Configuration drift can lead to all sorts of problems including security, compliance, performance, and availability issues that can have a material impact on business.
This, along with the high labor cost of manually managing configurations, has driven most IT organizations to use scripts or purpose-built automation tools to do the job for them. In theory, this should reduce drift because the infrastructure settings will revert back to their approved configurations the next time the scripts or automations run.
In practice, however, it isn’t possible to keep infrastructure configurations completely consistent relying on scripts or automation tools alone:
- It takes time to write, test, and maintain scripts or automations, and it’s just not feasible to do this for every element you might want to manage
- Each new element managed may have interactions and dependencies with other infrastructure components the administrator may not be aware of
- Because automation tools work explicitly, keeping items off your infrastructure requires you to specify each item you don’t want
Automation Only Approaches Fall Short
If you are like most IT organizations, you probably follow the 80/20 rule and your administrators focus 80% of their time on the configuration elements that they consider most important (along with a few known entities they don’t want manually added). This leaves quite a gap where drift can happen, and while it may not always be catastrophic, the effects can be unexpected and take a lot of time and effort to track down.
Another approach is to keep the lifespan of infrastructure short and rebuild it frequently, but what if a non-standard element was added or a setting changed that wasn’t properly documented or communicated. Perhaps it was a port that was closed based on an audit or a file used by an application to check which customers are current and which are not. Refreshing the configuration without being aware of these items could have a disastrous impact on your business.
- Software packages may have dependencies on other packages, middleware, etc.
- We leverage your scripts and automation information to provide an accurate view of the current state of configurations
- We help you compare the current state of configurations against what’s expected
- We ensure everyone knows about the scripts, automations, and people who might make configuration changes
- We enable you to broadcast upcoming configuration changes so stakeholders can react as necessary
- We make sure everyone understands the impact to policies for elements that have drifted (or may drift)
We also facilitate capturing and proactively communicating out-of-band changes through our unique social collaboration capabilities – helping you identify and approve exceptions or restore configurations to their approved state.
ITinvolve ensures the actions you take in response to drift are informed so you don’t create other issues when resolving a drift situation. And we help you stop drift in the first place by raising awareness of approved configurations and engaging the right experts when someone starts to plan an action that might create drift.
- Automations – fully manage your automations including what they are intended to do, where they should be run and when
- Capacity and Performance – maintain approved configurations to meet capacity requirements and maximize performance
- Compliance and Policies – Ensure regulations and policies are adhered to when drift occurs
- Environment Synchronization – align pre-production and production settings to improve testing quality and deliver smooth application releases