Updated on May 9, 2017 by UpGuard
Open-source vs. proprietary? In the software universe, this debate has raged on in almost all sub-sectors – OS’s, databases, and even in the CM arena, where SCCM vs. Puppet are two of the heavyweight champs slugging it out. But beyond that philosophical difference in origin, they also take two completely different paths to the destination of easing the sys admin’s life.
SCCM is a Microsoft product, which of course means it ties in very well with Windows environments, especially enterprise environments, but no other platforms (except as client machines on SCCM 2012 – more on that in a bit). Puppet is an open-source product that can manage Linux, Unix, Windows and even and Mac OS environments, though of course it cannot match the abilities of SCCM on Windows. So which one should you choose for managing your data center or multiplicity of servers that’s threatening to get out of hand? Let’s delve a bit more into them to find out.
What They Are
Puppet is the model-driven open-source CM from PuppetLabs. It’s written in Ruby, and has both a well-developed user interface and a CLI that uses either a Ruby-derived DSL or pure Ruby code, although this latter option is being deprecated. PuppetLabs founder Luke Kanies stated that: “One of the benefits of Puppet’s DSL—beyond the simplicity—is that it encourages the mental shift that Puppet requires. To use Puppet effectively, you need to think in resources, not files or commands. If you wrote your configurations in Ruby, you could easily just open files and run commands all the live-long day, but with the DSL, you have to learn to think in resources.” The user describes system resources and their states, and stores this information in files called manifests. Puppet includes a ‘resource abstraction layer’ that enables admins to describe the configs they want to manage and the actions they want to execute in high-level terms using the DSL. And a great benefit of this infrastructure-as-DSL-code approach is that you don’t have to worry about OS-specific commands and keywords. Puppet also has a great browser based UI for limited configuration and setup tasks, but most users will use the GUI as more of a viewing and reporting tool, and most fine-grained work will inevitably require learning how to use the CLI.
Microsoft’s SCCM (Systems Center Configuration Manager), or to use its official title ConfigMgr, was previously known as Systems Management Server (SMS). The latest version is SCCM 2012, and it can manage environments with Windows, Linux, Unix, Mac OS X and even mobile OS’s such as Windows Phone, iOS and Android. But the server console must be installed on a Windows server, and no points for guessing which OS platform it works best in. Also like other Microsoft products, almost all work will be done on the GUI, with some added-on support for programmatic interfaces like VB scripts. This makes it faster to learn and use, but less flexible than a CLI-centric tool like Puppet. One of the major changes in SCCM 2012 is support for BYOD (Bring Your Own Device). Microsoft recognizes that users are increasingly using devices not purchased by their workplaces’ IT, so it has added a way of automatically onboarding such devices into the SCCM-controlled network. SCCM of course uses and integrates very well with Active Directory and Group Policy to keep track of and roll out updates to all devices. Other notable features of SCCM are:
Community, Support, Pricing
Open-source platforms typically have a much greater sense of togetherness and product ownership. This is no different in the case of Puppet – an active user community and quick feedback and resolution are there when needed. That said, Puppet is the largest player in the open-source CM marketplace, and with that size comes some inertia to change and loss of agility. There have been some small but vocal protests in discussion forums about stuff like PuppetLabs’ slowness to resolve bugs and their pushing users towards the commercial enterprise version, where they make their money. Puppet also boasts having some large corporate clients on board - Reddit, Dell, PayPal, Oracle, Los Alamos Labs, and Stanford University. When going up against a big-name established behemoth like Microsoft, such clients offer a lot of credibility in the minds of potential clients and users. Like the open-source version, Puppet Enterprise is also free for the first 10 nodes but then after that costs $99 per node per year; tiered discounts are also available up to 2500 nodes. As previously mentioned, Puppet works on almost all platforms, but simply can’t match SCCM’s capabilities on Windows; for instance you cannot use Puppet for provisioning and deploying new Windows servers, and it cannot directly update AD to reflect the status of machines in the network.
With SCCM, many first of all have a problem with its closed-off, proprietary nature. That said, support from the user community is also very good. That’s not surprising given the dominance of Microsoft products, and you also get excellent answers and support from dedicated in-house SCCM pros, á la the Genius bar at the Apple Store. SCCM pricing is convoluted and not as straightforward as Puppet’s, especially if you are adding multiple servers, but this is common in almost all Microsoft products, and is actually easier to understand in the 2012 version compared to the 2007 version. To illustrate this clear-as-mud pricing setup, you need both client managed licenses (ML’s) and server managed licenses. Server ML’s are priced depending on whether you are taking up the ‘Standard’ or ‘Datacenter’ option, and also varies by the number of processors you have. So for example the top of the range 4-processor, datacenter server ML will cost $7230, and then you still need to factor in the cost of client ML’s ($62 - $121). SCCM will generally work out to be much more expensive than Puppet, is what we’re trying to say here. Read more about SCCM pricing here.
If you have to make a choice between Puppet and SCCM, first detail what your needs are, then look for the tool that best fits those needs. And remember, you are lucky to even have such a choice – just 10 years ago there was basically only one CM tool! The pros and cons analysis below may help your decision-making, as well this site that summarizes and compares features of both SCCM and Puppet.
Misconfigurations are an internal problem that emanate from within the IT infrastructure of any enterprise; no hacker is necessary for massive damage to occur to digital systems and stored data. And the problem is pervasive, with Gartner estimating anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems.