Maintaining a Known State to Optimize your Infrastructure

  Almost half of all unplanned service outages happen because of system configuration mistakes or oversights. With that in mind, several tools are available from Microsoft to help you optimize your infrastructure and keep configuration issues under control in environments of all sizes and levels of complexity. These tools provide both the technology and the guidance you'll need to get started managing configuration.

  First, it's important to understand the concept of configuration management. Within IT organizations, configuration management is the process of identifying, defining, and documenting the environment, its components, and the relationships between components. Ultimately, you are trying to define a known, standard system state and to maintain that standard state across your environment. Part of this process entails discovering and updating configuration items (CIs) for your systems, as well as tracking and documenting these CIs as they change.

  If, for example, you have a known state for a workstation and define the CIs that represent that state within your environment, adding a patch represents a deviation from your defined state. Now imagine there's a tool that informs you of any such deviations. Each patch you install will trigger a number of alerts, telling you those patched workstations are not complying with the previously defined state. These alerts let you document any changes to the defined state, and future checks will therefore reflect the revised state you have documented.

  On one hand, this sounds like a lot of additional work just to accommodate planned updates. But there's another benefit: you'll also be warned if a rogue element changes one of your defined CIs. The consequence of not being informed of an unplanned state deviation can result in amounts of work much greater than the effort invested in defining and maintaining CIs. Managing and updating your CIs puts you in control of your infrastructure to make sure that only undesirable settings trigger alerts.

  So what goes into a CI? CIs generally consist of configuration attributes such as description, version number, component, relationships, location, and status. In an ideal state, that patch you just authorized and installed would be populated in a CI and all of the CIs would reside in a relational configuration management database.

  Most people aren't willing to check configuration items against a spreadsheet or database, despite taking the time and care to define them. Likewise, automating the compliance checking and alerting process has been difficult. Let's say you have 100 configuration attributes per computer, and a skilled tester can check 50 configuration attributes manually in an hour. Now think about a company that has 1,000 servers and 20,000 desktops and imagine the workload required to maintain a desired state and check all these computers on a regular basis. Even if all computers were in the desired state at deployment, there's no practical way to maintain a standard across all 21,000 computers—or even 100 computers—without automation.

  How do you define the configuration items and attributes so that a tool can automatically perform a configuration health check and tell you if your environment complies with the predefined standard? It's a fact that defining CIs can be difficult and time-consuming, yet the reward is having a controlled and auditable state where any unplanned changes in configuration automatically trigger alerts, often before those changes cause a service disruption or create a security risk.

Desired Configuration Monitoring Version 2.0 Released

  DCM automates the configuration management audits between desired or defined configuration settings and actual configuration settings. It accomplishes this by allowing the user to define desired hardware, operating system and application configuration settings in multiple configuration data sources and then using the supplied auditing engine, DCM compares desired settings with actual settings and then reports configuration compliance. DCM Version 2.0 now supports configuration monitoring of desktops and servers. (The overall process is shown in Figure 1.) Even though this sounds pretty straightforward, anyone who has taken a look at all the CIs and attributes that contribute to a healthy system will know that this is not a quick task. For that reason, Microsoft created baseline CIs for several core Microsoft desktop and server products, including Windows XP, Office 2003, Exchange, ISA, and Windows servers.

Figure 1 Desired Configuration Monitoring Process

  DCM monitors configuration settings in the Microsoft Active Directory, Windows Management Instrumentation (WMI), Metabase, file system, registry and SQL Server data source. It supports Windows desktop, x64 and .Net Framework 1.1 and 2.0. DCM 2.0 also adds predefined baseline Configuration Items for many Microsoft desktop and server products as well as sample SMS web reports. The DCM user interface enables users to easily define rules specific to their organizations.

 

  Configuration management is a key process and technical capability in Infrastructure Optimization and allows you to begin preparing for the convergence of system knowledge among developers, architects, administrators, and users through system configuration definition and auditing. It provides a deeper level of monitoring than directory-based configuration enforcement tools to help avoid unplanned outages and increase the availability and overall control of your infrastructure.

Where to Find DCM 2.0

  The SMS 2003 Desired Configuration Monitoring Version 2.0 is available from the:

Microsoft Download Center at http://go.microsoft.com/fwlink/?LinkId=72132

Microsoft TechNet at http://go.microsoft.com/fwlink/?LinkId=72131

Jeremy Chapman

Solution Accelerators - Infrastructure and Management

 

http://blogs.technet.com/photos/ioblog/picture458868.aspx