu Linux. Mind you-- this is even before starting on On Premise Chef proper, which is itself another daunting beast to install/configure. The Chef learning curve is especially difficult for newbies; requisite Ruby proficiency and convoluted documentation targeted at experienced users make it even more challenging. One quickly begins to appreciate that sans expert assistance, Private Chef is not a product for novices. Help from Chef, Inc. is available in this case, albeit limited: intermediate Chef proficiency is expected by its customer support team. On Premises Chef is mostly used by organizations with in-house Chef SysAdmins or DevOps experts such as its largest customer Facebook.
Open Source Chef
The open source route may be a viable option for those highly confident in managing Chef. A large and active user community exists on various forums like Github, Stackoverflow, and a plethora of other Chef community sites. Subsequently, answers to questions, advice, or troubleshooting assistance is easily obtainable on the web. For those with less experience with the product, a popular mode of Open Source Chef called Chef Solo is also available. This serverless, scaled-down version is suitable for small setups, as it requires only a basic configuration to get up and running. Aside from this, reasonable expertise is still required to provision, install, configure, and deploy an Open Source Chef server from scratch.
Several concerns are worth considering before jumping head-first into Open Source Chef. For example, some knowledgeable insiders have raised serious doubts about Chef, Inc.’s continued commitment to the open nature of the Chef source code. This, of course, casts a degree of uncertainty around Open Source Chef’s future livelihood. Also, by opting for this DIY version of Chef, one forgoes all the excellent features of the paid versions, such as the GUI, useful analytics dashboard, bulk grouping tool, customizable views, and push functionality, among others. The latter feature in particular has been conspicuously absent from Chef products for some time now, only making its debut in Chef Enterprise 11. Prior to this, updates were pull-based, requiring agents to “dial home” to the Chef server to check for new updates. Changes defined on the Chef server therefore could not be propagated immediately to all node-resident agents in the environment.
As one of the most widely-used solutions for managing system configurations and automating IT environments, Chef currently offers three deployment options, each with their own caveats: Hosted Chef, On Premise (Private) Chef, and Open Source Chef. As an automation platform, Chef is worth considering due its large installed base; Puppet, the other market leading solution (and Chef’s arch-nemesis), is also worth exploring.
If the decision is made to go with Chef, the next question is which version: Enterprise (Hosted or On Premise) or Open Source. The table below offers some further guidance in making the right decision:
No worries about installation, upgrades, backups and maintenance
No worries about hardware upgrades and maintenance
Best for newbies because of extensive Chef, Inc. support and handholding
Very expensive: from $120 to $700 per month
Hosted in the cloud, therefore vulnerable to host provider service outages and security breaches
|On Premise (Private) Chef||
Allows higher level of fine-grained customization
Full control over your own environment; better security
Can seat your Chef server on your network, allowing faster communication and deployments
Still expensive: $6/node/month without support
Requires real expertise to configure and use
If you don’t know what you’re doing you can mess things up very badly
Not suitable for newbies or the inexperienced
|Open Source Chef||
Access to user community
Ability to tweak source code as you desire
Even more difficult to configure than Private chef – requires expertise in Chef
No upgrades or support from Chef, Inc.
Doubts about Chef, Inc’s continued commitment to the open-source model
Misconfigurations are an internal problem that emanate from within the IT infrastructure of any enterprise; no hacker is necessary for massive damage to occur to digital systems and stored data. And the problem is pervasive, with Gartner estimating anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems.