What configuration things do you track for correct configuration management?

As a specialist system manager, what configuration things do you consider it vital to track to execute correct configuration or adjustment monitoring?

As an example, in Windows, do you track computer system registry adjustments along with hardware or software program? In Linux, do you diff config documents?

EDIT : For explanation, I'm seeking what especially to track (or otherwise to track) - - if you intend to advise devices on top of that to the things you really feel deserve monitoring, proceed.

2019-12-02 02:54:04
Source Share
Answers: 7

OS spot degree. Which can suggest a great deal of points. Preferably, you track which specific spots get on which equipments, in a matrix. The pauper is variation of this is a "last spot date" for each and every web server (which thinks you simply draw in all updates each time, wholesale).

2019-12-03 04:27:28

From an application viewpoint, it is essential to record

  • OS and also spot degree
  • Which split items are mounted and also which spots have actually been used
  • Which personalized and also/ or 3rd party items and also collections are mounted consisting of variation
  • Where to lay your hands on install resource for claimed personalized/ 3rd party things
  • Product keys/ SN is for every one of the above
  • Application degree web server configuration (ie - internet, mail, etc)
  • A call checklist if there is a different growth group liable at the application degree
  • Backup configuration

Note - in feedback to romandas' comment in the inquiry, I recognize that is not specifically one thing, yet I take into consideration the total record one thing in this instance

2019-12-03 04:27:26

For UNIX/Linux, I separate config documents right into 2 teams : Those that are given by the OS and also those that become part of our personalized application (s).

All application config documents are maintained in our resource repo. I have various typical duplicates for each and every installment (dev, QA, manufacturing, pre - manufacturing, trial ...). When we establish that we require to make an adjustment in any one of these, the adjustment takes place first in the resource repo duplicate and also is after that released bent on the essential web servers. We additionally open an equivalent adjustment demand in the concern tracker.

For OS - type config documents, we might or might not have them in the resource repo. If they are, after that we make use of the procedure over. Otherwise, we'll place them in the repo if the variety of adjustments gets to a particular approximate limit. Till after that, we at the very least open a ticket in the concern tracker to track that adjustment.

Additionally, a wonderful attribute of our concern tracker is the capacity to index resource repo devotes. It links your tickets to your config adjustments fairly perfectly.

2019-12-03 04:27:25

For network tools, such as Cisco switches over, I such as to accumulate and also track their start-up and also running configs in a variation control system. When possible, I store the username that did the edit too.

I draw this using a Perl manuscript generally, unless I have the alternative to instantly check the logs and also cause the config collection from log information.

2019-12-03 04:26:37

For network tools RANCID (the automated config grabber) is excellent.

For web servers a mix of something like etckeeper (maintaining/ etc/ in a VCS) and also creature (with its config in a VCS).

2019-12-03 04:25:47

For home windows you should not require to "track" spot degrees of the OS as that can be quized any time using WMI. If you are adhering to adjustment monitoring you can do an international question prior to and also after an adjustment to validate the outcomes of an OS spot. (see to it the MSI carrier is mounted)

Driver updates need to be tracked (wmi can be made use of to quiz them yet it is unworthy the initiative to attempt to capture them all) Software application updates need to be maintained in the CMDB yet (with the exception of originally) needs to originate from adjustment monitoring If you actually intended to track computer system registry adjustments set a team plan to enable documents and also object accessibility and also pick which keys to audit (http://support.microsoft.com/kb/324739). This isn't for a CMDB yet will certainly permit you to track that is making adjustments.

To make sure that is what individuals commonly intend to track in a CMDB and also why it is occasionally not an excellent suggestion so what needs to enter into a CMDB. The solution is it depends. An ITIL specified CMDB might or might not respect equipment configs unless that certain equipment config concerns a solution. ACMDB could additionally have a property monitoring remedy (for points like equipment config area and also service warranty details) yet is extra concerning partnerships of a certain Configuration Item to various other CI. Relationships include points like "is liable for", "is linked to", "depends on" and also (harder yet in a lot of cases more vital) "required for SLA tier_". Basically, document what is called for to recreate the solution - not the web server.

As an example. If e-mail was the solution I would certainly detail points like :

Hardware : 64 little bit CPU, 3gb of ram (based upon # of customers on @today) 7gb of room for web server install, 100 gb of storage space for exchange dbs and also recuperation (based upon use since @today), dvd rom drive.

Software program : Server 2003 R2, Exchange 2007 SP2, MPIO vehicle drivers for the SAN

etc ...

CMDBs are not commonly for web server admin use. Admins will certainly be much better with a property monitoring remedy.

2019-12-03 04:24:28

Windows :

  • OS Version
  • OS Service Pack
  • Security Patches
  • Audit plan (need to be applied using GPO)
  • Members of Administrators, Power Users, and also Remote Desktop Users
  • Installed application checklist
  • Network Shares
2019-12-03 03:06:38