Configuration drift is a widely experienced problem felt by most, if not all IT departments. While there are a variety of causes of configuration drift, the degree of impact can vary from merely annoying to catastrophic. It usually plays out like this: Your team is rolling out a new web based application. Everyone is fired up because it works great in Dev, and Staging. But suddenly and without warning it goes haywire in Production. What in the world is going on? You know you have to quickly get in gear and roll it back. You dig through your logs and config files and try to locate the problem child. Ugh, all machines are supposed to be configured the same. What went wrong?
There are a variety of causes, but it all boils down to too much complexity.
The usual suspects include the following:
- An engineer makes a conflicting update to a package or service
- A new version of an app is released
- Someone ran an OS update that caused downstream havoc
- To hit a deadline, a well-intentioned developer made a change to a config file
- Changes to network devices
- Someone hacked you or ‘blessed’ you with a virus
The list goes on…and on…
Changing this, breaks that
You might be detecting a theme here. Drift happens. You employ smart IT professionals. You use top-notch tech vendors. And you run a tight ship where everyone is working responsibly. But the fact is that sometimes “changing this, breaks that”.
A note about agile and config file proliferation
While Agile is a powerful approach to IT, it has the unfortunate side effect of causing a proliferation of config files. This proliferation is a natural outcome of having multiple IT colleagues work in parallel on the same apps at the same time – each creating their own modified config files in the process. With this new complexity introduced by Agile, auto remediation is likely no longer just a “nice to have”. IT organizations will need the power of true auto remediation to address “drift to the power of agile”.
Config Monitoring tools are a good start, but they cannot prevent configuration drift
There are now configuration monitoring tools to help you detect config drift. Knowing you have a problem is the first step in fixing it. Amazingly, despite the widespread use of config monitoring tools,
1/3 of IT pros admitted that they did not know how their organization detected configuration drift.
Other approaches to fixing configuration drift include hiring top flight people and running very tightly controlled processes. Monitoring drift, employing smart people and using well-defined change processes certainly helps matters, but it’s not enough.
How easily can you detect configuration drift?
Slide Orange bar to compare Visibility before and after Orca.
Multiple windows searching for that non-compliance needle in a haystack vs. at-a-glance drift detection and ecosystem visibility.
Configuration drift: Don’t just detect it. Correct it.
Wouldn’t it be nice to have a tool that actually did the heavy lifting of managing your fragile middleware and app configurations? IT organizations of all sizes are seeking new ways to apply the principles of IT automation and DevOps across the enterprise. What the industry needs are not only automation tools to detect drift, but also to correct drift. More specifically, many organizations are seeking configuration tools to automate config inventories, config changes, config diffs AND configuration remediation. Configuration Remediation is the next frontier in addressing drift — the ability to know ahead of time that “fixing this will break that” as well as the ability to automatically fix configuration errors before they do widespread damage.
One example of configuration remediation is Orca which uses a novel Configuration Normalization Engine to (you guessed it) normalize and centralize configurations (whether they are dynamic or file-based) and their interactions between related applications and middleware. The output is a human-readable format that helps the user to view drift and to apply changes. This configuration normalization engine makes config drift highly visible and it controls where, when and how changes are deployed.
After Orca’s Configuration Normalization Engine does its work, you now have several powerful options as your next steps:
- Simply view the configuration data
- Detect drift your way. For instance you can compare your normalized configurations to
- A Gold Master
- A Reference Point in Time
- Apply your own custom compliance rules including
- Apply Rules such as
- =, ≠, <, >, or value range
- “Same as”, “Different than” or even “Similar to (config data on another node)”.
** This powerful tool is what helps you relate apps to one another, which in turn helps you to know beforehand that “changing this will break that”.
One size does not fit all. With Orca you can detect drift and correct drift your way!
Contact Orca today to see for yourself how Orca’s Configuration Normalization Engine addresseses config drift in your environment.