In Best Practices, Blog

Recently there has been some talk about how to do configuration management (CM) through just shell scripts. The momentum in this area has been building – from what I can tell – because IT folks don’t want to learn yet another language. Configuration automation tools – of which there are many – generally force you to work in their language. While these systems are incredibly powerful, many people don’t want to learn a new language and be tied to writing all of that code. There’s a group of people that want to just write shell scripts – of which they have many and can whip out new ones quickly – to accomplish their tasks.

We were reminded of this recently with a spirited thread on Hacker News and then another post about this issue on DevOps.com. To be fair, the views actually seemed to indicate that there are really a multitude of needs here. Some needs really are met quite well with the configuration automation tools – things like deployment of an application after a server is spun up – while others are not met so well with these tools – tasks such as ad hoc or complex tasks with decision points and real-time triggers.

Our perspective on this issue is that we might have a little bit of a naming issue along with some extension of what tools are good at. The current crop of configuration management tools seem to be excellent at what they do. But they really seem to be configuration automation or deployment automation tools. There seems to be a desire to use these tools to do much more, but unfortunately they aren’t really set up for that! Generally CM tools run on a scheduled basis and execute their tasks. A short-time later they will come back around and re-execute those tasks to baseline any changes that could have happened on the system. This way the systems all stay consistent. Huge value for any organization.

We also think that there is a layer of solutions necessary post-configuration. We like to call these tools server management solutions. There are any number of tasks that need to happen after servers and applications are configured, yet, aren’t easy to execute with a CM tool. Let’s give you some examples: know what users are on your systems at this moment in time, get a list of all tasks being executed on your servers, based on a brute force attack deny access to that IP, post-process database data to generate metrics, search for a malicious file on your servers, or any number of other examples. The truth is that there are many, many tasks that are critical and important business process tasks that are difficult to automate inside of a configuration management solution. Another category of tasks are things that need to be automated by developers, but run by operations on occasion. These might not be tasks that are run regularly and therefore are included in a set schedule, but developers need to script out the set of tasks for operations personnel (e.g. debugging tools). The developers just want to give the ops folks a way to execute this task whenever they need to. This is another key example that doesn’t work inside of CM solution.

What is missing in our lexicon is a server orchestration tool or platform? Our hypothesis is that organizations are really desirous of two things here – one, a tool that can configure and set the infrastructure; two, a tool to execute server tasks ad hoc, scheduled, and/or with events/triggers. If we can start talking about these areas as separate needs, I think each need will be met with the right solution for the job. Mixing the two and trying to have one solution do both minimizes the depth needed in each area to solve the problem.

This area is really interesting to JumpCloud as we recently released our server orchestration functionality as part of our Directory-as-a-Service® platform. We often will get the question of how we compare to CM tools. Our device management functionality is not meant to replace a CM tool. Many companies have done a great job of deploying and implementing these tools. They should continue to use those. We believe that JumpCloud can be complementary to these tools and fill a void that is left on the command execution side for a variety of devices including Macs and Windows. JumpCloud lets you execute tasks through commands or scripts ad hoc or scheduled. You can use whatever language you want for your scripts – whatever is supported by your servers. Also, after you execute you get full logging, reporting, and auditing giving you a great view of what took place – that’s a key step for task execution. As you can see, our device management functionality is aimed a little differently than the CM tools and as a result, both may have a place in your tool box.

Learn More About Device and Configuration Management

We’d love to hear your thoughts. Drop us a line or give JumpCloud a shot. It’s a comprehensive Identity-as-a-Service platform that includes a variety of interesting capabilities including device management, centralized user management, virtual LDAP support, True Single Sign-On™, WiFi authentication, and multi-factor auth among others.  It only takes about 5 minutes from the time you hit our site to getting it up and running. We look forward to hearing your thoughts and feedback.

Recent Posts