Cloud DevOps DevSecOps-Security-Privacy Linux Software Engineering

DevOps toolchain

See also: CloudOps, toolchain

“A DevOps toolchain is a set or combination of tools that aid in the delivery, development, and management of software applications throughout the systems development life cycle, as coordinated by an organization that uses DevOps practices.

Generally, DevOps tools fit into one or more activities, which supports specific DevOps initiatives: Plan, Create, Verify, Package, Release, Configure, Monitor, and Version Control.[1][2]” (WP)


“In software, a toolchain is the set of programming tools that is used to perform a complex software development task or to create a software product, which is typically another computer program or a set of related programs. In general, the tools forming a toolchain are executed consecutively so the output or resulting environment state of each tool becomes the input or starting environment for the next one, but the term is also used when referring to a set of related tools that are not necessarily executed consecutively.[3][4][5]

As DevOps is a set of practices that emphasizes the collaboration and communication of both software developers and other information technology (IT) professionals, while automating the process of software delivery and infrastructure changes, its implementation can include the definition of the series of tools used at various stages of the lifecycle; because DevOps is a cultural shift and collaboration between development and operations, there is no one product that can be considered a single DevOps tool. Instead a collection of tools, potentially from a variety of vendors, are used in one or more stages of the lifecycle.[6][7]” (WP)

Stages of DevOps

Further information: DevOps


Plan is composed of two things: “define” and “plan”.[8] This activity refers to the business value and application requirements. Specifically “Plan” activities include:

  • Production metrics, objects and feedback
  • Requirements
  • Business metrics
  • Update release metrics
  • Release plan, timing and business case
  • Security policy and requirement

A combination of the IT personnel will be involved in these activities: business application owners, software developmentsoftware architects, continual release management, security officers and the organization responsible for managing the production of IT infrastructure.


Create is composed of the building (see also build automation), coding, and configuring of the software development process.[8] The specific activities are:

Tools and vendors in this category often overlap with other categories. Because DevOps is about breaking down silos, this is reflective in the activities and product solutions.[clarification needed]


Verify is directly associated with ensuring the quality of the software release; activities designed to ensure code quality is maintained and the highest quality is deployed to production.[8] The main activities in this are:

Solutions for verify related activities generally fall under four main categories: Test automation , Static analysis , Test Lab, and Security.


Packaging refers to the activities involved once the release is ready for deployment, often also referred to as staging or Preproduction / “preprod”.[8] This often includes tasks and activities such as:

  • Approval/preapprovals
  • Package configuration
  • Triggered releases
  • Release staging and holding


Release related activities include schedule, orchestration, provisioning and deploying software into production and targeted environment.[9] The specific Release activities include:

  • Release coordination
  • Deploying and promoting applications
  • Fallbacks and recovery
  • Scheduled/timed releases

Solutions that cover this aspect of the toolchain include application release automation, deployment automation and release management.


Configure activities fall under the operation side of DevOps. Once software is deployed, there may be additional IT infrastructure provisioning and configuration activities required.[8] Specific activities including:

  • Infrastructure storage, database and network provisioning and configuring
  • Application provision and configuration.

The main types of solutions that facilitate these activities are continuous configuration automationconfiguration management, and infrastructure as code tools.[10]


Monitoring is an important link in a DevOps toolchain. It allows IT organization to identify specific issues of specific releases and to understand the impact on end-users.[8] A summary of Monitor related activities are:

  • Performance of IT infrastructure
  • End-user response and experience
  • Production metrics and statistics

Information from monitoring activities often impacts Plan activities required for changes and for new release cycles.

Version Control

Version Control is an important link in a DevOps toolchain and a component of software configuration management. Version Control is the management of changes to documents, computer programs, large web sites, and other collections of information.[8] A summary of Version Control related activities are:

  • Non-linear development
  • Distributed development
  • Compatibility with existent systems and protocols
  • Toolkit-based design

Information from Version Control often supports Release activities required for changes and for new release cycles.

See also


  1. ^ Edwards, Damon. “Integrating DevOps tools into a Service Delivery Platform”
  2. ^ Seroter, Richard. “Exploring the ENTIRE DevOps Toolchain for (Cloud) Teams”
  3. ^ “Toolchain Overview” 2012-01-03. Retrieved 2013-10-21.
  4. ^ “Toolchains” 2013-09-08. Retrieved 2013-10-21.
  5. ^ Imran, Saed; Buchheit, Martin; Hollunder, Bernhard; Schreier, Ulf (2015-10-29). Tool Chains in Agile ALM Environments: A Short IntroductionLecture Notes in Computer Science9416. pp. 371–380. doi:10.1007/978-3-319-26138-6_40ISBN 978-3-319-26137-9.
  6. ^ Loukides, Mike (2012-06-07). “What is DevOps?”.
  7. ^ Garner Market Trends: DevOps – Not a Market, but Tool-Centric Philosophy That supports a Continuous Delivery Value Chain (Report). Gartner. 18 February 2015.
  8. a b c d e f g Avoid Failure by Developing a Toolchain that Enables DevOps (Report). Gartner. 16 March 2016.
  9. ^ Best Practices in Change, Configuration and Release Management (Report). Gartner. 14 July 2010.
  10. ^ Roger S. Pressman (2009). Software Engineering: A Practitioner’s Approach (7th International ed.). New York: McGraw-Hill.



Fair Use Sources:

Cloud Operating Systems Windows Server

Windows Server 2019 Inside Out

Fair Use Source: B087XCZ77Y, WS19IO

Windows Server 2019 Inside Out by Orin Thomas, 2020

Published with the authorization of Microsoft Corporation by: Pearson Education, Inc.

Product details

  • ASIN: B087XCZ77Y
  • ISBN-13: 978-0-13-549227-7
  • ISBN-10: 0-13-549227-0
  • Publisher: Microsoft Press; 1st edition (May 7, 2020)
  • Publication date: May 7, 2020
  • Print length: 800 pages

Contents at a glance

  • Chapter 1 – Administration tools
  • Chapter 2 – Installation options
  • Chapter 3 – Deployment and configuration
  • Chapter 4 – Active Directory
  • Chapter 5 – DNS, DHCP, and IPAM
  • Chapter 6 – Hyper-V
  • Chapter 7 – Storage
  • Chapter 8 – File servers
  • Chapter 9 – Internet Information Services (IIS)
  • Chapter 10 – Windows Containers
  • Chapter 11 – Clustering and high availability
  • Chapter 12 – Active Directory Certificate Services (ADCS)
  • Chapter 13 – Active Directory Federation Services (ADFS)
  • Chapter 14 – Dynamic Access Control (DAC) and Active Directory Rights Management Services (ADRMS)
  • Chapter 15 – Routing and Remote Access (RRA)
  • Chapter 16 – Remote Desktop Services (RDS)
  • Chapter 17 – Azure IaaS and hybrid services
  • Chapter 18 – Windows Subsystem for Linux (WSL)
  • Chapter 19 – Hardening Windows Server and Active Directory Security
  • Chapter 20 – Security systems and services
  • Chapter 21 – Maintenance and monitoring
  • Chapter 22 – Upgrade and migration
  • Chapter 23 – Troubleshooting
  • Index

Fair Use Source: B087XCZ77Y, WS19IO

Detailed Table of Contents:

  • Introduction
  • Changes since Windows Server 2016 Inside Out
  • Acknowledgments
  • Errata, updates, and book support

  • Chapter 1 Administration tools
  • Remote not local
  • Privileged Access Workstations
  • Windows Admin Center (WAC)
  • Installing Windows Admin Center
  • Windows Admin Center extensions
  • Show script
  • Remote Server Administration Tools (RSAT)
  • RSAT consoles
  • Server Manager console
  • PowerShell
  • PowerShell Modules
  • PowerShell Gallery
  • PowerShell Remoting
  • One-to-many remoting
  • PowerShell ISE
  • PowerShell Direct
  • Remote Desktop
  • SSH

  • Chapter 2 Installation options

Windows Server 2019 editions

Windows Server servicing branches

Long Term Servicing Channel

Semi Annual Channel

Insider Preview Builds

Server Core

Server Core interface

Server Core roles

Server Core App Compatibility Features on Demand

When to deploy Server Core

Server with Desktop Experience

Roles and features

Chapter 3 Deployment and configuration

Bare metal versus virtualized

Windows images

Modifying Windows images

Servicing Windows images

Mounting images

Adding drivers and updates to images

Adding roles and features

Committing an image

Build and capture

Answer files

Windows Deployment Services

WDS requirements

Managing images

Configuring WDS

Configuring transmissions

Driver groups and packages

Virtual Machine Manager

Virtual machine templates

VMM storage

VMM networking

Adding a WDS to VMM

VMM host groups

Infrastructure configuration as code

Desired State Configuration

DSC configuration files

Local Configuration Manager

DSC resources

DSC push model

DSC pull server

Chef Infra Server

Chef servers

Chef Development Kit

Deploying Chef agents

Deploying Chef cookbooks and recipes


Puppet Master Server

Deploying Puppet agent to Windows Server

Managing Windows Server configuration

Puppet Windows Module Pack

Package-management utilities

PowerShell Gallery


Chapter 4 Active Directory

Managing Active Directory

Remote rather than local administration

Active Directory Administrative Center

Active Directory Users and Computers console

Active Directory Sites and Services console

Active Directory Domains and Trusts console

Domain controllers


Server Core

Global catalog servers

Read only domain controllers

Virtual domain controller cloning

AD DS structure


Domain functional levels


Account and resource forests

Organizational units

Flexible Single Master Operations roles


User accounts

Computer accounts

Group accounts

Default groups

Service accounts

Group policy

GPO management

Policy processing

Group Policy preferences

Administrative templates

Restoring deleted items

Active Directory Recycle Bin

Authoritative restore

Active Directory snapshots

Managing AD DS with PowerShell

Active Directory module

Group Policy module

ADDSDeployment module

Chapter 5 DNS, DHCP, and IPAM


DNS zone types

Zone delegation

Forwarders and conditional forwarders

Stub zones

GlobalNames zones

Peer Name Resolution Protocol

Resource records

Zone aging and scavenging


DNS event logs

DNS options

Delegated administration

Managing DNS with PowerShell



Server and scope options


DHCP filtering


Multicast scopes

Split scopes

Name protection

DHCP failover



Deploy IPAM

Configure server discovery

IPAM Administration

Managing IPAM with PowerShell

Chapter 6 Hyper-V

Dynamic memory

Smart paging

Resource metering

Guest integration services

Generation 2 VMs

Enhanced Session Mode

Discrete Device Assignment

Nested virtualization

Nested virtualization dynamic memory

Nested virtualization networking

PowerShell Direct

HVC for Linux

Virtual hard disks

Fixed-sized disks

Dynamically expanding disks

Differencing disks

Modifying virtual hard disks

Pass-through disks

Managing checkpoints

Virtual Fibre Channel adapters

Storage QoS

Hyper-V storage optimization


Storage tiering

Hyper-V virtual switches

External switches

Internal switches

Private switches

Virtual machine network adapters

Optimizing network performance

Bandwidth management


Dynamic virtual machine queue

Virtual machine NIC teaming

Virtual machine MAC addresses

Network isolation

Hyper-V replica

Configuring Hyper-V replica servers

Configuring VM replicas

Replica failover

Hyper-V replica broker

Hyper-V failover clusters

Hyper-V host cluster storage

Cluster quorum

Cluster networking

Force Quorum Resiliency

Cluster Shared Volumes

Active Directory detached clusters

Preferred owner and failover settings

Hyper-V guest clusters

Hyper-V guest cluster storage

Shared virtual hard disk

Hyper-V VHD Sets

Live migration

Storage migration

Exporting, importing, and copying VMs

VM Network Health Detection

VM drain on shutdown

Domain controller cloning

Shielded virtual machines

Managing Hyper-V using PowerShell

Chapter 7 Storage

Storage spaces and storage pools

Storage pools

Storage space resiliency

Storage space tiering

Thin provisioning and trim

Creating virtual disks

Storage Spaces Direct

Storage Replica

Supported configurations

Configuring replication

SMB 3.1.1


iSNS server

Scale-Out File Servers

Server for NFS


Storage Quality of Service


Storage-related PowerShell cmdlets






Storage Replica

Chapter 8 File servers

Shared folder permissions

Using File Explorer

Windows Admin Center

Server Manager

File Server Resource Manager

Folder level quotas

File screens

Storage reports

File classification

File management tasks

Access-Denied Assistance

Distributed File System

DFS namespace

DFS replication


PowerShell commands

Shared Folder cmdlets

File Server Resource Manager cmdlets

BranchCache Cmdlets

DFS Cmdlets

Chapter 9 Internet Information Services

Managing sites

Adding websites

Virtual directories

Modifying site settings

Adding web applications

Configuring TLS certificates

Site authentication

Modifying custom error response

Adding or disabling the default document

Directory browsing

IP address and domain name filtering

URL authorization rules

Request filters

Application pools

Creating application pools

Configuring application pool recycling settings

IIS users and delegation

IIS user accounts

Delegating administrative permissions

Managing FTP

Managing IIS using PowerShell

Chapter 10 Containers

Container concepts

Isolation modes

Process Isolation mode

Hyper-V Isolation mode

Managing containers with Docker

Installing Docker


Retrieving container OS image

Container registries and images

Managing containers

Starting a container

Modifying a running container

Creating a new image from a container

Using Dockerfiles

Managing container images

Service accounts for Windows containers

Applying updates

Container networking




Layer 2 Bridge

Linux containers on Windows

Container orchestration


Docker Swarm

Chapter 11 Clustering and high availability

Failover clustering

Cluster quorum modes

Cluster storage and cluster shared volumes

Cluster networks


Cluster Aware Updating

Failover and preference settings

Multisite clusters

Cloud witness

Virtual machine failover clustering

Rolling upgrades

Workgroup clusters

Cluster sets

Managing failover clustering with PowerShell

Network Load Balancing

Network Load Balancing prerequisites

NLB cluster operation modes

Managing cluster hosts

Port rules

Filtering and affinity

Managing NLB with PowerShell

Chapter 12 Active Directory Certificate Services

CA types

Enterprise CA

Standalone CAs

Certificate revocation lists

CRL distribution points

Authority Information Access

Revoking a certificate

Publishing CRLs and delta CRLs

Certificate Services role services

Certificate templates

Template properties

Adding and editing templates

Certificate autoenrollment and renewal

CA management

Handling certificate requests

CA backup and recovery

Key archiving and recovery


Managing Certificate Services using PowerShell

Managing Certificate Services using Certutil.exe and Certreq.exe

Chapter 13 Active Directory Federation Services

AD FS components

Claims, claim rules, and attribute stores

Claims provider

Relying party

Relying party trust

Claims provider trust

Configuring certificate relationship

Attribute stores

Claim rules

Relying party trust claim rules

Claims provider trust claim rules

Configure Web Application Proxy

Workplace Join

Multifactor authentication

Managing AD FS with PowerShell

Managing Web Application Proxy with PowerShell

Chapter 14 Dynamic Access Control and Active Directory Rights Management Services

Dynamic Access Control

Configuring Group Policy to support DAC

Configuring User and Device Claims

Configuring Resource Properties

Central access rules

Central access policies


Access Denied Assistance

Installing AD RMS

AD RMS certificates and licenses

AD RMS Templates

AD RMS Administrators and Super Users

Trusted User and Publishing Domains

Exclusion policies

Apply AD RMS templates automatically

Managing AD RMS with Windows PowerShell

Dynamic Access Control cmdlets

Chapter 15 Routing and Remote Access

Remote Desktop Gateway

RD Gateway connection and resource policies

Configuring server settings

Configuring clients to use RD Gateway

Virtual private networks

IKEv2 Always On VPN protocol

SSTP VPN protocol

L2TP/IPsec protocols

PPTP VPN protocol

VPN authentication

Deploying a VPN server

Disable VPN protocols

Granting access to a VPN server

LAN routing

Network Address Translation (NAT)


DirectAccess topologies

DirectAccess server

Network Location Server

Configuring DirectAccess

Managing Remote Access using PowerShell

Chapter 16 Remote Desktop Services


Remote Desktop Connection Broker

Deployment properties

Remote Desktop Session Host

Session collection settings

Personal session desktops


Group Policy configuration

Remote Desktop Virtualization Host

Virtual machine preparation

Virtual desktop collections

Pooled virtual desktops

Personal virtual desktops

DDA and RemoteFX

Remote Desktop Web Access

Remote Desktop licensing

Installing RDS CALs

Activating a License Server

Managing Remote Desktop Services using PowerShell

Chapter 17 Azure IaaS and hybrid services

Windows Server IaaS VMs

Creating Azure IaaS VMs

IaaS VM networking

IaaS VM administration

Azure Active Directory

Azure Active Directory Connect

Azure AD Connect server requirements

Installing Azure AD Connect

Using UPN suffixes and non-routable domains

Monitor Azure AD Connect Health

Forcing synchronization

Configure object filters

Implement and manage Azure AD self-service password reset

Azure AD Password Protection

Azure AD DS

Azure hybrid cloud services

Connect Windows Admin Center

Creating Azure IaaS VMs from Windows Admin Center

Azure File Sync

Azure Arc

Azure Site Recovery

Azure Network Adapter

Chapter 18 Windows Subsystem for Linux

Linux on Windows Server

Installing WSL

WSL 2.0

Chapter 19 Hardening Windows Server and Active Directory

Hardening Active Directory

Hardening domain controllers

Least privilege

Role-Based Access Control

Password policies

Account security options

Protected accounts

Authentication policies silos

Disable NTLM

Block server operators from scheduling tasks

Enable Local Security Authority protection

KRBTGT account password

Enhanced Security Administrative Environment forest

Hardening Windows Server

User rights

Service accounts

Just Enough Administration

Privileged Access Management

Local Administrator Password Solution

Advanced auditing

Windows Firewall with Advanced Security

Shielded VMs

Guarded fabric

Chapter 20 Security systems and services

Security Compliance Toolkit

Policy Analyzer tool

Local Group Policy Object tool

Attack Surface Analyzer

Credential Guard

Windows Defender Application Control

Virtualization-based security

Controlled Folder Access

Exploit Protection

Windows Defender

Windows Defender SmartScreen

Chapter 21 Maintenance and monitoring

Data collector sets


Event Viewer

Event log filters

Event log views

Event subscriptions

Event-driven tasks

Network monitoring

Resource Monitor

Message Analyzer

Azure Monitor

Windows Server Backup

Backup locations

Backing up data

Role- and application-specific backups

Restore from backups

Restore to an alternative location

Azure Backup

Preparing Azure Backup

Backing up data to Azure Backup Agent

Restore from Azure Backup


Windows Server Update Services

Products, security classifications, and languages

Autonomous and replica modes

Update files

WSUS security roles

WSUS groups

WSUS policies

Deploying updates

Automatic approval rules

Azure Update Management

Monitoring and maintenance related PowerShell cmdlets

WSUS related PowerShell cmdlets

Chapter 22 Upgrade and migration

Supported upgrade and migration paths

Upgrading roles and features

Converting evaluation version to licensed version

Upgrading editions

Windows Server Migration Tools

Active Directory

FRS to DFSR migration

Migrating to a new forest

Active Directory Certificate Services



Verification and post migration tasks



Preparing to migrate DHCP


Verification and post migration tasks

File and storage servers

Migrate file servers using Storage Migration Service

Migrate file and storage servers using WSMT

Chapter 23 Troubleshooting

Troubleshooting methodology


Symptoms and diagnosis


Ranking hypothetical solutions

Applying solutions

Command-line tools

Sysinternals tools

Process Explorer

Process Monitor










Active Directory Explorer

Insight for Active Directory





Fair Use Source: B087XCZ77Y, WS19IO

Artificial Intelligence AWS Azure Cloud Data Science - Big Data DevOps DevSecOps-Security-Privacy GCP Hardware and Electronics Kubernetes Linux Networking Operating Systems PowerShell Python Software Engineering Windows Server

IaC Infrastructure as Code

Return to Timeline of the History of Computers, Networking

Infrastructure as code (IaC) is the process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.[1] The IT infrastructure managed by this process comprises both physical equipment, such as bare-metal servers, as well as virtual machines, and associated configuration resources. The definitions may be in a version control system. It can use either scripts or declarative definitions, rather than manual processes, but the term is more often used to promote declarative approaches.


IaC grew as a response to the difficulty posed by utility computing and second-generation web frameworks. In 2006, the launch of Amazon Web Services’ Elastic Compute Cloud and the 1.0 version of Ruby on Rails just months before[2] created widespread scaling problems in the enterprise that were previously experienced only at large, multi-national companies.[3] With new tools emerging to handle this ever growing field, the idea of IaC was born. The thought of modelling infrastructure with code, and then having the ability to design, implement, and deploy applications infrastructure with known software best practices appealed to both software developers and IT infrastructure administrators. The ability to treat infrastructure like code and use the same tools as any other software project would allow developers to rapidly deploy applications.[4]

Added value and advantages

The value of IaC can be broken down into three measurable categories: cost, speed, and risk.[citation needed] Cost reduction aims at helping not only the enterprise financially, but also in terms of people and effort, meaning that by removing the manual component, people are able to refocus their efforts towards other enterprise tasks.[citation needed] Infrastructure automation enables speed through faster execution when configuring your infrastructure and aims at providing visibility to help other teams across the enterprise work quickly and more efficiently. Automation removes the risk associated with human error, like manual misconfiguration; removing this can decrease downtime and increase reliability. These outcomes and attributes help the enterprise move towards implementing a culture of DevOps, the combined working of development and operations.[5]

Types of approaches

There are generally two approaches to IaC: declarative (functional) vs. imperative (procedural). The difference between the declarative and the imperative approach is essentially ‘what’ versus ‘how’ . The declarative approach focuses on what the eventual target configuration should be; the imperative focuses on how the infrastructure is to be changed to meet this.[6] The declarative approach defines the desired state and the system executes what needs to happen to achieve that desired state. Imperative defines specific commands that need to be executed in the appropriate order to end with the desired conclusion. [7]


There are two methods of IaC: push‘ and pull‘ . The main difference is the manner in which the servers are told how to be configured. In the pull method the server to be configured will pull its configuration from the controlling server. In the push method the controlling server pushes the configuration to the destination system.[8]


There are many tools that fulfill infrastructure automation capabilities and use IaC. Broadly speaking, any framework or tool that performs changes or configures infrastructure declaratively or imperatively based on a programmatic approach can be considered IaC.[9] Traditionally, server (lifecycle) automation and configuration management tools were used to accomplish IaC. Now enterprises are also using continuous configuration automation tools or stand-alone IaC frameworks, such as Microsoft’s PowerShell DSC[10] or AWS CloudFormation.[11]

Continuous configuration automation

All continuous configuration automation (CCA) tools can be thought of as an extension of traditional IaC frameworks. They leverage IaC to change, configure, and automate infrastructure, and they also provide visibility, efficiency and flexibility in how infrastructure is managed.[3] These additional attributes provide enterprise-level security and compliance.

Community content

See also: List of systems management systems and Comparison of open-source configuration management software

An important aspect when considering CCA tools, if they are open source, is the community content. As Gartner states, the value of CCA tools is “as dependent on user-community-contributed content and support as it is on the commercial maturity and performance of the automation tooling.”[3] Vendors like Puppet and Chef, those that have been around a significant amount of time, have created their own communities. Chef has Chef Community Repository and Puppet has PuppetForge.[12] Other vendors rely on adjacent communities and leverage other IaC frameworks such as PowerShell DSC.[10] New vendors are emerging that are not content driven, but model driven with the intelligence in the product to deliver content. These visual, object-oriented systems work well for developers, but they are especially useful to production oriented DevOps and operations constituents that value models versus scripting for content. As the field continues to develop and change, the community based content will become ever important to how IaC tools are used, unless they are model driven and object oriented.

Notable CCA tools include:

ToolReleased byMethodApproachWritten inComments
ChefChef (2009)PullDeclarative and imperativeRuby
OtterInedoPushDeclarative and imperativeWindows oriented
PuppetPuppet (2005)PullDeclarative and imperativeC++ & Clojure since 4.0, Ruby
SaltStackSaltStackPush and PullDeclarative and imperativePython
TerraformHashiCorp (2014)PushDeclarativeGo
Ansible / Ansible TowerRed Hat (2012)PushDeclarative and imperativePython

Other tools include AWS CloudFormationcdistStackStormJuju, and Pulumi.

Relationship to DevOps

IaC can be a key attribute of enabling best practices in DevOps – Developers become more involved in defining configuration and Ops teams get involved earlier in the development process.[13] Tools that utilize IaC bring visibility to the state and configuration of servers and ultimately provide the visibility to users within the enterprise, aiming to bring teams together to maximize their efforts.[14] Automation in general aims to take the confusion and error-prone aspect of manual processes and make it more efficient, and productive. Allowing for better software and applications to be created with flexibility, less downtime, and an overall cost effective way for the company. IaC is intended to reduce the complexity that kills efficiency out of manual configuration. Automation and collaboration are considered central points in DevOps; Infrastructure automation tools are often included as components of a DevOps toolchain.[15]

Relationship to security

The 2020 Cloud Threat Report released by Unit 42 (the threat intelligence unit of cybersecurity provider Palo Alto Networks) identified around 200,000 potential vulnerabilities in infrastructure as code templates.[16]

See also


  1. ^ Wittig, Andreas; Wittig, Michael (2016). Amazon Web Services in Action. Manning Press. p. 93. ISBN 978-1-61729-288-0.
  2. ^ Bower, Joseph L.; Christensen, Clayton M. “Disruptive Technologies: Catching the Wave”. Harvard Business Review.
  3. a b c Fletcher, Colin; Cosgrove, Terrence (26 August 2015). Innovation Insight for Continuous Configuration Automation ToolsGartner (Report).
  4. ^ Riley, Chris (12 November 2015). “Version Your Infrastructure”
  5. ^ Phillips, Andrew (14 May 2015). “Moving from Infrastructure Automation to True DevOps”
  6. ^ “Declarative v. Imperative Models for Configuration Management: Which Is Really Better?” Retrieved 14 December 2015.
  7. ^ Loschwitz, Martin (14 November 2014). “Choosing between the leading open source configuration managers”Admin Network & Security. Lawrence, KS USA: Linux New Media USA LLC.
  8. ^ Venezia, Paul (21 November 2013). “Puppet vs. Chef vs. Ansible vs. Salt” Network World. Retrieved 14 December 2015.
  9. ^ Garner Market Trends: DevOps – Not a Market, but Tool-Centric Philosophy That supports a Continuous Delivery Value Chain (Report). Gartner. 18 February 2015.
  10. a b Chaganti, Ravikanth (5 January 2016). “DevOps, Infrastructure as Code, and PowerShell DSC: The Introduction”PowerShell Magazine. PowerShell Magazine. Retrieved 11 January 2016.
  11. ^
  12. ^ Sturgeon, Phil (28 October 2012). “Puppet or Chef?”.
  13. ^ Ramos, Martin (4 November 2015). “Continuous Integration: Infrastructure as Code in DevOps” Archived from the original on 6 February 2016. Retrieved 29 January 2016.
  14. ^ Infrastructure As Code: Fueling the Fire for Faster Application Delivery (Report). Forrester. March 2015.
  15. ^ Wurster, Laurie F.; Colville, Ronni J.; Height, Cameron; Tripathi, Somendra; Rastogi, Aditi. Emerging Technology Analysis: DevOps a Culture Shift, Not a Technology (Report). Gartner.
  16. ^ “Cloud Threat Report Shows Need for Consistent DevSecOps”InformationWeek. Retrieved 24 February 2020.


Fair Use Sources:

AWS Azure Cloud DevOps DevSecOps-Security-Privacy GCP History Kubernetes Linux Networking Operating Systems PowerShell Python Software Engineering Windows Server

SCM Software Configuration Management – S/W CM

See also: Configuration management (CM)

Not to be confused with Version Control System.

In software engineeringsoftware configuration management (SCM or S/W CM) is the task of tracking and controlling changes in the software, part of the larger cross-disciplinary field of configuration management.[1] SCM practices include revision control and the establishment of baselines. If something goes wrong, SCM can determine what was changed and who changed it. If a configuration is working well, SCM can determine how to replicate it across many hosts.

The acronym “SCM” is also expanded as source configuration management process and software change and configuration management.[2] However, “configuration” is generally understood to cover changes typically made by a system administrator.


The goals of SCM are generally:[citation needed]

  • Configuration identification – Identifying configurations, configuration items and baselines.
  • Configuration control – Implementing a controlled change process. This is usually achieved by setting up a change control board whose primary function is to approve or reject all change requests that are sent against any baseline.
  • Configuration status accounting – Recording and reporting all the necessary information on the status of the development process.
  • Configuration auditing – Ensuring that configurations contain all their intended parts and are sound with respect to their specifying documents, including requirements, architectural specifications and user manuals.
  • Build management – Managing the process and tools used for builds.
  • Process management – Ensuring adherence to the organization’s development process.
  • Environment management – Managing the software and hardware that host the system.
  • Teamwork – Facilitate team interactions related to the process.
  • Defect tracking – Making sure every defect has traceability back to the source.

With the introduction of cloud computing the purposes of SCM tools have become merged in some cases. The SCM tools themselves have become virtual appliances that can be instantiated as virtual machines and saved with state and version. The tools can model and manage cloud-based virtual resources, including virtual appliances, storage units, and software bundles. The roles and responsibilities of the actors have become merged as well with developers now being able to dynamically instantiate virtual servers and related resources.[3]


The history of software configuration management (SCM) in computing can be traced back as early as the 1950s, when CM (for Configuration Management), originally for hardware development and production control, was being applied to software development. Early software had a physical footprint, such as cardstapes, and other media. The first software configuration management was a manual operation. With the advances in language and complexity, software engineering, involving configuration management and other methods, became a major concern due to issues like schedule, budget, and quality. Practical lessons, over the years, had led to the definition, and establishment, of procedures and tools. Eventually, the tools became systems to manage software changes.[4] Industry-wide practices were offered as solutions, either in an open or proprietary manner (such as Revision Control System). With the growing use of computers, systems emerged that handled a broader scope, including requirements management, design alternatives, quality control, and more; later tools followed the guidelines of organizations, such as the Capability Maturity Model of the Software Engineering Institute.

See also


  1. ^ Roger S. Pressman (2009). Software Engineering: A Practitioner’s Approach (7th International ed.). New York: McGraw-Hill.
  2. ^ Gartner and Forrester Research
  3. ^ Amies, A; Peddle S; Pan T M; Zou P X (June 5, 2012). “Develop cloud applications with Rational tools”IBM DeveloperWorks. IBM.
  4. ^ “1988 “A Guide to Understanding Configuration Management in Trusted Systems” National Computer Security System (via Google)

Further reading

  • 828-2012 IEEE Standard for Configuration Management in Systems and Software Engineering. 2012. doi:10.1109/IEEESTD.2012.6170935ISBN 978-0-7381-7232-3.
  • Aiello, R. (2010). Configuration Management Best Practices: Practical Methods that Work in the Real World (1st ed.). Addison-Wesley. ISBN 0-321-68586-5.
  • Babich, W.A. (1986). Software Configuration Management, Coordination for Team Productivity. 1st edition. Boston: Addison-Wesley
  • Berczuk, Appleton; (2003). Software Configuration Management Patterns: Effective TeamWork, Practical Integration (1st ed.). Addison-Wesley. ISBN 0-201-74117-2.
  • Bersoff, E.H. (1997). Elements of Software Configuration Management. IEEE Computer Society Press, Los Alamitos, CA, 1-32
  • Dennis, A., Wixom, B.H. & Tegarden, D. (2002). System Analysis & Design: An Object-Oriented Approach with UML. Hoboken, New York: John Wiley & Sons, Inc.
  • Department of Defense, USA (2001). Military Handbook: Configuration management guidance (rev. A) (MIL-HDBK-61A). Retrieved January 5, 2010, from
  • Futrell, R.T. et al. (2002). Quality Software Project Management. 1st edition. Prentice-Hall.
  • International Organization for Standardization (2003). ISO 10007: Quality management systems – Guidelines for configuration management.
  • Saeki M. (2003). Embedding Metrics into Information Systems Development Methods: An Application of Method Engineering Technique. CAiSE 2003, 374–389.
  • Scott, J.A. & Nisse, D. (2001). Software configuration management. In: Guide to Software Engineering Body of Knowledge. Retrieved January 5, 2010, from
  • Paul M. Duvall, Steve Matyas, and Andrew Glover (2007). Continuous Integration: Improving Software Quality and Reducing Risk. (1st ed.). Addison-Wesley Professional. ISBN 0-321-33638-0.

External links

Fair Use Sources: