PRO-3300.01: Automated Server Configuration Management

PROCEDURE SUMMARY

Intended Audience: All IT system/process owners
Procedure Owner: Director of Enterprise Infrastructure Services (EIS)

Information Technology Services (ITS) uses Puppet (a software configuration management tool) to provide three tiers of service for the automated management of server configurations.

• Tier 1: Basic network settings enforced, and server resources monitored.
• Tier 2: All Tier 1 monitoring and enforcement, plus automated patch management.
• Tier 3: Enhanced monitoring and enforcement, including software-level configuration management.

For the complete procedure, click "Full Document" tab at top of page.

FULL DOCUMENT

Intended Audience: All IT system/process owners
Procedure Owner: Director of Enterprise Infrastructure Services (EIS)

1. Scope

This procedure defines service-level offerings for all servers in the ITS virtualization infrastructure under Puppet configuration management.

2. Acronyms

3. Application of Service Tiers

Enterprise Infrastructure Services (EIS) will consult with IT system/process owners to determine their requirements for configuration management. EIS will determine the appropriate service tier for configuration management, based on the following:

• The system/process owner’s requirements.
• The technical limitations of the service.
• The available resources and operational capacity of EIS.

4.  Service Tiers

4.1 Tier 1 Management

These are the least-managed servers. Basic network settings are enforced, and server resources are monitored. Servers in this tier have these basic features managed through Puppet.

4.1.1 Enforced Settings

• IP Address
• Gateway Address
• DNS Primary & DNS Secondary
• NTP on Linux servers (Windows NTP is set by the Domain)
• Administrators Group Membership
• IP Tables On / Windows Firewall On

4.1.2 Enforced Reporting (Icinga)

• HDD Usage
• CPU Usage
• RAM Usage
• Swap Usage
• Service Status

4.2 Tier 2 Management

These are servers with an enhanced level of configuration: all Tier 1 monitoring and enforcement, plus automated patch management.

4.2.1 Enforced Settings

• IP Address
• Gateway Address
• DNS Primary & DNS Secondary
• NTP on Linux servers (Windows NTP is set by the Domain
• Administrators Group Membership
• IP Tables On / Windows Firewall On
• Volume Shadow Copy (daily snapshots for root/C: and data volumes)
• Managed Configuration of IP Tables / Firewall (services allowed, ports opened)

4.2.2 Enforced Reporting (Icinga)

• HDD Usage
• CPU Usage
• RAM Usage
• Swap Usage
• Service Status
• Service Membership>
• Assigned Service Group
• Assigned Alerting (Business / Service Owner)

4.2.3 Managed Patching

• Patching Group
• Patching Window
• Patch Reporting

4.3 Tier 3 Management

These are servers with the highest level of managed configuration: enhanced monitoring and enforcement, including software-level configuration management.

4.3.1 Enforced Settings

• IP Address
• Gateway Address
• DNS Primary & DNS Secondary
• NTP on Linux servers (Windows NTP is set by the Domain)
• Administrators Group Membership
• IP Tables On / Windows Firewall On
• Volume Shadow Copy (daily snapshots for root/C: and data volumes)
• Managed Configuration of IP Tables / Firewall (services allowed, ports opened)

4.3.2 Enforced Reporting (Icinga)

• HDD Usage
• CPU Usage
• RAM Usage
• Swap Usage
• Service Status
• Service Membership
• Assigned Service Group
• Assigned Alerting (Business / Service Owner)

4.3.3 Managed Patching

• Patching Group
• Patching Window
• Patch Reporting

4.3.4 Managed Roles

• File Shares and Permissions
• Enforced Server Software & Configuration
  • Windows Services (i.e., IIS, File Services)
  • Role / Service Software (i.e., SQL, MariaDB, Apache)

Change Log