More than ever, server configuration is important. Misconfiguration can not only have devastating effects on server performance, but they can also pose a security risk. This is why server configuration monitoring and auditing tools have become popular. They can help you ensure that your server configurations are standardized, that the common elements have identical configurations on each server and that the configurations in place comply with whatever regulatory framework your organization is subjected to. These tools are also security tools as they will quickly spot any unauthorized configuration change and alert you to it. Today, we’re reviewing some of the top server configuration monitoring and auditing tools.
We’ll begin our exploration with some background information that will ensure that we’re all on the same page and that we all agree on what is what. It is important as it seems like everyone has his own idea of what server configuration monitoring and auditing is. These different points of view become obvious when you look at the widely different functionalities offered by the multiple tools. So, we’ll start off by trying to explain what server configuration monitoring and auditing is. Then, we’ll briefly discuss Server Configuration Management, trying to find out if it is just a different name for the same thing or if it is really something else. Overall, we’ll see that nothing in this particular field of information technology is clearly defined. Because of that, many different types of tools are available. With all this background information behind us, we’ll finally jump into the core of the subject and review some of the best tools we could find.
- 1 About Server Configuration Monitoring And Auditing
- 2 Configuration Management – The Same Thing?
- 3 Some Of The Best Available Tools
About Server Configuration Monitoring And Auditing
Let’s start by trying to better define the concept of server configuration monitoring and auditing. It seems like the only thing everyone agrees on is that it deals with server configuration. Let’s start with that. Server configuration refers to the operational parameters of servers. This can include which services are running, how the network stack it configured, how time is synchronized, any configurable parameter found on a server.
Extending from our attempt at defining server configuration, server configuration monitoring is the surveillance of the server configuration parameters to ensure they are not changed unknowingly. Any change should be a planned change and any unplanned change could be an indication of some abnormal activity and should be cause for concern.
As for server configuration auditing, it is closely related. It pertains to making sure that server configurations are done according to plan. The objective of auditing server configurations could simply be to ensure some degree of uniformity across servers but it can also be a regulatory requirement. Some regulatory frameworks—such as PCI-DSS, for example—mandate that some configuration options are set in a precise way. Server configuration auditing can then be used to demonstrate compliance.
Configuration Management – The Same Thing?
Another popular concept, when it comes to server configuration is server configuration management. And many people wonder if server configuration management and server configuration monitoring and auditing are not one and the same. Unfortunately, this is another question which lacks a clear answer.
The way we see it, server configuration management is a larger process which often includes monitoring and auditing components. As such, some of the tools on our list are actually server configuration management tools. The main difference is that server configuration management entails automating some of the steps involved in configuring servers. The concept also often include backing up server configurations.
In summary, server configuration monitoring and auditing is a subset of server configuration management. This is why some of the tools we’re about to review are actually management tools. But there are also tools which are standalone monitoring tools or auditing tools while some combine monitoring and auditing in the same tool.
Some Of The Best Available Tools
As you might be expecting by now, our list includes an impressive variety of tools with about just as many different functionalities as there are tools. Some of our tools are true server configuration monitoring and auditing tools. Others are server configuration management tools. Others yet don’t fit into any category of tools. They do, however, provide so a way of monitoring and/or auditing server configurations. This was our primary inclusion factor.
1. SolarWinds Server Configuration Monitor (Free Trial)
SolarWinds is one of the best-known makers of network administration tools. The company has been around for some twenty years and has brought us several memorable tools. Its flagship product, the SolarWinds Network Performance Monitor consistently scores among the top network bandwidth monitoring tools. And to make things even better, SolarWinds also makes several free tools, each addressing a specific need of network and system administrators.
When it comes to monitoring and auditing server configurations, what you need it the SolarWinds Server Configuration Monitor or SCM. While the name pretty much says it all, there’s more to this tool. It is a powerful and easy-to-use product which is designed to provide tracking of server and application changes in your network. As a troubleshooting tool, it can give you the necessary information about configuration changes and their correlations with performance slowdown. This can help you find the root cause of some performance problems caused by configuration changes.
- Free Trial: SolarWinds Server Configuration Monitor
- Official Download Link: https://www.solarwinds.com/server-configuration-monitor/registration
The SolarWinds Server Configuration Monitor is an agent-based tool, with the agent deployed on each server being monitored. The advantage of this architecture is that the agent can keep gathering data even when the server is disconnected from the network. The data is then sent to the tool as soon as the server is back online.
Feature-wise, this product leaves nothing to be desired. In addition to what’s already been mentioned, this tool will automatically detect servers that are eligible for monitoring. It comes with out-of-the-box configuration profiles for the most common servers. The tool will also let you view hardware and software inventories and report on them too. You can easily integrate SCM into your system monitoring solution thanks to the Orion Platform from SolarWinds. This is a great tool that can be used to monitor your on-premises physical and virtual server as well as your cloud-based environment.
Prices for the SolarWinds Server Configuration Monitor are not readily available. You’ll need to request a formal quote from SolarWinds. However, a 30-day evaluation version is available for download.
2. Netwrix Auditor For Windows Server
Next on our list is the Netwrix Auditor for Windows Server, a free Windows Server reporting tool that keeps you posted on all changes made to your Windows Server configuration. It can track changes such as the installation of software and hardware, changes to services, network settings and scheduled tasks. This toll will send daily activity summaries detailing every change during the last 24 hours, including the before and after values for each modification.
Netwrix claims that the Netwrix Auditor for Windows Server is the “free Windows Server monitoring solution you’ve been looking for“. The product complements native network monitoring and Windows performance analysis solutions. It has several advantages over the built-in audit tools available in Windows Server. In particular, it improves security and offers more convenient audit data retrieval, consolidation and representation. You’ll also appreciate how easily you can enable continuous IT auditing with far less time and effort and control changes more efficiently.
As good as the Netwrix Auditor for Windows Server is, it is a free tool with a somewhat limited feature set. If you want more functionality, you might want to try the Netwrix Auditor Standard Edition. It is not a free tool but it comes with a vastly extended feature set. The good thing is that when you download the free Netwrix Auditor for Windows Server, it will include all the features of its big brother for the first 30 days, letting you get a taste of it.
3. Quest Change Auditor
Quest Software is a well-known maker of network administration and security tools. Its server configuration monitoring and auditing tool is aptly called the Quest Change Auditor and it offers real-time security and IT auditing of your Microsoft Windows environment. What this tool give you is complete, real-time IT auditing, in-depth forensics and comprehensive security monitoring on all key configuration, user and administrator changes for Microsoft Active Directory, Azure AD, Exchange, Office 365, Exchange Online, file servers and more. The Quest Change Auditor also tracks detailed user activity for logons, authentications and other key services across organizations, enhancing threat detection and security monitoring. It features a central console which eliminates the need for and complexity of multiple IT audit solutions.
One of this tool’s great features is the Quest Change Auditor Threat Detection, a proactive threat detection technology. It can simplify user threat detection by analyzing anomalous activity to rank the highest risk users in your organization, identify potential threats and reduce the noise from false positive alerts. The tool will also protect against changes to critical data within AD, Exchange and Windows file servers, including privileged groups, Group Policy objects and sensitive mailboxes. It can generate comprehensive reports for security best practices and regulatory compliance mandates, including GDPR, SOX, PCI-DSS, HIPAA, FISMA, GLBA and more. It can also correlate disparate data from numerous systems and devices into an interactive search engine for fast security incident response and forensic analysis.
The pricing structure of the Quest Change Auditor is rather complex as each monitored platform must be purchased separately. On the plus side, a free trial of the product is available for each supported platform.
4. Puppet Enterprise
Puppet Enterprise is more, way more, than a server configuration monitoring and auditing tool. It is an all-encompassing integrated management solution. The various tools in Puppet Enterprise let you discover, control and deliver all of your applications and the infrastructure they run on. It gives you a common language to manage everything you have, from mainframes to containers, in the cloud or on premises.
Puppet Enterprise has over 5,500 prebuilt supported, approved and community-contributed modules. With such as broad range of covered products, it’s easy to get started quickly and automate your infrastructure. It supports many different platforms from AWS, Azure, Docker and OpenStack to AIX, Cisco, Splunk and VMware. The toolset will accelerate the provisioning and the management of your virtual machines, cloud resources, network devices, and more.
When it comes to server configuration monitoring, users seem to like how easy it is to track changes on servers. The ability to go back and look at previous reports to see what changes were made during previous puppet runs is also much appreciated. Puppet Enterprise has a rather steep learning curve but, if you’re looking for a full-featured automation solution, it’s certainly worth looking at.
Ansible from Red hat falls into the same category as Puppet. It is a very broad automation platform that can be used for a huge array of tasks which include such diverse things as software deployment to server configuration monitoring. Wikipedia defines it as “an open source software that automates software provisioning, configuration management, and application deployment“.
Of course, in the context of this list, what’s of interest to us are the tool’s configuration management capabilities. Despite being a complex tool, Ansible claims to be the simplest available solution for configuration management. It is designed to be minimal in nature, consistent, secure and highly reliable, with an extremely low learning curve for administrators, developers and IT managers.
Ansible only requires a password or SSH key in order to start managing systems. It can manage them without installing any agent software. This can avoid an all too common problem with agent-based solutions: “managing the management”. When using Ansible, gone are the days of wondering why configuration management daemons are down, when to upgrade management agents, or when to patch security vulnerabilities in those agents.
CFEngine is another open-source configuration management system. The tool’s primary function is to provide automated configuration and maintenance of large-scale computer systems. This includes the unified management of servers, desktops, consumer and industrial devices, embedded networked devices, mobile smartphones, and tablet computers. Created way back in 1993, it is certainly the oldest tool on our list. Its venerable age is a testament to the value of the tool.
CFEngine offers administrators an interface which is independent of any operating system. This facilitates maintenance actions across different hosts running different OSes. The tools underlying idea behind CFEngine is that that computer configuration needs to be executed in a convergent manner. This means that no matter what the initial system state is, CFEngine can be run over and over with predictable results. Arguably the most established configuration management tool, CFEngine has undergone numerous iterations but has managed to retain its relevance even as operating systems have migrated from local data centers to the cloud.
Today, CFEngine exists in two versions. There’s CFEngine Community, a truly free and open-source product. There’s also a CFEngine Enterprise version which is only free to use for up to 25 hosts. If you have more than that, you’ll need to contact CFEngine and acquire a license. The main advantage of the Enterprise version is the support you get from CFEngine.
Chef is a powerful configuration management tool which is available either as an open-source or as an enterprise-grade product. It is a flexible and scalable platform for automation and it is capable of offering integration with most major cloud providers. The tool also has support for enterprise platforms, including Windows and Solaris. It also allows users to bootstrap, manage, and develop OpenStack clouds.
Chef has a different approach from similar tools in that it automates infrastructure by transforming it into code and making it more testable, dynamic, and human-readable. This lets administrators quickly and easily provision, manage, and adapt infrastructure components to their changing requirements. The tool speeds up and simplifies the process of moving applications to the cloud. Using it, workload migration becomes more consistent and maintains a pace that suits to administrators.
Chef can be used to easily manage different types of environments and servers, both on-premises and the cloud. Using this tool makes it easier to control all cloud environments. This allows you to choose the cloud providers that meet your requirements based on features and cost. Chef is a reliable solution and the Chef Server API remains available even during partial hardware or network failure. For extra robustness, the system can be operated in a high-availability configuration.
Salt—which is sometimes referred to as the SaltStack Platform—is a Python-based open-source configuration management software and remote execution engine. Somewhat like Chef, it uses the “Infrastructure as Code” approach to deployment and cloud management. The tool is in the same category as and competes directly with similar tools such as Puppet, Ansible, and Chef.
One of the product’s strong suits is the numerous amazing features which are available for configuration management. Most importantly, using this tool is very straightforward and any administrator should feel comfortable using it. It is also recognized as a transparent tool with which administrators can clearly see and understand what’s going on within the product. This is different from some other products that have more of a black-box approach. For an open-source product, the community support available is better than what’s available with many comparable products. You might never need support, though, as this product is quite resilient. And if you’re managing a growing network—aren’t they all—you’ll certainly appreciate the tool’s scalability.