Configuration drift – the bane of an IT Manager’s life. The phenomenon where, over time, the configuration of a Production environment drifts from either best practices or from its Disaster Recovery counterpart. Configuration drift is very difficult to prevent even with the most rigorous of change control processes and we have come to accept that there is not much that can be done to prevent this.
Here are 5 frightening facts:
1. Organizations seldom know if their core infrastructure (servers, storage, operating systems, virtual machines, clusters and databases) is configured in accordance with best practice. Whilst best practices do not always suit every environment, deciding to be configured differently should be a conscious decision. However attempting to check an environment manually against best practice documents (some of which are over 500 pages long) is actually not possible and therefore seldom if ever occurs.
2.It is very difficult to maintain consistency between production and DR configuration even with the onset of virtualization and the best of change control policies. In fact, companies spend days/weeks preparing for DR testing…why would they do that if they were certain it would work? Kind of like cleaning the house before the cleaner arrives!
3.Over 75% of businesses have DR compliance obligations yet only 33% of them test DR plans more than once a year thus risking their DR plans to become outdated and further “configuration drift” between production and DR.
4. 48% of organizations say it takes too much time and effort to arrange and execute DR tests (Source: Macquarie Telecom – Disaster Recovery Directions Oct. 13)
5. Less than 50% of organizations believe they can meet their Recovery Time and Point Objectives (RTO and RPO).
Wouldn’t it be great if configurations didn’t change? When troubleshooting a difficult IT issue we always start with “what has changed”. If nothing were to ever change in the configuration of IT infrastructure then little would break, right? What a fantastic way to mitigate the risks that come with change – don’t make any? Realistic?
