Skip to main content

Configuration Management and Datacenter Automation Status

I have been evaluating the following vendor solutions for the past 3 weeks. We have all 4 of them installed in a small test environment consisting of varying windows systems and technologies running on the systems. We are focusing on current pain points in configuration management, and we are also evaluating technology which we will need in the medium term as well. I am going to review how they are stacking up, as I fill out the matrix of which products are supporting the requirements.


· Monitor and track configuration/policy

o Create policy off Live including patches and settings

o Track compliance to the policy

o Enforce the policy

o Track changes made outside the product

o Prevent the execution of a specific exe or file

· Architecture

o Ability to have proxies in datacenters/envs

o Ability to have decentralized control over envs

o Ability to use a single uni-directional port


o Visualize relationships between servers

o Visualize relationships between server and network

o Track dependencies of servers and websites

o Configuration Management Interoperability

· Manage users and services

o Manage local users across servers

o Replicate credentials to other servers

o Manage services in real-time

o Verify status of services in real-time across servers

o Verify services port usage

· Usability

o How easy is the product to administrate

o How easy is the product to use

o How easy is the product to configure and setup

· Software asset collection

o Collect software revision and install details

o Collect how often and for how long software is used

· Hardware asset collection

o Collect data via DMI or Standard Protocol

o Collect detailed information

· Reporting capability

o Export to PDF,XLS

o Report on compliance, changes, and activity

o Open database with views that make it easy to query

· Software Deployment

o Support for MSI, RPM, and Sun Packages

o GUI for creating Packages

o Search and replace

o Reverse engineer files into packages

o Rollback

o Notifications via SNMP and SMTP

o Download patches, deploy, and rollback patches

o Create a policy of patches

· PXE deployment

o Provision OS and policy in one job

The products we are reviewing are (in order of the installs):

CA – DSM, Cendura, and CMDB – The CMDB is the glue between the other components. The suite is very well done, and does a good job in general. There is not as granular policy control as some of the others. There is also not a good package of supported configurations in the DSM product. So far I would rank them 2nd or 3rd place. We still have more evaluation work to do on the products.

Bladelogic – Operations Manager – The product is excellent and extensible easily. The downsides are complex security model, and the UI is not great. They don’t have a solid CMDB strategy. I would rank this product in 1st place so far. We still have work to do here as well.

Opsware – SAS, VAM – This product does an excellent job in the CMDB and visualization. The system is scalable and capable as well. The downsides are the complexity of deployment, some instability, and some growing pains as they re architect some of the way the product operates. It doesn’t have as good of a unified shell that Blade has. This product shares the same spots with CA. We still have more evaluations to complete with the product.

HP – Radia – Lets put it this way…. After 2 days, the product hardly ran, and was not usable. I would be working with them today if I hadn’t given up and asked them to stop the POC.


Anonymous said…
Very interesting analysis. Just wondering, any reason why you did not integrate BMC in that mix ? Between the discovery capabilities, the Atrium CMDB and the Marimba products, it seems that you would get comparable functions (if not superior ;-). Feel free to contact me.

Unknown said…
Marimba technology is quite dated, and hasn't been updated well. I feel that BMC is also not a strategic vendor for my company. I have seen Atrium and its an excellent product. I am more focused towards fixing the items listed with a single product. The CMDB can easily be added on later. Most of the products have the idea of a CMDB in them.

Popular posts from this blog

Misunderstanding "Open Tracing" for the Enterprise

When first hearing of the OpenTracing project in 2016 there was excitement, finally an open standard for tracing. First, what is a trace? A trace is following a transaction from different services to build an end to end picture. The latency of each transaction segment is captured to determine which is slow, or causing performance issues. The trace may also include metadata such as metrics and logs, more on that later.
Great, so if this is open this will solve all interoperability issues we have, and allow me to use multiple APM and tracing tools at once? It will help avoid vendor or project lock-in, unlock cloud services which are opaque or invisible? Nope! Why not?
Today there are so many different implementations of tracing providing end to end transaction monitoring, and the reason why is that each project or vendor has different capabilities and use cases for the traces. Most tool users don't need to know the implementation details, but when manually instrumenting with an API, t…

F5 Persistence and my 6 week battle with support

We've been having issues with persistence on our F5's since we launched our new product. We have tried many different ways of trying to get our clients to stick on a server. Of course the first step was using a standard cookie persistence which the F5 was injecting. All of our products which use SSL is being terminated on the F5, which makes cookie work fine even for SSL traffic. After we started seeing clients going to many servers, we figured it would be safe to use a JSESSIONID cookie which is a standard Java application server cookie that is always unique per session. We implemented the following Irule (slightly modified in order to get more logging): (registration is free)
# Check if there is a JSESSIONID cookie
if {[HTTP::cookie "JSESSIONID"] ne ""}{
# Persist off of the cookie value with a timeout of 2 hours (7200 seconds)

NPM is Broken

As someone who bought and implemented NPM solutions, covered them as an analyst, and now watches the industry, one cannot help but notice that NPM(D) is broken. According to Gartner themselves, the data center is rapidly changing, the data center is going away, maybe not as quickly as Capp states, but it’s happening. This is apparent by the massive public cloud growth posted by Amazon, Microsoft, and Google in their infrastructure businesses. This means that traditional appliance-based NPMD offerings will not work, nor will traditional ways of collecting packet data. Many of the flow offerings do not handle the new types of flows which these services generate, but most importantly they do not understand the internet, which is the most important part of assuring services in cloud hosted environments.
The network itself is not just moving to overlay a-la NSX and ACI, it's moving inside of orchestrated containers, and new proxy/load balancing systems typically built off components or …