Updated on June 29, 2018 by UpGuard
In a few short years DevOps has gone from a fringe movement to a must-have for any IT leader. There's a lot of buzz around it, but there's alot of practical knowledge in there as well. Provisioning environments, deploying applications, maintaining infrastructures--these are all critical yet delicate tasks traditionally done by hand. What if we could get a machine to do all that stuff for us, not just saving hours of work but also removing the element of human error?
And so began the boom in configuration management (CM) tools. Some regard CM solutions as "DevOps in a Box," but that's not right. DevOps is about collaboration between people, while CM tools are just that: tools for automating the application of configuration states. Like any other tools, they are designed to solve certain problems in certain ways. How effectively they do so depends on the knowledge and ability of the person wielding them.
We've made it easy to get a quick overview of each tool and compare it to alternatives, so you can find the configuration management tool that's right for you (and be able to explain why you didn't choose options X, Y, and Z).
Automating changes to your infrastructure's configuration state is a double-edged sword: you can make changes very quickly, but someone or something else needs to validate those changes. In considering which configuration management tool to select, you should also think about which complementary tool(s) you will use to avoid the costly effects of automating the deployment of bugs in your infrastructure-as-code.
CFEngine is one of the older CM tools. We compare it to Puppet, also an established technology:
"CFEngine runs on C, as opposed to Puppet’s use of Ruby. C is the more low level of the two languages, and one of the main complaints regarding CFEngine is that the learning curve is very steep. It does mean though that CFEngine has a dramatically smaller memory footprint, it runs faster and has far fewer dependencies."
Puppet's annual "State of DevOps" report is one of the best resources for trends in DevOps. Knowing the strengths and weaknesses of the Puppet platform is increasingly important for people in operations.
"It is frequently stated that Puppet is a tool that was built with sysadmins in mind. The learning curve is less imposing due to Puppet being primarily model driven. Getting your head around JSON data structures in Puppet manifests is far less daunting to a sysadmin who has spent their life at the command line than Ruby syntax is."
We compare Puppet to Chef, its closest competitor: Puppet vs. Chef
Next to Puppet, Chef is the other heavyweight in the CM and automation arena.
"Like Puppet, Chef is also written in Ruby, and its CLI also uses a Ruby-based DSL. Chef utilizes a master-agent model, and in addition to a master server, a Chef installation also requires a workstation to control the master. The agents can be installed from the workstation using the ‘knife’ tool that uses SSH for deployment, easing the installation burden."
See how it stacks up against CM newcomer Ansible: Ansible vs. Chef
Newer than Chef or Puppet, Ansible has nonetheless gained a solid footing in the industry. In fact, it's included in popular Linux distros such as Fedora.
"Currently their solutions consists of two offerings: Ansible and Ansible Tower, the latter featuring the platform’s UI and dashboard. Despite being a relatively new player in the arena when compared to competitors like Chef or Puppet, it’s gained quite a favorable reputation amongst DevOps professionals for its straightforward operations and simple management capabilities."
Check out the pros and cons of using Ansible: Top 5 Best and Worst Attributes of Ansible
The chief purveyor of the "infrastructure-as-code" ideal, SaltStack has gained a sizable following despite making a relatively late appearance on the market.
"Salt, like Ansible, is developed in Python. It was also developed in response to dissatisfaction with the Puppet/ Chef hegemony, especially their slow speed of deployment and restricting users to Ruby. Salt is sort of halfway between Puppet and Ansible – it supports Python, but also forces users to write all CLI commands in either Python, or the custom DSL called PyDSL. It uses a master server and deployed agents called minions to control and communicate with the target servers, but this is implemented using the ZeroMq messaging lib at the transport layer, which makes it a few orders of magnitude faster than Puppet/ Chef."
We compare Ansible with SaltStack, two newer players in CM: Ansible vs. Salt
Since launching back in 2013, Docker is a relative newbie that has taken the DevOps and software development world by storm. The key to Docker's success is its lightweight containerization technology:
"Their technology deploys software applications with all the necessary parts in a container, thereby ensuring it will run on any Linux server, regardless of configuration and/or settings. Containers can be created, configured, and saved as templates for use on other hosts running the Docker engine. These templates can then be used to create more containers with the same OS, configuration, and binaries."
Learn more about Docker: Getting Started with Docker
Not one to be outdone by open source technologies, Microsoft's solution for CM is PowerShell DSC:
"DSC is a new management platform in Windows PowerShell that enables deploying and managing configuration data for software services and managing the environment in which these services run.
DSC provides a set of Windows PowerShell language extensions, new Windows PowerShell cmdlets, and resources that you can use to declaratively specify how you want your software environment to be configured. It also provides a means to maintain and manage existing configurations."
Learn more about PowerShell DSC: Windows PowerShell Desired State Configuration (DSC) with UpGuard
Regardless of what tool you use for configuration management, the way to start your automation project is to discover what you have. Automating poor processes or poorly understood infrastructure is a fast and expensive way to multiple your problems. To truly get the most out of any automation tooling, you first need to understand where the landmines already exist.
For that, UpGuard Core offers a simple, three step process to discover, control and monitor your infrastructure to prevent outages and security breaches.
Misconfigurations are an internal problem that emanate from within the IT infrastructure of any enterprise; no hacker is necessary for massive damage to occur to digital systems and stored data. And the problem is pervasive, with Gartner estimating anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems.