Forrester Tackles Challenge of Defining and Evaluating “Configuration Management”

November 7, 2018 - Marc Chenn

In 2017 the Forrester analyst team serving infrastructure & operations professionals took on the very ambitious (some might call it crazy) project of running a Forrester Wave evaluation on the configuration management software market for the first time. This wasn’t easy and there are many good reasons why no other IT industry analyst firm has run its own evaluation of the configuration management software market. Forrester tackles the configuration management challenge.

Fast forward a year, and the Forrester team led by Chris Gardner is at it again. Earlier today Forrester published The Forrester Wave: Configuration Management Software For Infrastructure Automation, Q4 2018 (subscription required).

Kudos to the team for not shying away from evaluating a software market that is passionate and opinionated. Defense of a favorite configuration management tool can become heated with IT operators, network administrators, site reliability and DevOps engineers, and systems administrators picking their favorite based on an extensive list of often obscure criteria, such as:

  • What is the configuration management use case?
  • What is the size of the managed environment?
  • What is being managed?
  • Who is using the software?
  • What third-party systems management integrations are required?
  • Imperative or declarative?
  • Agent or agentless?
  • Domain specific language or something more human readable?

SaltStack is included in each of the two Forrester Wave evaluations alongside the usual configuration management suspects namely Puppet, Chef, and Red Hat Ansible. Like Forrester, each vendor has their own unique answer to the question, “what is configuration management?” Like SaltStack, you probably have your own answer to the question based on the specific needs and use cases in your digital infrastructure.

SaltStack is Not Just Configuration Management

Here are some essential SaltStack development milestones to keep in mind when considering SaltStack for configuration management:

  • SaltStack was created in 2011 as a very high-speed remote execution engine that could automate just about any IT task across any infrastructure at massive scale. Check out this YouTube playlist showing how the LinkedIn SRE team has been using SaltStack remote execution since 2011.
  • The SaltStack master / minion architecture maintains a persistent and secure connection between a global command and control server and managed endpoints. This high-speed connection is the foundation for what we call event-driven automation.
  • SaltStack event-driven automation is unique and is the only scalable way to manage and secure modern-day infrastructures which are infinitely complex and are often comprised of hundreds of thousands of systems.
  • In 2011 SaltStack added configuration management to its systems management stack building it as a module that runs on top of the SaltStack remote execution and event-driven automation engine.
  • Then in 2012 we added the Salt Cloud module to extend the power of SaltStack configuration and control to just about any cloud or virtual infrastructure.

Obviously, SaltStack is not just configuration management. It is also important to note that configuration management in and of itself is not a solution. It is a means to an end, with the “end” being defined by vendors, industry analysts, and the users of the software. No doubt that when applied thoughtfully configuration management software can facilitate real solutions for IT teams.

SaltStack for Security Operations

The SaltStack approach to the configuration management challenge delivers unique solutions to our customers that would not be possible without a foundation of event-driven automation for any infrastructure at scale. For example, consider what SaltStack can provide to cross-functional security operations (SecOps) teams.

Every modern business relies on their IT team to secure the company’s data and digital infrastructure. Security policy compliance is mandatory, not a luxury. SaltStack helps by automating and coordinating the combined responsibilities of both security teams and IT operations teams.

Not only can SaltStack configuration management be used to programmatically define security policy, SaltStack event-driven automation can then be used to detect deviation from the policy and automatically fix violations or generate a remediation process so your teams can flag and prioritize issue resolution.

Ask another IT professional and they might tell you that they use configuration management for release automation or as an integral component of a continuous integration and continuous deployment pipeline. Or there are thousands of other DevOps or IT operations use cases for the configuration management challenge like system deployment and provisioning, or self-healing infrastructure, or network configuration automation. These are all valid solutions, and SaltStack is used by enterprise IT organizations around the world.

But helping our customers get out of security policy compliance hell is what we at SaltStack consider to be an extremely valuable application of configuration management as a solution. This is a problem that has not yet been effectively solved, so we’re solving it with SaltStack intelligent IT automation.

Remote execution, event-driven automation, cloud control, and configuration management are all simply cogs in the SaltStack solution machine.

If you need solutions for your IT operations or security operations teams and are looking for more than just configuration management you should talk to SaltStack. I’ll be at AWS re:Invent later this month and would love to connect with you there.