Understanding Server Configuration Management – Part 1

In the ever-evolving landscape of technology, businesses today rely heavily on cloud infrastructure to run their operations efficiently. For many, AWS or other cloud providers have become a cornerstone of their IT ecosystem, powering applications that drive customer satisfaction. However, in the quest for performance and agility, we sometimes overlook the critical aspect of server management.

What we will be covering today

This blog is the first in a series of three, aiming to explain about Server Configuration Management using Ansible. This one focuses on Server Management, it will be followed by a tutorial on creating Ansible playbooks, and, finally, we will delve into the Ansible Automation Platform in the upcoming blogs.

What is Server Configuration Management?

Let’s take a closer look at a conversation between Shane W, the Business Owner and Matt H, Lead Engineer to understand the importance of proper server configuration management and its impact on security and overall business operations.

Shane: Hey Matt, we have so many EC2 servers on AWS and a few on-prem servers running our business applications. Applications are running smoothly, and customers are happy. However, I am worried we’re not managing the machines the best they can be.

Matt: How do you currently manage them?

Shane: I don’t know. Previous engineers who were taking care of these servers never thought about it.

Matt: Okay, let me do the initial investigation and come back to you.

 Shane: Okay, sounds good. How long will it take for your assessment?

Matt: About a day or two.

 After a couple of days, the Systems Engineer returns with some crucial findings.

Matt: I have completed my assessment on multiple servers, and here are my high-level findings:

  • These servers are never patched and lack security updates.
  • Some of them are not connected to Active Directory.
  • Access has been granted to users using local accounts.
  • Given the servers are in different time zones, some of them have incorrect date and time settings.
  • There is no antivirus protection.
  • Proper firewall management is lacking.
  • No monitoring agent is installed on some of these servers.
 

Why is Server Configuration Management Important?

Shane: Got it. Could you explain why all of these are important?

Matt: Absolutely, let me explain why each of these findings is important for our server management and overall security.

  1. Patching and security updates: Regularly updating and patching of servers is crucial to address vulnerabilities and protect against security threats. Without these updates, we’re leaving our systems exposed to potential exploits and attacks.
  2. Active Directory integration: Connecting servers to Active Directory helps streamline user management and access control. It ensures centralised user authentication, simplifies permissions management, and enhances overall security.
  3. Local user access: Granting access using local user accounts can lead to inconsistencies, difficulties in user management, and security risks. Centralised authentication via Active Directory or another identity provider is more secure and manageable.
  4. Timezone and date/time settings: Accurate time settings are essential for synchronisation and logging. Incorrect time settings can lead to authentication issues, event log discrepancies, and potential security problems.
  5. Antivirus protection: Without antivirus protection, servers are vulnerable to malware and other malicious software. Antivirus software helps detect and prevent these threats from compromising our systems.
  6. Firewall management: Proper firewall management is vital for controlling network traffic and ensuring only authorised connections are allowed. Inadequate firewall configuration can expose our servers to unauthorised access and attacks.
  7. Monitoring agent: Installing monitoring agents on servers allows us to proactively track performance, detect anomalies, and respond to issues promptly. Without monitoring, we may miss critical incidents that impact our services and customer experience.

By addressing these issues and implementing best practices, we can enhance the security, reliability, and efficiency of our server infrastructure, ensuring continued smooth operations and satisfied customers.

What tools can we use to implement them?

Shane: Okay, I understand that these configurations are important to keep our business running. What tools can we use to implement them?

Matt: There are multiple tools that can be used to implement these configurations. Some of the popular ones are:

  • Ansible
  • Puppet
  • Chef
  • AWS Systems Manager
  • SaltStack
  • PowerShell DSC

Shane: Which one would you recommend for us to use and why?

Matt: Each tool has its pros and cons. Based on my experience, Ansible is a good option, primarily because of its user-friendly interface, robust automation capabilities, and a thriving community of users and contributors. It offers simplicity in configuration management and automation tasks, making it easier to learn and implement. Additionally, Ansible’s agentless architecture reduces overhead and simplifies deployment across various systems. And, its extensive library of pre-built modules and playbooks also saves time and effort when setting up and managing infrastructure.

Conclusion

As mentioned in the beginning, in an upcoming blog, we will dive deeper into the details of Ansible and explore the capabilities of the Ansible Automation Platform. This will empower you with the knowledge and tools you need to optimise your server management further.

In conclusion, this conversation highlights the critical role of proper server management in ensuring the security and stability of our business applications.

Neglecting server hygiene can expose your systems to vulnerabilities, and disrupt operations with unexpected downtime, resulting in potential customer dissatisfaction.

Enjoyed this blog?

Share it with your network!

Move faster with confidence