PRO-3300.01: Automated Server Configuration Management

PROCEDURE SUMMARY

Intended Audience: All IT system/process owners
Procedure Owner: Director of Enterprise Infrastructure Services (EIS)

Information Technology Services (ITS) uses Puppet (a software configuration management tool) to provide three tiers of service for the automated management of server configurations.

  • Tier 1: Basic network settings enforced, and server resources monitored.
  • Tier 2: All Tier 1 monitoring and enforcement, plus automated patch management.
  • Tier 3: Enhanced monitoring and enforcement, including software-level configuration management.

 

For the complete procedure, click "Full Document" tab at top of page.

FULL DOCUMENT

Intended Audience: All IT system/process owners
Procedure Owner: Director of Enterprise Infrastructure Services (EIS)

1. Scope

This procedure defines service-level offerings for all servers in the ITS virtualization infrastructure under Puppet configuration management.

2. Acronyms

CPU Central Processing Unit
DNS Domain Name System
HDD Hard Disk Drive
IP Internet Protocol
NTP Network Time Protocol

3. Application of Service Tiers

Enterprise Infrastructure Services (EIS) will consult with IT system/process owners to determine their requirements for configuration management. EIS will determine the appropriate service tier for configuration management, based on the following:

  • The system/process owner’s requirements.
  • The technical limitations of the service.
  • The available resources and operational capacity of EIS.

4.  Service Tiers

4.1 Tier 1 Management

These are the least-managed servers. Basic network settings are enforced, and server resources are monitored. Servers in this tier have these basic features managed through Puppet.

4.1.1 Enforced Settings

  • IP Address
  • Gateway Address
  • DNS Primary & DNS Secondary
  • NTP on Linux servers (Windows NTP is set by the Domain)
  • Administrators Group Membership
  • IP Tables On / Windows Firewall On

4.1.2 Enforced Reporting (Icinga)

  • HDD Usage
  • CPU Usage
  • RAM Usage
  • Swap Usage
  • Service Status

4.2 Tier 2 Management

These are servers with an enhanced level of configuration: all Tier 1 monitoring and enforcement, plus automated patch management.

4.2.1 Enforced Settings

  • IP Address
  • Gateway Address
  • DNS Primary & DNS Secondary
  • NTP on Linux servers (Windows NTP is set by the Domain
  • Administrators Group Membership
  • IP Tables On / Windows Firewall On
  • Volume Shadow Copy (daily snapshots for root/C: and data volumes)
  • Managed Configuration of IP Tables / Firewall (services allowed, ports opened)

4.2.2 Enforced Reporting (Icinga)

  • HDD Usage
  • CPU Usage
  • RAM Usage
  • Swap Usage
  • Service Status
  • Service Membership>
  • Assigned Service Group
  • Assigned Alerting (Business / Service Owner)

4.2.3 Managed Patching

  • Patching Group
  • Patching Window
  • Patch Reporting

4.3 Tier 3 Management

These are servers with the highest level of managed configuration: enhanced monitoring and enforcement, including software-level configuration management.

4.3.1 Enforced Settings

  • IP Address
  • Gateway Address
  • DNS Primary & DNS Secondary
  • NTP on Linux servers (Windows NTP is set by the Domain)
  • Administrators Group Membership
  • IP Tables On / Windows Firewall On
  • Volume Shadow Copy (daily snapshots for root/C: and data volumes)
  • Managed Configuration of IP Tables / Firewall (services allowed, ports opened)

4.3.2 Enforced Reporting (Icinga)

  • HDD Usage
  • CPU Usage
  • RAM Usage
  • Swap Usage
  • Service Status
  • Service Membership
  • Assigned Service Group
  • Assigned Alerting (Business / Service Owner)

4.3.3 Managed Patching

  • Patching Group
  • Patching Window
  • Patch Reporting

4.3.4 Managed Roles

  • File Shares and Permissions
  • Enforced Server Software & Configuration
    • Windows Services (i.e., IIS, File Services)
    • Role / Service Software (i.e., SQL, MariaDB, Apache)

Change Log

Revised Version Author Approver Change
01/08/2021 1.0 Chris Miller ITS Standards &Guidelines Committee Original Version