Configuration Management on multiple distributed servers using policy definitions held in a central Sysgem File Synchronizer (SFiS) source file repository.
SFiS provides a complete and secure environment to build a central store of source configuration definition files. A single source file defines how target configuration files look, including all the variants for each server.
Shell commands embedded in the source files add flexibility to server specific updates.
Use 'Sysgem File Synchronizer' (SFiS) to:
… and why stop at configuration files? Indeed any file required on multiple servers can be handled by SFiS. Control access to this powerful yet simple to use tool and delegate options with precision and confidence... and the best thing is: using SFiS could not be easier to use!For more information read the "Detailed Features" below.
Q: How do you edit configuration files on multiple remote servers, on the various UNIX and Linux platforms, especially when there are large numbers of servers to manage?
Q: How do you control server-specific differences in configuration files on separate systems?
Q: Having once set up the configuration on multiple systems, how do you prevent them from being modified or straying away from corporate policies?
Q: How do you make a planned update to configuration files when there are many servers to control?
Q: As a security manager, how do you ensure that SSH configuration settings are not compromising security and that they are not being changed by unauthorized individuals?
Q: How do you audit track configuration changes and attribute modifications to individuals?
Q: Above all, how do you do all this in a simple, economical, effective and reliable fashion?
A: The answers to all these questions can be found below…
The SFiS GUI lists source files permitted for each user to edit, to create new files, to delete old ones, etc. Source files contain details of the text to be stored on target servers and also have meta-language rules to define variants for different servers.
The meta-language comprises an extremely simple set of clauses. A clause is a single character placed in the first position of each line in a source file. A clause defines, among other things, whether the rest of the line is:
• text for the target file;
• a specification of the name and location of the target file;
• to which server the particular text applies;
All changes to source files are audit logged giving details of who made the change, which files were changed, etc.
Source files are held in a single Sysgem folder stored with restricted access. The files incorporate a check-sum and are encrypted for maximum integrity and security.
Lists of servers and configuration files show whether updates are required to individual files or servers. Drilling down into individual files show the details of discrepancies between the central source definition and the target file. Those files needing an update are selected and, with a single click, synchronized with the central definition.
It is very easy to set up 'Unattended Mode Operations' to periodically and continually monitor the state of target files by comparing them to their central source definition. The frequency of refreshing a report can be as short or as long as you wish.
When your criteria for taking action are met, an alarm is automatically triggered and the action taken. This can be an email notification with details of the inconsistency.
Interactively browse the network at any time and take a report of the current situation. Save this information as an HTML report or as a spreadsheet/text file/MS Word document/etc.
Shell commands are run, as a pre- or post- update task, to take configuration action on the impending or completed file-update. Customer and server specific shell commands are embedded in the source file and are automatically invoked as part of the file synchronization task.
Typical files controlled by Sysgem File Synchronizer are:
Any text file can be managed: apache (httpd.conf); squid (squid.conf); ssh (sshd_config, ssh_config); resolv.conf; Oracle parameters… the list is endless!
Access to the File Synchronizer and all the individual features within can be controlled per user. Different levels of privileges can be given to different users. For example, control access to:
All actions taken by individual users to source files or target systems are recorded in a central Audit Trail database. An Audit Browser window is provided allowing all past events to be reviewed, analysed and included in reports.
An alternative to Sysgem's File Synchronizer is to log into each of the multiple target systems, check the content of the files and update them manually – a never-ending job for a system manager or security manager. Without SFiS, as soon as the last server has been checked it would be time to start with the first one again! When large numbers of servers are involved, this would be like the never-ending job of…
"Painting the Forth Rail Bridge!"