What tool can I use to manage the configuration of my Windows Server environments

I help manage environments for an application that uses cloud-based Windows server VMs. The application stack consists of Windows Server 2008 and Windows Server 2012, SQL Server 2008, IIS, and SharePoint 2010. I have several environments Dev/Test/Stage/Prod. I am looking for a way to do configuration management of those environments to make sure any environmental changes are applied in a consisent way and there is a way to verify that no changes have been made to one environment that have not been made to other environments.

I have been reading up on Puppet, Chef, etc and I like the idea of doing delcarative configuration management. What is a good method or tool to use to help manage the configuration of these environments. I know a little about SCCM but it is too expensive for this particular situation although I would still be interested in knowing if it has the capabiltiy to do those things.


Solution 1:

System Center Configuration Manager's (SCCM) Desired State Configuration is exactly what you're describing.

If you have no budget for this (like your question makes it seem) you can leverage PowerShell DSC instead.

System Center Operations Manager (SCOM) doesn't factor in here- it's a monitoring and alerting platform, not a configuration management one. (Note that the original question asked about SCOM but the OP edited it out)

Note that since 2012, when you buy one System Center product, you get them all. There are 9 total and they are a big boon to Windows shops that can successfully leverage some or all of them.

Solution 2:

From what I can tell Chef and Salt have the best Windows support as of today (2/14/2014).

From Cooking on Windows with Chef:

Chef has had a long history of support for Microsoft Windows as a platform, dating back to 2011 when Opscode first released the knife-windows plugin to bootstrap and manage Windows servers. You can use both built-in Chef resources and a plethora of community cookbooks to manage Internet Information Services (IIS), SQL Servers and their databases, registry keys, installing Windows features and roles, and more. You can also use the knife-azure plugin to interact with the Microsoft Azure platform to seamlessly provision Azure servers and register them with Chef.

Salt/SaltStack has Salt Minion supports for the Windows platform and many of the standard Salt modules have been ported to windows.

Puppet has some Windows support:

Puppet runs on Windows clients but Windows nodes cannot act as puppet masters or certificate authorities and most of the ancillary Puppet subcommands are not supported on windows.

Ansible is not supported on Windows yet but there is support for Windows servers as endpoints on their roadmap. Some experimental support is provided via Cygwin.

Solution 3:

This question is difficult to answer broadly/generically because the answers are subjective: What if Tool A is great for Windows Server (the OS), but is crappy at managing GPOs, whereas Tool B is the reverse? Which tool you prefer would depend on your use case.

That said, jscott is correct - SCCM and the entire Systems Center suite is currently the best because it's from the vendor and purpose-built.

Now, if you have other requirements that you didn't include in your question, which might change the appropriate answer and narrow the scope, that would be great. Rather than focusing on a tool, how about you give us a detailed description of the problem that you are facing? The things that you get for free with Windows Server (WDS and AD with GPOs) do a pretty good job all on their own of building and managing a Windows environment.