1. Technical Field
The present invention relates to a system and method that polices authorized configurations by end points. More particularly, the present invention relates to a system and method where end points, such as computer systems, receive authorized configurations and changes to the end points are allowed or rejected based on a comparison with the authorized configuration.
2. Description of the Related Art
Configuration management is a very important problem in many disciplines including software development, data centers, aircraft designs, process control systems etc. Among configuration management, managing server configurations in data centers is an increasingly important and complex task. Information Technology Infrastructure Library (ITIL) is an integrated set of best-practice recommendations with common definitions and terminology. ITIL best practices advocates having a configuration management database (CMDB) and a rigorous change process to control the changes to Configuration Items (“Cis”). Configuration Items are generally records in the CMDB database as well as the actual entities (e.g., servers) that correspond to the Configuration Items. A configuration management database (CMDB) is a repository of information related to the components of an information system. Although repositories similar to CMDBs have been used by IT departments for many years, the term CMDB stems from ITIL. In the ITIL context, a CMDB represents the authorized configuration of the significant components of the IT environment. A CMDB helps an organization understand the relationships between these components and track their configuration. The CMDB is a fundamental component of the ITIL framework's Configuration Management process.
The CMDB is used to store both authorized configurations of the entities (systems) being managed by the organization as well as the actual configurations of such entities. One way that actual configurations are gathered and stored in the CMDB is through a process of “discovery.” During discovery, the systems send actual configuration data back to a configuration management server that includes the actual configuration data in the CMDB. An “audit” process is performed on the CMDB to reveal discrepancies between the authorized configurations and the actual configurations. A process of “remediation” is then performed to address such discrepancies. Despite the usefulness of CMDB to manage an organization's computing entities, the current state of the art faces particular challenges.
One challenge of using current CMDB technologies is that it does not prevent an unauthorized change from being made to one or more entities being managed by the organization. Currently, unauthorized changes are addressed by the audit and remediation processes outlined above. However, unauthorized changes can result in various problems including failure of various applications being run by the organization's entities. When unauthorized changes cause such problems, the audit and remediation processes are used to identify and address the problems. However, the audit and remediation processes consume valuable time and resources and may result in a mission-critical application being unavailable, or failing, for an extended period of time.