What is Configuration Management?

What is configuration management? 

Configuration management is a procedure for ensuring that computer or device systems, servers and software are in a consistent, functional and intended state. Configuration management plays a key role in making sure that a system functions properly despite changes being made. 

Managing configurations between devices as part of a system requires the desired state for the system to be outlined, which then needs to be established and maintained. Similar to configuration assessments and drift analysis, configuration management requires both of these to detect systems in need of update, reconfiguring or patching.

Why is it important?

Configuration management reduces the needed to enforce changes manually upon certain devices or a system part of the overall business network, saving time for those in charge of IT matters, enabling them to focus on more important aspects. The need to manually document changes also reduces due to the automation of the process. As a combination, the chance of a network and device intrusion decreases.

Configuration is an integral practice for device management as without it, consequences such as poor performance, inconsistencies or non-compliance may lead to negative impacts upon business management, security and reputation.

It is difficult to manually pin-point systems that need attention, establish correction steps, prioritise actions and validate completion for large scale networks. Without records being made, maintenance and change control procedures, system administrators and software developers may be unaware of system updates made and what the server contains.

Configuration management enables you to enforce system settings and maintain those systems regarding base settings. The practice helps users, IT staff or system administrators know the state of embedded applications and where certain services can be located.

Effective configuration involves:

• Identifying and managing systems by arranging them into groups and subgroups.
• Central modification of fundamental configurations.
• Roll out updates for settings.
• Automation of system identification, updates and patches.
• Recognising outdated systems that function poorly and are non-compliant.
• Prioritising actions that need to be taken.
• Accessing and enforcing established remediation. 

Benefits of properly enforcing configuration management 

Asset recovery 

In the case of a cyber incident, effective enforcement of configuration management will enable assets to be recoverable. This can be applied to rollbacks. In the case of a bad code being rolled out, the software prior to the roll out can be attained again. 

Site reliability 

The term ‘site reliability’ can be defined by how frequently, your site is in service. In the case of site downtime, costs can add up to thousands per second depending on the company. A common cause of downtime is ineffective deployment which can be caused by a different running time for production and test servers. Configuration management can coordinate and manage the running of different applications. 

Easier scaling 

Configuration management enables the site owner, manager or administrator to know the state of the service. In this case, if is decided to increase the number of servers being run, clicking a button is all that is required. 

The concept ‘declarative style’ regarding configuration management 

Once you start searching for configuration management tools, a term that you will repeatedly come across is ‘declarative style’. 

This means…

Inputting your request into your software what you desire for the end result. 

The opposite of this is ‘procedural style’ which refers to you providing instructions on achieving the endpoint and not requesting an end state. 

The importance of declarative style for configuration management 

Declarative style is important as configuration management requires the site administrator to be fully aware of the current state of applications. Therefore, when configuration management tools are implemented, it is better to use a declarative style to request the intended end result and not the steps required to get there. This ensures that the intended end state remains recognised as well as how changes have been made overtime. 

Common tools that fall under configuration management

Configuration management tools 

The tools that are commonly associated with configuration management include Chef, Ansible and Puppet.

Infrastructure-as-Code Tools 

Also referred to as provisioning tools, tools that fall under the IaC tools include CloudFormation and Terraform. Configuration management tools consist of the setup needed for your assets while provisioning tools cover how those assets are attained. The line between the two is slightly blurry and many would regard it to be counterproductive to use configuration management tools for provisioning. 

Pipeline tools 

Well known tools that fall into this branch include Jenkins, CircleCI and GitLab CI. The use of tools to codify the build process makes it easier for developers to understand the modification and creation of the intended product, which falls into configuration management.

Source control tools 

Tools that fall into this category include GitHub, SVN, GitLab and Bitbucket. Automation needs to be codified in scripts and addition to this, changes need to be tracked to accomplish configuration management. 

Which step do you need to start with in configuration management?

Do you first need to research tools? Implement automation? Examine the existing servers? Communicate with other employees in your company? 

It all depends on where your system is currently at and where you are. You need to consider your current situation, the resources available to you and your company as well as the limitations you may need to handle. 

With that in mind, here are three starting points for you to consider:

1. Examine your software/hardware – What software do you use? What is the state of the software that you use? Has the state been recorded? Are the instructions for setting up and running the software known?
2. Perform an assessment of what tools exist – Carry out an assessment of the available tools that exist in the market, including the ones listed in this article. Determine which tools will be more helpful for you to use to solve whichever issues you are currently experiencing regarding configuration management.
3. Read about the best practices – Successfully implementing configuration management is a difficult, time-consuming task. Therefore, you will need to examine different approaches to configuration management such as IaC. 

About Securiwiser

We aim to provide our clients advice concerning implementation of various specific cyber security methods, some of which will be more suitable than others depending on the business type to help ensure the cyber health of our client’s system. 

Furthermore, business owners, employees and general users may forget to conduct regular scans to monitor the health of their operating system, which criminals can take advantage of to gain unauthorised access by exploiting unrecognised, underlying vulnerabilities. 

Securiwiser can conduct regular scans for your system and provide a detailed cybersecurity risk assessment and a cybersecurity vulnerability assessment. We can further explain detected vulnerabilities and risks in detail to our clients and provide the best course of action that will save your business time and money.