Services are the programs that run in the background on servers. All OSes come with a set of base services and most software utilizes services as well. Effectively managing servers means controlling these services—knowing what is there, what should and shouldn’t be running, whether or not services will automatically start on (re)boot and who the services should and shouldn’t run as. We’ll go through each of these pieces to see how a strong service management policy can help reliability and security in the data center and how configuration management and testing is key.
In terms of what they do and how they work, Tripwire and Puppet have little overlap. Tripwire is for monitoring changes and Puppet is for configuring servers. The reason for tracking changes and configuring servers, however, brings them together as two approaches to compliance automation and, ultimately, reducing risk in computing systems. We’re going to compare Tripwire to Puppet here, not necessarily as identical tools, because they do have mostly different functionality sets, but how they fit into an IT environment.
This is a tale of a newcomer vs a relative oldie in the Configuration Management (CM) arena. Both are tools to help the sysadmin or devops professional to better manage large numbers of servers. They excel at stuff like repetitive task automation, simultaneous deployment of apps and packages to a group of servers, or configuration and provisioning of new servers from scratch.
Opsworks and Chef are very similar Configuration Management (CM) tools. Opsworks is actually built on the Chef framework, then customized for Amazon’s giant cloud environment AWS. Hosted Chef is an IaaS solution from Chef parent company Opscode, in which they host the Chef server for you, and it in turn manages and communicates with your nodes, which are most likely also hosted in a cloud infrastructure such as Amazon’s EC2 infrastructure. So both solutions are evolutions of the traditional CM tool, now tweaked for cloud-hosted environments. Let’s peek behind their respective curtains.
There has recently been a huge growth in the number of Configuration Management (CM) tools available to the sysadmin or DevOps professional. Well, ‘huge growth’ really means an increase from just 2 or 3 in the early 2000’s (CFEngine comes to mind as one of those early pioneers), to about 20 today. Many of these are little-known niche products, but some bigger names like Chef have passionate adherents, and equally passionate detractors.
The sysadmin or devops pro of today typically needs to manage a large numbers of servers, often automating some tasks or performing the same action several times over, like installing and provisioning a new server, rebooting a set of servers at specific times every day, deploying the same package to a group of servers, and so on. For such busy folks, Configuration Management (CM) tools like Ansible and Salt are absolute lifesavers.
Two factors have resulted in a corresponding increase in the number of servers supported by today’s sys admin - virtualization and the massive growth of computing in the organization. Even in small and medium-sized companies, it is not unheard of to have a sys admin supporting 4 servers or so. And of course, this number only goes up as the size of the organization increases. Enter configuration management (CM) tools like Puppet, Chef and Salt. Make no mistake, any of these tools will truly simplify your life as a sysadmin, by automating and minimizing the drudgery of manual server setup and creation. But which one should you go for? As with IOS vs. Android vs. Windows Phone, X-Box vs. PlayStation vs. Wii, each has both diehard loyalists and vociferous critics. The answer, again as happens in many of these wars, is that you need to match and compare each contestant’s capabilities to your own needs, and judge for yourself.
Cyber resilience is a fundamental change in understanding and accepting the true relationship between technology and risk. IT risk (or cyber risk, if you prefer) is actually business risk, and always has been. And the cybersecurity industry, for what it's worth, has generally avoided this concept because it goes against the narrative that their respective offerings—whether it's a firewall, IDS, monitoring tool, or otherwise—would be the one-size-fits-all silver bullet that can keep businesses safe. But reality tells a different story.