Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

Choosing The Right Configuration Management Tool

Choosing The Right Configuration Management Tool

Chef, Puppet, Ansible, Salt, Microsoft's PowerShell DSC, Cobbler and CFEngine are all good options when choosing a configuration management tool. Here are some key points of each of these products.

What Is Configuration Management

Configuration management is one of today's most popular buzzwords. But like many of these terms you hear thrown around in meetings, you may not know exactly what it means.

In short, configuration management deals with maintaining the hardware and software of a business. It involves making a detailed recording of the information about the computer system and updating it as needed. This includes listing all of the installed software, the network addresses of the computers, and the configuration of different pieces of hardware. It also means creating updates or ideal models that can be used to quickly update computers or restore them to a predefined baseline.

Configuration management software makes it easy for a system administrator to see what programs are installed and when upgrades might be necessary. For example, if a user needs to run certain programs that are incompatible with the newest operating system, the system administrator would note this when looking at the record for that user's computer, and he'd know not to upgrade the OS.

MORE: Intro To Configuration Management: Benefits of CM
MORE: Building A Business Case For Automation And Orchestration

With so many configuration management products out there, it's hard to know which is the best for your business. To help you, we put together a list of some of the major configuration management software solutions on the market. We'll take a look at their main features and cover the types of companies that would benefit the most from them.


Chef is available as a free open source product and a paid enterprise subscription. It's written in Ruby, and those who know this programming language can easily customize Chef to their needs. It has more than 800 different modules that can be used for free. Installation is quick and easy, and it includes a number of features, such as text-based search and support for multiple environments. Its command line interface, testing mode, and large database make it ideal for companies that need to store records for a large number of computers, or that have some unique needs. The capability to install or even create different modules makes this one of the most customizable configuration management options.


Puppet started out as a DevOps tool, but has become popular as a configuration management tool as well. Much like Chef, it's also written in Ruby and available in both free open source and paid enterprise versions. While Chef has a number of different features that are available for free, Puppet's main features are in its paid enterprise version. Companies that don't need a whole lot of features can probably survive with the open source version, especially if they have someone with strong Ruby programming skills. Otherwise, they may need to purchase the enterprise version, which has more than 2,000 pre-built configurations along with other options. Role-based access, orchestration, automation, an event inspector and more are all included in the paid version. Plus, it's been designed to work on a variety of platforms.


Ansible uses Secure Shell (SSH) to provide a simple management tool with very strong security. It offers a number of other services besides configuration management, such as workflow monitoring, automating app deployment for updates, and more. Ansible focuses on five principles:

  • A small learning curve;
  • Ease of use;
  • Automation for almost everything;
  • Efficiency;
  • Strong security.

It's an open source program too, so it's a good choice for new and small businesses that don't have a huge budget. It's also useful for those who need a configuration management tool but don't have the time to learn how to use some of the more complicated programs. A paid version with more features is also available.


Salt is a part of a larger application designed for enterprise-level operations. It makes use of minions -- little sub-processes that take commands from the main Salt system and then report the results of those commands. Salt supports a large number of hosts simultaneously, and it's very easy to create configuration files. The learning curve here is fairly low, so Salt is a good choice for those without a lot of programming knowledge. Because it's not open source though, it can't be easily customized. However, you can use any language you want to render your configurations, so you do have some control over your files.

Microsoft's PowerShell DSC

PowerShell Desired State Configuration (DSC) is a configuration management solution created by Microsoft. It now comes standard with Windows 8.1 and Windows Server 2012 R2. DSC enables system administrators to easily manage files, directories, registry settings, and user accounts. Because it runs in the familiar Windows environment, PowerShell DSC is going to be more intuitive for Windows users. Configurations are authored using either PowerShell or a third-party tool, then prepared to be either pushed or pulled. This means either the server pushes updates onto individual computers, or those computers pull updates from the server. PowerShell is another useful option for those without a lot of programming skills, but it's limited in that it's only available for Windows.


Cobbler is based on the ideas of reuse, reduce, and recycle. This Linux installation makes use of a large library of different templates for creating configuration services. All of its response files are created from templates, so much of the coding involved is reused. Besides its many templates, Cobbler has a huge library of snippets you can add to these templates. This makes creating your own configurations very easy, because there's no need to write a lot of code. Cobbler can also be connected to other configuration management programs, like Puppet.


CFEngine is one of the oldest configuration management systems available, which means it's gone through a number of updates already. It's moved from focusing on a local data center to being more cloud-based. CFEngine's automation framework is paired with a monitoring and modeling compliance engine that takes up very little space on your system. It's easy to create a configuration profile; simply model your ideal state, simulate the changes you need to make before actually making them, and then confirm the configuration, setting it for automatic repairs when needed. CFEngine's library will help you build your state, making this configuration management tool fairly easy to use.

Which Configuration Management Tool Is Right For You?

Chef is written in Ruby, so it can be customized by those who know the language. It also includes free features, plus it can be upgraded from open source to enterprise-level if necessary. On top of that, it's a very flexible product. Puppet is also a Ruby-based configuration management tool, but while it has some free features, much of what makes Puppet great is only available in the paid version. Organizations that don't need a lot of extras will find Puppet useful, but those needing more customization will probably need to upgrade to the paid version.

Ansible is a very secure option since it uses Secure Shell. It's a simple tool to use, but it does offer a number of other services in addition to configuration management. It's very easy to learn, so it's perfect for those who don't have a dedicated IT staff but still need a configuration management tool. Salt on the other hand, is made more for larger businesses, but its learning curve is still fairly low. It does not have an open source version, however, so it will impact the budget from the get-go.

For those running Windows-based shops, Microsoft's PowerShell DSC is a good option. It runs in a familiar Windows setup so it's very easy to learn how to use, but it is really just meant for Windows systems and limited Linux purposes.

Cobbler is all about reusing coding and templates. It has a huge library for users to select from, so there's not a lot of coding involved. It can also be used in conjunction with Puppet and other configuration management programs to make creating configurations in those tools much easier.

Finally, CFEngine is an older tool that has already been updated a number of times. It's now a cloud-based configuration management tool that takes up little space and doesn't have a lot of frills, but it gets the job done quickly and easily.

There are many different types of configuration management products, each of which has its own advantages and disadvantages. Chef, Puppet, Ansible, Salt, Microsoft's PowerShell DSC, Cobbler and CFEngine are all solid options, but not all of them are going to be good options for your organization. Look at the different advantages and disadvantages of each and how they meet your needs before selecting one to use.