White Paper Puppet: Defusing the Server Management Explosion Puppet Labs Model-Driven Solution Delivers the Performance and Scalability Today s Enterprises Require 1 ABSTRACT Today s enterprises draw their computing power from large numbers of processors and virtualized machines, fueling an exponential increase in the volume and complexity of server management. For IT organizations, server proliferation is a spiraling challenge, as manually driven administration practices result in myriad machine configurations. Compliance adds another layer of complexity to server administration, as IT organizations struggle to meet a growing amount of internal standards, security standards and legal directives. Puppet Labs is the leader in IT automation. Our enterprise solution, Puppet Enterprise, is a model-driven framework designed to efficiently manage servers, the most critical element of today s data center infrastructure. Puppet allows system administrators to manage servers in a highly efficient and consistent manner, enterprise-wide. It enables IT organizations to provide more flexibility, predictability and transparency. This whitepaper articulates why Puppet Enterprise is a superior choice compared to today s most common alternatives for server management internally developed tools and large management suites and how Puppet Enterprise can help IT organizations achieve significant economies of scale in server management, reach 99.999% ( five nines ) uptime of data center resources, and improve the velocity of innovation through more frequent, confidently deployed software releases. SERVER PROLIFERATION: THE CHALLENGE OF MANAGING RUNAWAY GROWTH Managers and staff in today s IT organizations are at the vortex of a swirl of demanding, post-recession business conditions. Driven to reduce costs while providing high levels of raw computing power, enterprises are adopting cloud-based computing models based on large numbers of low-cost processors and virtual machines fueling an exponential increase in the volume and complexity of server management. Meanwhile, understaffed IT organizations are tasked with supporting the business flawlessly, as the companies they serve are under pressure to move with agility in a competitive business environment, while pleasing demanding internal and external customers.
The sum of these factors has a deep impact on IT organizations: Server proliferation is a universal challenge, as most companies are trending toward operations powered by many servers and virtualized hardware. In global enterprises, the number of servers can easily reach into the tens of thousands. Server administration remains a largely manual process, resulting in myriad configuration variations a reflection of the human influence on server administration. For example, Web servers located in three different data centers share the same purpose, but because of differences in administration practices or site variance, may be configured inconsistently. Even co-located hardware performing the same function may acquire unpredictable configuration differences. 2 Compliance adds another layer of complexity to server administration, as IT organizations struggle to meet a growing amount of internal standards, security standards, and legal directives. Due to barriers to the easy adoption of compliance tools, server compliance is often managed via a manual, spreadsheet-based, check-off process. Remediation is also manual. Inefficient server administration reduces the speed of innovation Without comprehensive automation, an extraordinarily large and growing amount of system administrator time is spent on the manual configuration and management of servers, creating an inefficient dependency on human intervention not unlike the early days of switchboard telephone operators. Although automated telephone switching technology had been commercially available since 1891, it was not widely adopted until 1920, when a major operator strike showed the vulnerability of the manual, operator-based system used to connect calls. 1 Although no similar watershed event has exposed the inefficacy of manually driven server configuration processes, today s businesses remain plagued by the chilling effect 2 ; because companies are uncertain of the true impact of new software releases when they are deployed, every update must be preceded by a very slow, laborious quality assurance (QA) process. As the industry shifts toward new models of software consumption including software as a service (SaaS) software producers are migrating away from large-scale point releases. Unfortunately, while a steady stream of internal software improvements may be available to release, most companies cannot deploy these enhancements quickly, out of concern for unknown server impacts. This same problem can apply to security updates and other bug fixes. Thus, a lack of confidence and hesitation slow down the innovation cycle and ultimately dampen companies ability to compete. Puppet from Puppet Labs: Transforming server management Puppet Labs is the leader in IT automation. Our enterprise solution, Puppet Enterprise, is a model-driven framework designed to efficiently manage servers, the most critical element of today s data center infrastructure. Puppet allows system administrators to manage servers in a highly efficient and consistent manner, enterprise-wide. It enables IT organizations to 1 Source: Privateline.com Telephone History, Tom Farley. 2 The chilling effect, also known as libel chill is a situation where speech or conduct is suppressed by fear of penalization at the interests of an individual or group. Originating in the media world, this term is conceptually applicable to many aspects of modern business.
provide more flexibility, predictability and transparency. With Puppet Enterprise, system administrators can spend less time on mundane tasks and instead focus on managing their infrastructure as a whole. In turn, IT organizations can: Achieve significant economies of scale in server management, reducing the time spent on configuring and managing these and other devices. Help achieve 99.999% ( five nines ) uptime of data center resources the gold standard in the enterprise IT arena by lowering the risk and cost of service outages, up to 90% of which are caused by human error. Reduce the opportunity cost of not distributing internal software releases and updates to software for fear of errors. Puppet builds confidence in the software release process, effectively eliminating the chilling effect of previous slow, expensive change control requirements. 3 PUPPET ENTERPRISE: A MODEL-DRIVEN, DECLARATIVE BREAKTHROUGH Puppet Enterprise is a server management tool designed for today s resource-strapped, competitively driven enterprises. Unlike rigid and simplistic policy-driven tools of the past, Puppet is a model-driven, declarative solution for server management. These two attributes are the foundation of the Puppet Enterprise advantage. With its model-driven approach, Puppet Enterprise creates a catalog of all resources that are being managed, thus allowing larger logical constructs to be built from smaller components. The Puppet catalog is, in fact, a virtual representation of the data center environment to be managed; Puppet allows programmatic introspection into the catalog, and provides powerful what if analytics, at all stages of the server change management process. This allows system administrators to perform operations on the catalog, and thus gauge the precise impact those operations would have on the physical environment. Puppet s declarative approach describes the desired results of the program, without explicitly listing command or steps that need to be carried out to achieve the results. This is a significant improvement over imperative, granular server management which, in comparison, carries significant risk. Specifically, imperative management executes changes in servers regardless of their appropriateness, resulting in more errors, remediation work and outages. The benefits of Puppet Enterprise Puppet Enterprise allows system administrators to gain complete control of even the largest, most geographically distributed server environments, delivering a powerful suite of benefits including: Economies of scale: With Puppet Enterprise, a single system administrator can manage many thousands of servers with ease, dramatically reducing the amount of person-hours previously required. Cloud computing capabilities: In executing server management tasks across the distributed enterprise, Puppet Enterprise can be deployed on both public or private clouds, without requiring a local instance of the software. Reduced outages: Because up to 90% of service outages are caused by human error, Puppet
Enterprise significantly reduces the likelihood of potential failure. Puppet Enterprise allows server changes to be thoroughly tested in a virtual environment that completely represents the servers current and intended configuration and performance, dramatically reducing uncertainty about production deployment. Improved compliance: Puppet Enterprise s extensive modeling capabilities allow system administrators to demonstrate compliance with arbitrary sets of requirements whether internal, Sarbanes-Oxley, National Institute of Standards and Technology (NIST), Department of Defense (DoD), Information Technology Infrastructure Library (ITIL), etc. by providing a strong alternative to previous manual, spreadsheet-based approaches. More streamlined management: Puppet Enterprise allows for the combined management of servers and endpoints, from Linux servers to Mac OS X machines, all from a single console. 4 Higher-velocity service delivery: The increased speed and confidence with which companies can deploy server configuration changes improves the speed of service delivery, and innovation itself. This affords greater business agility and the ability to compete, allowing organizations to concentrate on strategic IT planning, rather than mundane operational details. A SUPERIOR ALTERNATIVE TO THE STATUS QUO Most enterprises currently have two choices when considering server management tools: custom internally developed tools and large, multi-product management suites from traditional enterprise software providers. Homegrown tools are inefficient to maintain and require too many internal development resources. The pitfalls of internally developed tools Lack of viable off-the-shelf options usually requires the invention of homegrown server management tools. Most of these tools are written for a specific organization at a certain point in time a reality that is the root of their long-term inadequacy. Homegrown tools are created by system administrators to address specific server management issues and are quickly developed and released for internal use. As a result, internally developed tools suffer from poor quality assurance; their authors are not able to devote their entire time to maintaining the software. As a result these tools can be plagued by software bugs that require significant resources to remediate, as well as to enhance the tools going forward. In supporting internally developed server management tools, IT organizations must decide where to allocate precious resources toward the maintenance of custom single-purpose software, or toward business-critical initiatives? In today s highpressure IT environment, the latter is the prudent choice. Puppet: A flexible alternative Beyond its better functionality than internally developed tools, Puppet Enterprise presents a number of benefits that make it a superior choice for forward-thinking enterprises: Oriented toward openness: Puppet Enterprise interacts with this data and other IT systems in a fundamentally open way. Puppet Enterprise is designed to move data in and out with ease, without requiring users to conform to a strict set of processes. Instead, Puppet Enterprise adapts to the user s existing processes and infrastructure.
Secure, centralized management: An easy-to-deploy SSL infrastructure allows Puppet Enterprise to communicate securely with servers located anywhere in the global enterprise. Science-based principles: Puppet Enterprise supports server management through solid, computer science-based principals. Through its model-driven approach, dependencies across all aspects of the enterprise infrastructure are clearly delineated; system administrators can easily see when a failure changing one aspect of the system affects other parts, dramatically increasing predictability and visibility into the infrastructure. Enforceable best practices: Puppet Enterprise uses an internal language that is fundamentally different, and more powerful, than traditional programming languages. The language enforces best practices and is easier to write than raw programming code or shell scripts. 5 PUPPET IN ACTION: SUCCESS SNAPSHOTS Success snapshot: Sun Microsystems As a premier online brand, Sun Microsystems has strict requirements for high performance and guaranteed uptime for their top online properties including sun.com, java.com, mysql. com, openoffice.org and others. The company needed a system administration tool that went beyond internally maintained scripts and batch jobs, to ensure that servers were configured consistently and updated in a timely manner. In replacing internally developed SSH scripts to push changes and packages out to systems, Sun Microsystems uses Puppet to improve efficiency, accelerate system updates, and ensure consistent configurations across its Web server architecture. Puppet has greatly simplified many of my standard tasks, says Martin Englund, Lead Engineer at Sun Microsystems. Security patching no longer involves the headache of running routines to see which systems were vulnerable and then implementing batch jobs to update effected systems. Now I just run a Puppet profile and it is taken care of. In adopting Puppet, Sun sought to: Boost uptime and reliability of servers supporting the web and database applications for key online properties. Comply with internal Sun security requirements, including timely distribution of security patches. Maintain common configuration of all servers to ensure a controlled, consistent environment for the application engineers. Identify changes to servers that would take the system out of compliance with the standard configuration, and trigger alerts. Puppet is used to manage over 650 Sun servers across three U.S. data centers, addressing software and operating system configurations on all servers supporting Internet domains including sun.com, java.com, mysql.com, openoffice.org and others. With Puppet, Sun Microsystems has: Provided a consistent environment for application engineers, eliminating worries about inconsistent configuration of key Internet servers. Improved efficiency by identifying vulnerable or out-of-date systems to be prioritized for patching and upgrade. Sun uses Puppet to quickly deploy vulnerability mitigations until a
time to patch can be scheduled. Prior to Puppet, identifying vulnerable systems was a timeintensive process. Meet company and industry compliance requirements by providing alerts for any system that has gone out of configuration to established security configurations. Increased visibility into system hardware, type, software and versions. While this wasn t an original objective for Sun, Puppet has provided significant benefits and replaced the company s homegrown system for tracking this information. Englund says, With Puppet, I don t have to worry anymore. Once I have written and deployed the profiles I can count on Puppet ensuring timely updates and consistent configurations across all my systems. More than anything Puppet saves me time that I simply can t afford to lose in supporting my data centers. 6 Success snapshot: Los Alamos National Lab Los Alamos National Laboratory, one of the world s premier research organizations, is engaged in strategic science on behalf of national security. The organization is held to strict security guidelines for the configuration and security software on all of systems, including systems running Mac OS X. Puppet helps support hundreds of Macs, allows Los Alamos National Lab to gain visibility into the devices on their networks, and ensures that these systems security standards are met. Prior to using Puppet, managing the Mac OS X systems in our network was a challenge, says Allan Marcus, Solutions Architect, Los Alamos National Laboratory. There was a real lack of visibility into both the number of Macs on the network and their configuration. Before choosing Puppet, Los Alamos National Lab did not use any institutional administrative tools to manage Macs. It deployed the Puppet Labs solution to: Gain visibility into the number of Macs on the network, their configuration, and whether these systems met security requirements. Conform to NIST Special Publication 800-53, which has requirements for configuration management controls of all desktop assets. Enforce Least Privilege in accordance with NIST Special Publication 800-53; this standard has requirements for enforcing the most restrictive set of rights needed by users. Without Puppet, users often requested and required administrative privileges in order to regularly update their Symantec security software on their Macs. Puppet has made a real difference to our administrators who were previously having to walk to each Mac and service it individually, Marcus says. With Puppet, Los Alamos National Lab has gained: Enhanced visibility into all the Macs connected to the network. Improved efficiency of the IT staff to administer and update the Macs on the network, replacing manual processes. Demonstrate compliance with NIST standards for both configuration management and least privileges guidelines. Accelerated troubleshooting, since field technicians now have the configuration information available to them to remotely identify problems and prioritize updates.
Marcus summarizes, We have strong requirements for implementing a secure network. Not only did Puppet help us meet NIST requirements for configuration management and least privilege, the Puppet architecture itself proved to be extremely secure. TRY PUPPET ENTERPRISE: The Power of Puppet Packaged for Your Enterprise & Cloud Environments Puppet Enterprise holds all the power of the open source distribution of Puppet plus built-in features that streamline installation and maintenance, and increase stability for the complex and fast-growing enterprise infrastructure. http://info.puppetlabs.com/download-pe2.html 7 411 NW Park, Suite 500 Portland, OR 97209 (877) 380-6882 www.puppetlabs.com ABOUT PUPPET LABS Puppet Labs develops and commercially supports Puppet, the leading open source platform for enterprise systems management. With millions of nodes under management thousands of companies, including Twitter, Digg, Zynga, Genentech, Match.com, NYU, and Oracle, rely on Puppet to standardize the way their IT staff deploy and manage infrastructure in the enterprise and the cloud. 2011 Puppet Labs All trademarks and registered trademarks are the property of their respective owners.