Frequently Asked Questions

A few words to our open community


Why was CFEngine created?

CFEngine was created to divide labour sensibly between humans (who are good at decision making and poor at implementation) and machines (which bring consistency of implementation). In the early 1990s there was no platform independent interface for system administrators to express desired state. CFEngine brought the idea of a declarative language for this, with consistent and concealed implementation details. Ultimately CFEngine was introduced to transmute disorganized manual human labour into knowledge-oriented automation.


Why Free/Open Source software?

CFEngine is carefully guided by an open evaluation process and state-of-the-art research by experts across the world. This openness promotes quality assurance, and provides transparency to users. CFEngine maintains its technological lead because of a commitment to research and genuine innovation. Its broad base of the best system administrators keeps us up to date with users' needs. CFEngine has a vastly larger install-base than any other tool, reaching of computers. Maintaining safe software for this number of computers is a huge responsibility, and great care has been taken to ensure safety and reliability.

CFEngine is community 'driven' in the sense that we listen carefully to users' wishes and then implement our best solution. We do not accept ad hoc suggestions without a careful process of evaluation however, just as you would not expect an aircraft to be built by a community of free-thinkers, without careful vetting.


What is the difference between CFEngine 2 and CFEngine 3?

CFEngine 2 was the final stage of the research implementation of CFEngine. Although it is still in use on hundreds of thousands of satisfied users' machines today, it has fundamental limitations. CFEngine 3 was introduced to address all of the known problems with CFEngine 2 in a completely new, lightweight infrastructure. CFEngine 3 is more efficient, more flexible and more consistent than CFEngine 2. Users who have changed agree that CFEngine 3 was a major step forward.


After 20 years, isn't CFEngine outdated?

Even almost 20 years after its inception, CFEngine still leads the technology race for automated system administration, because it is based on sound scientific principles and has been tailored for large and complex systems. No other software addresses complex business challenges like CFEngine can.


There are now commercial versions of CFEngine - why?

Many organizations can only use CFEngine officially if there is an enterprise-class organization standing behind it and offering the kind of expert development and support that only the originators can provide. This commercial backing guarantees CFEngine's expansion and support for a long-term future, and will allow us to continue to contribute to the community. The core of CFEngine is and will remain licensed under the GPL. As a product, CFEngine has benefitted greatly from the open community of testers and users, and the company is dedicated to continuing this tradition.

For the past eighteen years, CFEngine has been the premier, cutting edge Open Source automation and configuration management suite. With the advent of CFEngine Inc., a company dedicated to offering commercial solutions to CFEngine users, we can support our uncompromising approach to innovation, with a dedicated team of developers and consultants for a long-term future -- and with focused quality assurance.


What is the difference between CFEngine Community and the commercial CFEngine Enterprise software?

The core of CFEngine technology is provided in the Free, Open Source Community edition. All system configuration changes are possible with the Community edition, if you put in the work. However, this can be a complex task.

A commercial Enterprise subscription adds additional features to help enterprises with knowledge overview and productivity enhancements, such as one-touch installation, monitoring, reporting and support. Enhanced productivity will allow users to adapt quickly to changing business needs. CFEngine Enterprise brings automated knowledge management for a state of the art overview of IT resources. A CFEngine Enterprise subscription could save an enterprise hundred of hours in configuration and knowledge management setup, and they have an ambitious road-map for future development.

Licensed edition of CFEngine are tailored to the needs of organizations of all sizes who value knowledge, control and predictability. The Community Edition is used all over the world and serves the important role of road-testing the core technology in a broad milieu with a free and frank exchange of ideas.

Users of CFEngine Enterprise and Community alike can 'roll their own' solution top to bottom, but CFEngine Enterprise offers simple and enhanced productivity workflows, that are up-and-running quickly and easily.


Does commercial mean that the Free version will not be developed or supported in the future?

Not at all. CFEngine is commercializing precisely to expand and support its long term future, without sacrificing vision and quality assurance. The Community Edition is the core of the software, so the commercial future of the company depends on its future development. The CFEngine core is GPL3. It has benefitted from an open community of testers and users and the company is committed to continuing this.


How does CFEngine compare to other Open Source or Commercial tools?

CFEngine 3 is not only brand new but uses the very latest self-healing technology. CFEngine maintains its technological lead because of a commitment to research and genuine innovation. Its broad base of the best system administrators keeps us up to date with users' needs. In general, CFEngine is lighter on resources, had greater functionality and fewer dependencies than other tools. It is pull and not push based.


Is Puppet the Next Generation CFEngine?

No. Although somewhat inspired by CFEngine, Puppet has taken a different approach to the problem, attempting to improve the ease of getting started for small networks where machines are mostly all identical. CFEngine 3 goes far beyond Puppet in its capabilities for both system modelling and system repair, while at the same time being a tenth of the size and up to 40 times more efficient (according to sources). Puppet is completely reliant on the network for operations, whereas CFEngine is fault tolerant and opportunistic with network resources.


Why do you ask contributors to sign a contributor's statement?

For commercialization to work, we must not spend time on ownership issues. Dealing with a large number of copyright holders is an unmanageable legal challenge which would quickly choke CFEngine's ability to operate commercially. So, if users should wish to make non-trivial contributions to the code at any time in the future, we need them to grant us all rights to use those contributions in our business model. This is to the advantage of the contribitor as well, as it will make it easier for us to integrate their changes into future development. Patches to existing code do not have sufficient originality to warrant copyright ownership and thus present no problem.


Why does CFEngine use /var/cfengine instead of following the FHS?

CFEngine does indeed follow the FHS standard during installation. The only confusion arises about CFEngine's private workspace, which is mainly a fault tolerance strategy.

The Unix Filesystem Hierarchy Standard is a specification for standardizing where files and directories get installed on a Unix-like system. When you install CFEngine from source, it places all files in their expected locations. In addition, you may choose to follow this standard in locating your master configuration and work areas.

CFEngine was introduced at about the same time as the FHS standard and has always used a single directory under /var/cfengine for caching important files and data. This agrees with the intention of the FHS as described in section 5.1 of the FHS-2.3. The location of this workspace is configurable, but the default is determined by backward compatability. In other words, particular distributions may choose to use a different location, and some do.

The FHS is an essentially a documentation of prior ad hoc practice, and none of its categories truly fit CFEngine's needs, so we have chosen to keep /var/cfengine as a special case, just like /var/mail or /var/spool/mail, /var/www, etc. Different Linux distros have interpreted the FHS differently, so ad-hocness persists.


Why doesn't CFEngine use HTTPS as a transport protocol?

CFEngine uses its own lightweight network protocol that is simple and has a good security record. HTTPS was designed for a different purpose and requires a more heavyweight server to run it. HTTPS has been vulnerable to a number of attacks that have not affected the CFEngine transport layer. The CFEngine protocol has been analysed by security experts on several occasions, and is easily made FIPS 140-2 compliant.


Will CFEngine work in my environment?

CFEngine runs natively on all common platforms, including Linux, Unix, Macintosh and Windows. It also has support for virtualization platforms. CFEngine is supported by a community of expert and novice users, and a commercial enterprise. CFEngine can play a major role in solving almost any system administration issue, with hands-free automation (see our Documentation for more examples) and we are constantly working to made automation simpler, without over-simplifying.