Apr 09, 2021 Navpreet Kundal

Part 2: A comparison of Configuration Management tools’ delivery of custom scripts

Managing an estate of devices on the network has always been a challenge to infrastructure administrators. In today’s world, we deal with real threats from bad actors, a multitude of everchanging devices, and complex remote work scenarios driven by Covid-19. Are the traditional tools like Microsoft’s Group Policy, Endpoint Manager, and PowerShell enough to manage a modern workforce?
Part-2-A-comparison-of-Configuration-Management-tools-delivery-of-custom-scripts 2x

This is the second in a series of blogs based on TriCon Elite Consulting’s recent review of the following Configuration Management tools:

  1. Group Policy
  2. PowerShell DSC/Azure Automation
  3. Endpoint Management Compliance MGR
  4. 1E Tachyon Guaranteed State

Last week we explored TriCon Elite’s analysis of these vendors’ policy engines. This week we will consider these Configuration Management tools’ delivery of custom scripts and their effectiveness relating to:

  • Ease of Use
  • Scalability
  • Reporting
  • Community Support
  • Cross-Platform Support

Ease of Use

The first use case that TriCon considered in this category was ‘Ease of Use’ when incorporating existing scripts. They evaluated the user interface and the amount of customized tooling required to push these scripts out, finding that the solutions that require knowledge of scripting environments were less easy to use.

TriCon’s verdict: With Group Policy, it’s easy to deploy scripts using the Group Policy Management Console and MEM-CM also gives a decent interface (but is complicated because of additional deployment considerations). Both PowerShell DSC and Tachyon Guaranteed State scored lower because you need to know the scripting environments to deploy the scripts.

Scalability

Next to be compared was the ‘Scalability’ of the solution. How hard it would be to deploy this custom script to hundreds of locations over limited or constrained networks.? How long would it take for the script to be replicated so that targets could execute it via the defined execution sets?

TriCon’s verdict: The overall scalability is in the hundreds of thousands inside of a MEM-CM infrastructure or Tachyon. As such, both platforms we were given a 5 out of 5. Comparatively, the other solutions did not fare well, proving to be untimely (as in the case of Group Policy) or capped at a maximum of 3500 per server, even if upgraded to a SQL Server engine (as in the case of PowerShell DSC).

Reporting

To quote directly from the e-book, ‘when deploying scripts in an enterprise, it isn’t good enough to take the spaghetti against the wall approach. “Throw it and see what sticks” isn’t good enough.’ The reason for this is that you don’t just need to be able to push the configuration, you need to be able to report on it and prove compliance too. This is particularly relevant in today’s Work From Anywhere environment, where endpoint security and compliance are a big concern for most CISO’s.

TriCon’s verdict: Tachyon Guaranteed State’s reporting engine itself is quite robust, with nearly instant reporting back to the console. It scored low because of its lack of customizability and next to no export options. TriCon notes, however, that with 1E committed to Tachyon Guaranteed State’s development, it won’t take long for this rating to improve.

Community Support

The fourth criteria of TriCon’s evaluation was that of the ‘Community Support’ available for each solution. In cases such as Group Policy and MEM-CM, a history spanning more than 20 years serves them well for product communities and support. However, the report finds that each solution brings with it useful resources, interfacing opportunities, dedicated conferences, and blog posts for example.

TriCon’s verdict: PowerShell has the most significant amount of community support available. However, it is noted that Tachyon Guaranteed State has a dedicated community portal with an extreme focus from the product team to engage with the end-users. The report references the Tachyon Exchange site that allows users to interface with support and put in new requests for solutions-driven directly by the product team.

Cross-Platform Support

Finally, the report considers Cross-Platform Support. Does the solution support PowerShell, VB Scripting, Bash, Pearl, and others? Can it be deployed to more than just the typical Windows Subsystem? Not offering Cross-Platform support out of the box, or only supporting one operating system (such as mac OS-X) is a competitive disadvantage when compared to solutions whose codebase is supported on all operating systems, giving the better overall supportability.

TriCon’s verdict: Tachyon Guaranteed State was the clear winner here as it supports not only Windows but also Linux, Mac OS-X, and Android-based devices. Its SCALE codebase is supported on all operating systems and gives the best overall supportability.

How Tachyon Guaranteed State ranked in the Custom Scripts category

Custom-Script

Based on their evaluation, TriCon determined that the strongest contender in the Custom Scripts category was Tachyon Guaranteed State. This is due to its scalability and cross platform support.


You can read the full comparison report and learn how the vendors stack up for other evaluation criteria, here.