Ruslan Grumble - Fotolia
- Meredith Courtemanche and Jan Stafford
The benefits of configuration management tools are plain to see. What's blurrier is how to get independent, sometimes-siloed and always-overworked IT teams within an organization to all work on the same tool.
Configuration management tools enable rapid and consistent deployment of software, infrastructure and patches. Configuration management frees IT operations teams from manual provisioning work in any IT service delivery setup. In particular, it proves beneficial for CI/CD and microservices deployment, where new releases occur more frequently than in other approaches, and infrastructure must adapt at the same pace.
No matter the returns on the technology, enterprise IT organizations frequently encounter problems with a configuration management strategy. Various internal teams select different configuration management tools. Team members resist the burden of a steep learning curve with a new tool. Or people stick with their habits because they are simply too busy or distracted with existing work to change.
"There are high performers who tend to have their own tastes, [and] there are others who are trying to catch up to that," said Suranjan Chatterjee, global head of the cloud apps, microservices and API unit at Tata Consultancy Services. He cited "a lot of tensions and sensitivities" when diverse teams in a large group must collaborate.
To increase automation and win the war on configuration drift, IT organizations should prepare a solid configuration management strategy and evaluate tools specifically based on how easily they onboard and support users. Vendors offer diverse means to help incentivize use and standardize on a given tool.
There's no guarantee that 200 infrastructure managers and four cross-functional DevOps teams will convert to one tool without some grumbling, but these configuration management strategies have worked in other organizations.
"You're dealing with how people learn," said Brittany Woods, an automation engineer at Carfax, a web company that distributes vehicle history reports. Woods, who shared Carfax's adoption story at Chef's 2018 user conference, recommended "guardrails," or restrictions that help establish a baseline of common best practices. Address knowledge gaps with internal trainings -- Carfax established quarterly courses -- in addition to the vendor's materials. Make sure staff members can actually do tasks when they leave a workshop, and give them supporting documentation. "You can't manage the systems if you don't know how to use the tool," Woods said. Mix formal and informal training with a focus on teamwork and team organization as part of the overall configuration management strategy.
Set a clear agenda, but adapt as tool use matures across the organization. "Standardize early, or expect chaos," Woods said. On the flip side, learn where to pull back and enable creativity. Start the configuration management push with weekly meetings, but space them out more as it becomes a normalized part of the teams' jobs, she advised.
Most importantly, establish communication so users can articulate difficulties, voice concerns and suggest improvements, but don't "feed the anger beast," Woods said. Discuss restrictions in the adoption strategy and explain how those might lessen in the future.
Chatterjee said team-building exercises and collaborative goals support this emphasis on a shared mission. "Some of our customers have set up some collaborative matrix as part of the goal sheet of individuals, and obviously it is rewarded and incentivized," he said.
While Woods stressed that you don't have to be a manager to incite change, Chatterjee noted that top-down support is nevertheless crucial. Walmart, which shared its Puppet adoption story at the vendor's user conference this year, used incentives to get internal groups onto the tool. The company also recognized individuals -- not just leaders -- for their accomplishments during the process. Companies that don't incentivize tool standardization put their teams in peril. An Agile software engineer for a major insurer, who spoke on condition of anonymity at the same conference, headed a pilot project to move to a single collaboration tool, without incentives. Groups were reluctant to change and resisted the switch from a tool they'd sourced independently. The rollout led to complaints, and the engineer felt it set back her career.
Vendor features encourage configuration management adoption
No amount of flexible orchestration or desired state enforcement matters unless users have a low barrier to actually try the tool. Product vendors have several approaches to encourage onboarding. Red Hat Ansible, for example, relies on a simple human-readable YAML format to bring in everyone from compliance officers to network admins.
A large, privately held U.S. bank started with Ansible to automate compliance remediation, which was previously a never-ending manual process, said Caleb Cotton, a Linux engineer at the bank. With the successful initial implementation, the bank decided to evaluate other ways to use Ansible, such as server builds on the VMware virtual environment and as a way for developers to kick off infrastructure builds for software deployment. Add-on growth requires a configuration management tool that can scale to massive sets of infrastructure, and Red Hat is focused on enhancing performance and scalability in the product's architecture.
Select a framework that starts simple and grows with the team, or teams, that adopt it as part of a configuration management strategy, said Omri Gazitt, chief product officer at Puppet. Quick wins on high-value projects, such as a set of standardized baseline Linux OS images, provide momentum to push the configuration management tool into more systems -- such as Windows and AIX -- and more uses -- such as application delivery and container management. Gazitt recommends that organizations make use of tools' role-based access controls to scale configuration management broadly across enterprise IT without sacrificing change management and control.
Brittany Woodsautomation engineer, Carfax
Automation proponents should work to involve the people who typically would throw up obstacles: security and legal departments, for example, said Christopher Little, an analyst at Gartner. If you show them how configuration management automates the setup of instances that comply with corporate security and legal standards, that gives you an ally within the organization to expand its use.
For example, SaltStack SecOps combines configuration management with event-based automation and security-policy audit in orchestrated workflows to bridge the gap between security and operations teams in response to security threats. "Tool use proliferates across enterprise IT teams when the tool can help people solve problems," said Thomas Hatch, CTO of SaltStack.
Chef also recognized the need to hook users on the platform. "You can't tell people to go install Chef if they're skeptical about whether they want [or] need it. Just try a [configuration] recipe we already have, and compare it to your folder of shell scripts or clicky-clicky routine," said Julian Dunn, director of product marketing at Chef, speaking at the company's 2018 user conference. Chef Workstation enables users to run Chef commands without installing anything, and it does not require that Chef already manage the target systems. Workstation allows people to replicate the tasks they do ad hoc and experience the community content library before they invest the time to fully learn a tool, Dunn said.
That ecosystem of community content is as important as the engine that orchestrates configurations. "Community resources is one of the advantages of the open source tool options," Little said. Over the decade or so since open source configuration management tools debuted, adopters have contributed content into their respective ecosystems, creating far larger libraries than for traditional, proprietary tools, Gazitt noted. He posits that organizations should look at the content ecosystem's size, active and ongoing community engagement, and whether the modules available support your organization's specific needs.
Each major tool offers a corresponding repository for content sharing: Ansible Galaxy, PowerShell Gallery, Puppet Forge and so on. Vendors often publish statistics on the size and growth of community content repositories. For example, Microsoft reports that the number of PowerShell Desired State Configuration resources in the PowerShell Gallery nearly doubled in a span of a few months in 2018, and the company improved Gallery's download speeds as well as security this year.
In 2018, Ansible created certification within its Galaxy community site, with a testing framework to validate that community-created and other third-party content performs reliably and as intended. Users will also be able to score content's suitability for a given-use scenario, providing a ratings system for peers, said Jason McKerr, senior director of Ansible and Ansible Tower at Red Hat.
SaltStack has what user Jens Rantil, a backend, security and infrastructure engineer, called a mature community in terms of tone and collaboration.
Decide why before you figure out how
The most important decision in a configuration management strategy, as the preceding adoption stories illustrate, is never the tool itself. What matters most is the ways of working that surround a tool's use in software development and delivery or support organizations. "You've got to have a focus on the people or you're going to fail, out of the gate, without question," said Brandon Carroll, director of transformation, DevOps and cloud services at TEKsystems, an IT services provider that works primarily with large enterprises.
Be leery of leaders who do not have a sense of why they're rolling out a configuration management strategy, Carroll said. For example, if the CIO says, 'We're going to become Agile,' be sure that they have clear reasons to change the way the server admin, the dev lead, the ops director and everyone else works, he said.
Automation gets people dusting off their résumés, Carroll warned, but it doesn't have to. Configuration management tool adoption isn't likely to reduce headcount. Small initial projects with tool-based automation show team members that they still provide value beyond those rote tasks.
"That's why we start small and scale," Carroll said, to avoid the "automation-to-nowhere" trap.
Dig Deeper on Configuration Management and DevOps
The 8 leading options in network automation tools
Compliance automation prevents regulation audit snafus
How a domain-specific language affects configuration management
Chef InSpec widens the compliance-as-code possibilities with v2.0