CFEngine does not only build systems, it maintains them over time, checking the system in real-time for compliance with your model of desired state. It runs on the smallest embedded devices, on servers, in the cloud, and on mainframes, easily handling tens of thousands of hosts.
CFEngine is available as both open source and commercial software. See the differences here and decide which is right for your organization.
How CFEngine works
CFEngine combines modeling and monitoring to bring actual state into compliance with Desired State. You describe Desired State using a declarative, model-based or knowledge-oriented approach.
- Define the Desired State of your infrastructure with a special knowledge-oriented language; or, use tools that help you design a Desired State from off-the-shelf resources.
- Simulate configuration changes before committing to them, then study the impact of changes using the knowledge-based inference engine.
- Confirm the decided Desired State for an automatic self-healing implementation. CFEngine then continuously corrects configuration drift, keeping systems in compliance with their Desired State.
- Collect reports on the differences between Actual and Desired States and changes or failures encountered while implementing the Desired State using a highly compressed data stream.
CFEngine is designed to scale cheaply and securely, with up to 5000 hosts per server-hub, so it will not break your hardware budget. It is written in lightweight C code, and has very few software dependencies, so its impact on host performance is negligible. The CFEngine security model is modeled on the Secure Shell, avoiding costly and complex web certificate management, and exposing fewer vulnerabilities to users.
Promising Desired State, avoid system drift
The CFEngine agent runs on each host, using the network opportunistically to avoid unnecessary traffic, and with a pull-based technology. While the Desired State can be implemented using the free open source community edition, CFEngine Enterprise edition reports back the Actual State and provides the tools to help organizations to better understand and optimize their IT infrastructure.
- Once a policy has been deployed, the CFEngine agent keeps all the discovered facts that inform policy locally and decisions about the policy can be made without needing to talk to a master server. This avoids unnecessary communication and enables CFEngine to continue working even if the network becomes unavailable, e.g. for mobile devices.
- After making changes to heal the Desired State, reports about these changes and the Actual State are available in the Enterprise edition for collection by hub machines. This is a highly efficient, low bandwidth process.
- Reports are fully accessible from hubs via REST APIs for integration with other IT systems.
- The collected data and reports forms a very efficient resource for controlling and reporting compliance with company and regulatory policies for the management of IT infrastructure.
A fully automated architecture
Reusable Infrastructure Patterns
In the CFEngine Design Center, we are growing a library of reusable data-driven methods for composing complex infrastructure. You can use these as examples for inspiration, or deploy them with our tools "as is" to build infrastructure, thus allowing you to separate the design of the infrastructure by high level system administrators from the practical deployment by more junior operators.
Once defined, you can reuse these infrastructure patterns across physical, virtual, and cloud environments, mainframes and embedded or mobile systems, running multiple operating systems.
CFEngine is used worldwide to manage millions of servers of companies of every size and in every industry. Learn more about how CFEngine Enterprise can help you improve uptime, increase performance and reduce costs of your IT infrastructure.