PRO-3300.01: Automated Server Configuration Management
PROCEDURE SUMMARY
Intended Audience: All IT system/process owners
Procedure Owner: Director of Enterprise Infrastructure Services (EIS)
Information Technology Services (ITS) uses Puppet (a software configuration management tool) to provide three tiers of service for the automated management of server configurations.
- Tier 1: Basic network settings enforced, and server resources monitored.
- Tier 2: All Tier 1 monitoring and enforcement, plus automated patch management.
- Tier 3: Enhanced monitoring and enforcement, including software-level configuration management.
For the complete procedure, click "Full Document" tab at top of page.
FULL DOCUMENT
Intended Audience: All IT system/process owners
Procedure Owner: Director of Enterprise Infrastructure Services (EIS)
1. Scope
This procedure defines service-level offerings for all servers in the ITS virtualization infrastructure under Puppet configuration management.
2. Acronyms
CPU | Central Processing Unit |
---|---|
DNS | Domain Name System |
HDD | Hard Disk Drive |
IP | Internet Protocol |
NTP | Network Time Protocol |
3. Application of Service Tiers
Enterprise Infrastructure Services (EIS) will consult with IT system/process owners to determine their requirements for configuration management. EIS will determine the appropriate service tier for configuration management, based on the following:
- The system/process owner’s requirements.
- The technical limitations of the service.
- The available resources and operational capacity of EIS.
4. Service Tiers
4.1 Tier 1 Management
These are the least-managed servers. Basic network settings are enforced, and server resources are monitored. Servers in this tier have these basic features managed through Puppet.
4.1.1 Enforced Settings
- IP Address
- Gateway Address
- DNS Primary & DNS Secondary
- NTP on Linux servers (Windows NTP is set by the Domain)
- Administrators Group Membership
- IP Tables On / Windows Firewall On
4.1.2 Enforced Reporting (Icinga)
- HDD Usage
- CPU Usage
- RAM Usage
- Swap Usage
- Service Status
4.2 Tier 2 Management
These are servers with an enhanced level of configuration: all Tier 1 monitoring and enforcement, plus automated patch management.
4.2.1 Enforced Settings
- IP Address
- Gateway Address
- DNS Primary & DNS Secondary
- NTP on Linux servers (Windows NTP is set by the Domain
- Administrators Group Membership
- IP Tables On / Windows Firewall On
- Volume Shadow Copy (daily snapshots for root/C: and data volumes)
- Managed Configuration of IP Tables / Firewall (services allowed, ports opened)
4.2.2 Enforced Reporting (Icinga)
- HDD Usage
- CPU Usage
- RAM Usage
- Swap Usage
- Service Status
- Service Membership>
- Assigned Service Group
- Assigned Alerting (Business / Service Owner)
4.2.3 Managed Patching
- Patching Group
- Patching Window
- Patch Reporting
4.3 Tier 3 Management
These are servers with the highest level of managed configuration: enhanced monitoring and enforcement, including software-level configuration management.
4.3.1 Enforced Settings
- IP Address
- Gateway Address
- DNS Primary & DNS Secondary
- NTP on Linux servers (Windows NTP is set by the Domain)
- Administrators Group Membership
- IP Tables On / Windows Firewall On
- Volume Shadow Copy (daily snapshots for root/C: and data volumes)
- Managed Configuration of IP Tables / Firewall (services allowed, ports opened)
4.3.2 Enforced Reporting (Icinga)
- HDD Usage
- CPU Usage
- RAM Usage
- Swap Usage
- Service Status
- Service Membership
- Assigned Service Group
- Assigned Alerting (Business / Service Owner)
4.3.3 Managed Patching
- Patching Group
- Patching Window
- Patch Reporting
4.3.4 Managed Roles
- File Shares and Permissions
- Enforced Server Software & Configuration
- Windows Services (i.e., IIS, File Services)
- Role / Service Software (i.e., SQL, MariaDB, Apache)
Change Log
Revised | Version | Author | Approver | Change |
---|---|---|---|---|
01/08/2021 | 1.0 | Chris Miller | ITS Standards &Guidelines Committee | Original Version |