History of Combating Divergence
In the 1990s workstations were expensive, around $90,000 in today’s dollars, so thin clients (diskless workstations) that used netboot were popular and cut costs. The added bonus from this only one central computer needed to be maintained and configured.
When workstations came down in price, thin computing was less popular. Management of configurations starting becoming important, especially account management. Maintaining consistent accounts across workstations was expensive — 100 users on 100 workstations are 10,000 configurations. This gave rise to login services like NIS, LDAP, or RADIUS. Now if you wanted to use the same credentials across different services, let’s say four, costs are more prohibitive as well, e.g. 100 users for 4 services are 400 configurations, so SSO (single-sign-on) solutions, often involving Kerberos, were all the rave back then.
Early efforts to manage the consistent configuration across systems came in the form of golden master image, where ops maintains a library of images with latest patches, packages, and configurations. But this system is inflexible, which creates headaches managing image libraries for different configurations and versions.
Early stage provisioners like Kickstart or Debian Preseed allowed some flexibility to tailor systems with a simple script, e.g. configurations for developer, email, web systems. In this method netboot is used and the client using PXE boot process installs the operating system. This method can be combined with golden image pattern to automate configuration on an image itself.
Today you can see golden image pattern used for IaaS platforms like AWS, Google Cloud or Azure, local virtualization solutions like Xen, KVM, QEMU, VMWare, Virtualbox, and with tools like HashiCorp Packer.
Divergence: Preferred Choice
This is crazy, yeah, I know, but today, many organizations still practice divergence method, especially when using IaaS solutions like AWS, Google Cloud, or Azure. They start creating resources using the graphical web interface. As the organization grows, it becomes hard to track what was created and why it was created. Costs can get out of control, as well as security, such as controlling access to the infrastructure.
For this reason, it is vital to practice IaC (Infrastructure As Code), where the IT infrastructure is managed through code, rather than using a manual process. The two most popular tools that can manage this are Ansible and Terraform.
- 2002 USENIX paper: Why Order Matters: Turing Equivalence in Automated Systems Administration.
- Divergent, Convergent, and Congruent Infrastructures
By Paul Guth