A Deeper Look at Automating Server Management in the Cloud

Why is server management different today than in the past?

With the explosion of cloud servers, virtual instances, and cost-effective physical servers, there is a significant challenge that IT organizations face: managing and maintaining all of those servers. Today’s modern day servers are generally single purpose workhorses running applications, Web servers, or infrastructure tools. Scaling has generally shifted from vertical approach (i.e. bigger, stronger servers) to more horizontal scaling (many more servers) – Docker and containerization are even accentuating that approach more. This is generally due to the advent of virtualization / containerization which is enabling efficient and cost-effective single purpose server instances and containers. As a result of this exponential growth of servers, system administrators, IT ops, and DevOps personnel are left with the task of managing and maintain their server infrastructure.

As the IT space has evolved, so has server management. Today, server management is a very focused area of the server lifecycle which encompasses provisioning, configuration, monitoring, and management. Each of these areas in past eras would be included in the server management realm, but today with cloud providers specifically focused on provisioning servers, open source tools automating configurations, and a variety of server monitoring tools, the area of server management has evolved.

What is cloud server management?

Server management in this era is a focused area where admins are managing the following:

• User management – the adding, deleting, and modifying of privileged user accounts. Today user management encompasses issues such as secure access through SSH keys, multi-factor authentication, authorization of specific privileges, and the monitoring of privileged command execution. As server access control has become a significant attack vector, this area of focus is critical to ensuring the safety of your application, data, and server infrastructure.
• Patching / hardening – another critical area of server management is ensuring that servers are patched with the latest code updates and that unused services and ports are turned off. This area has also changed significantly with more software vulnerabilities being found and a more rapid pace of functionality updates. Keeping up-to-date on patches is a significant on-going effort involving an understanding of which updates are critical security updates, important functionality updates, or just general stability improvements. Further, updates need to be tested to ensure compatibility as well as stability with a virtually infinite set of different combinations of operating system packages, application packages, and custom code.
• Security – in the cloud era, servers are often on the frontlines and are directly accessible to the Internet. This often can cause breaches and compromises, and as a result, security becomes a top server management focus. Security tasks that are critical include monitoring for brute force attacks, intrusion attempts, compromised files, and outbound malicious traffic. While an enormous industry has been created around security, many of the solutions struggle in the cloud, are too resource intensive (time and money), and finally just provide little value. System administrators would be wise to focus on core areas of security: controlling who has access to your systems, ensuring that systems are completely up-to-date, monitoring users and critical activity of a server, and reviewing outbound connections to ensure your system isn’t compromised.
• Compliance – with countless Federal, state, and private regulations being enacted, compliance has become a way of life for many admins. Whether it just be auditing your servers every once in awhile or ensuring that systems are constantly compliant, these sysadmins need to make sure that they operate within the law. This includes managing to such statutes as PCI, HIPAA, and FISMA among many, many others. Compliant servers need to be managed in a certain way including such activities as controlling access, logging all actions on the server, ensuring that configurations and files are properly maintained and updated, and that security is handled properly. Compliance is a complicated area, but clearly, admins have to manage compliance activities on their devices, with the applications, and within their infrastructure.
• Task / workflow execution – many servers end up executing a whole series of tasks that when taken together end up being a business workflow to process data, produce analytics, or build your software systems among others. These tasks are carefully choreographed to ensure that the entire infrastructure works together to accomplish the business goal. More and more these days, server management is really as much about server orchestration as it is about “managing” or “maintaining” servers.

Interestingly enough, we have seen a shift in the market where activities such as provisioning, configuration, and monitoring have shifted into their own categories and separate from server management. This is an important distinction and a trend that we think will continue.

Ten to fifteen years ago, a critical part of managing your server infrastructure was to procure the hardware, rack it, stack it, and ensure that it was connected to the network. Often this included “burning in” the hardware through tests and running the hardware for a while. Now, though, provisioning has become the province of the hosting and cloud provider. While some large organizations may still purchase some servers, largely the market has shifted where the hosting and cloud providers handle these functions. Most of the top cloud providers today offer APIs to create new server instances. As a result, this area is largely not a critical task for system administrators – it is a task that can be outsourced or accomplished through hosting and cloud providers.

Similarly, many years ago, installation and configuration of software were critical tasks for system admins. While they are still tasks for admins today, they are handled completely differently through automated systems. Configuration automation solutions – and there are many of them – can quickly and easily handle the process of setting up all of these servers. It can be completely automated and without manual intervention. For larger organizations with significant infrastructures, this is a critical area to invest in and automate – it increases reliability and decreases time spent on configuring systems.

The last area that has really shifted out from under server management and into its own in-depth category is monitoring. With so much riding on the server infrastructure, organizations are measuring everything that they can – network performance, server performance, application performance, and any other vitals that they can monitor. This category has become incredibly deep with focused solutions to gather data and others to analyze data. Some of the core solutions in this area are open source while others have built significant commercial enterprises in this category. Regardless, server monitoring technology has evolved significantly in the last decade and especially around cloud and mobile solutions. Admins should take advantage of these innovations and treat this as a separate area from server management.

Whatever the ultimate definition sysadmins take on for server management, all of these tasks are critical to ensuring that an organization’s server infrastructure runs smoothly, is reliable, available, and secure.

Automating server management

The next part of the equation of server management is how to accomplish these tasks in an efficient, cost-effective way. Of course, if you only have a few servers, you may be able to manually handle many of these tasks. If your infrastructure grows or is already large, then manual management of servers is virtually impossible and high risk from a security perspective.

There are three major ways that organizations manage their server infrastructure at any reasonable scale:

1. Do-it-yourself scripts & cron – a staple and perhaps the first phase of introducing automation into any infrastructure has been do-it-yourself scripts and cron. Admins for the longest time have been excellent at taking specific tasks and scripting their way to automation and adding crontab entries to schedule tasks. That has saved tremendous amounts of time and increased reliability. This approach has worked well in the early phases where the infrastructure isn’t that large, but as it grows, the script approach begins to break down. How do you ensure that you know all of the servers in your infrastructure, can you access them all, can you track all tasks and scheduled events, can you ensure that your scripts are updated and versioned? All of these questions and many more emerge over time.
2. Open source frameworks – as the first phase of scripting breaks down, sys admins, ops personnel, and DevOps professionals will lean on open source solutions such as dsh, Capistrano, Luigi, Chronos, and SOS Scheduler. There are a large number of automation frameworks that can help with the heavy lifting. Often these tools require significant time and effort to implement, but they can be powerful. The benefits of open source platforms include the ability to completely customize the deployment and implementation to your needs. The downside is that these tools are primarily ssh-based, meaning that whatever server the tools run on must have ssh access to the servers being managed. This can be both a security and a management problem. And, of course, some of these tools require coding in a language like Python or Ruby, and that customization takes time, resources, and money.
3. Commercial solutions – as organizations continue to scale, they will often look to other solutions including commercial applications. Historically, there were large, heavy enterprise suites of software that helped with network and server management. Today, there are lightweight, SaaS-based alternatives to help manage servers. Many of these solutions are focused on cloud server or virtual deployments and can operate in the scale up/down environment. Functionality can vary widely based on each organization’s approach to the market. Some have focused on patching as the entry point and others have focused on security or compliance. Regardless, commercial solutions exist to execute on server management tasks. The benefits that commercial organizations promote is more turn-key solutions with little effort required on the part of the admin. The downside potentially can be less flexibility and cost.

As organizations grow their server infrastructure, they will often move through these different approaches and some organizations may use one, many, or all of these types of solutions. Ultimately, the goal of server management is to create and maintain a stable, efficient, and reliable infrastructure at a reasonable “cost” point.

At JumpCloud, we are spending a great deal of time working on how to make managing servers – especially the user management pieces much easier. We have built a Directory-as-a-Service platform that manages access control to servers whether hosted locally or in the cloud. In addition, a core part of the functionality is to enable the ability to execute commands and tasks on your servers. It’s an alternative to Microsoft Group Policy Objects for Linux (and Mac and Windows for that matter).

We know all too well that managing server infrastructures – whether large or small – is time consuming, tedious, and laborious. So, our goals were to create a platform that could help IT securely manage users access while also having the ability to execute tasks on their machines. The core of our solution is a cloud-based directory service that is centrally managed. Users can be easily on-boarded and off-boarded. Users can access servers via passwords, SSH keys, or even multi-factor authentication. If you would like to learn more about how to manage users on your cloud or on-prem servers via our Directory-as-a-Service platform, drop us a note. We’d be happy to talk more about how we can help, or give JumpCloud a try.