Networking

10 reasons to avoid one-off configurations

Special or unique systems, networks, or processes can service a need in a pinch, but in the long run they can be detrimental. Learn why you must avoid "snowflake" configurations.

Years ago I worked in an environment consisting of a standard set of Windows desktops and applications with a typical array of settings and controls. A new user requested a Mac, not being a fan of Windows products. Her manager persuaded us to set up a pilot program with the Mac to fulfill the user's needs, and this entailed a separate network, additional software, the necessity of complying with various Apple-related security standards, and so forth. The experiment turned out to be a needless investment in hardware, software, and time after the user ended up being terminated for performance reasons.

It was a valuable experiment in another regard, however. It reinforced the fact that the value of system standardization and predictable environments can't be overstated. Keeping things as routine as possible to eliminate undue complexity will streamline operations and make your job easier.

Even though a unique or one-off item or configuration on a system or network (such as a temporary configuration change, deactivating a standard feature/enabling a non-standard feature, setting up a Group Policy exception, or some other alternative setting) might seem an appealing short-term fix when you just want to get to the next problem, this should be avoided where possible because it can lead to all sorts of long-term headaches.

Here is a list of 10 such difficulties that snowflake configurations can entail.

1. Adds unnecessary complexity

As previously emphasized, simplify, simplify, simplify. Use the same servers, workstations, switches, routers, and other hardware across the board.

Do the same with operating systems and applications as well as their corresponding settings, which should be managed and maintained via a centralized mechanism. Microsoft's System Center Configuration Manager, Puppet, Chef, and Ansible are all examples of configuration management software that can ensure your systems operate in a consistent and predictable fashion.

One-off configurations involve undue complexity, which endangers the consistency and stability provided by such tools. It can sometimes be difficult to exclude a particular system from the baseline operating mechanisms they enforce, which is the way it should be.

In the case of the user's Mac, it wasn't necessarily more complex than Windows, but adding it to the mix of workstations increased the overall complexity since we then had multiple operating systems to maintain and support.

2. Increases administrative difficulty

Daily system administrative tasks are difficult enough without having to factor in unique systems or settings/exceptions that make it harder to keep the environment running.

For instance, even though the Mac user I referenced above swore she would handle her own tech support, we often found ourselves trying to figure out why she couldn't print, why Outlook for Mac wasn't downloading mail, what this or that strange error message was, and so forth. While this might not seem like a big deal (and certainly Windows systems are prone to similar problems) it placed undue strain upon our workload.

SEE: IT Hiring Kit: Support Professional (Tech Pro Research)

3. Distracts from other priorities

Not every snowflake configuration or arrangement will be so time-consuming that you can't meet your daily duties, but the overhead involved with setting it up, supporting it, or just trying to troubleshoot unexpected results can nevertheless be cumbersome.

In the case of the solo Mac, I mentioned we had to invest extra time helping to keep it running. We also invested time researching the model we needed to buy, then procuring it, and configuring it by hand since we couldn't deploy our standard Windows operating system image to it (obviously). We also had to figure out how to enact the same individual settings our Group Policy Objects automatically applied for Windows clients. The result was time lost fixing other, more critical issues.

4. Entails additional expense

Buying unique equipment can be more costly than the standard system the company routinely deploys (especially in the case of a Mac vs. Windows machine). However, the time invested also entails an expense since IT labor isn't free (fortunately for those of us who work in the field).

5. Leads to more security risks

Simply put, the more variety you have in your IT realm, the greater the chance of vulnerabilities that can be exploited or that require patching/remediation. This is why you should minimize the disparate operating systems, applications, services, and features. For instance, don't run an Apache web server on a system that doesn't need it. Don't set up file shares on a server that shouldn't have them (e.g., a public-facing system).

In the case of the lone Mac in my company, we had to patch Apple vulnerabilities as well as those related to certain Mac apps like Outlook. Worse, we had no centralized mechanism to do so since our patching environment was entirely Windows-based.

SEE: IT pro's guide to saving time with PowerShell (free TechRepublic PDF)

6. Creates the "pothole" effect

Since details involving one-off elements or configurations are rarely shared among staff they can lead to unpleasant surprises if multiple individuals are responsible for administering an environment (or a lone sysadmin has a poor memory).

For instance, let's say someone disables the Puppet configuration management client on a Linux server because they want to test a specific setting and not have it overwritten by Puppet. Then someone else comes along to work on that box and gets thrown off by the fact that setting is different. Worse, they might re-enable the Puppet client, which could then wipe out the change made or enact other undesirable changes that can cause further problems.

This can be avoided with one would-be simple remedy...

7. Requires additional documentation

Anything in a technological environment should be documented, of course, with details involving the device, operating system, IP/MAC address, functionality, settings, etc. That will help prevent the pothole effect outlined in the previous item.

But that also contributes to #4 by taking up more of your time keeping this snowflake arrangement documented. And if/when the one-off configuration goes away, you have to mark it as such to keep your documentation valid and accurate.

And it's not just documentation that needs revision...

8. Leaves clutter/litter behind

Unique systems can involve IP addresses, DNS entries, Active Directory objects, and perhaps even separate network subnets or configuration management details. One-off settings might involve files with items commented out or otherwise changed from their default configuration. When the item or setting is retired there is invariably some kind of debris left over that requires additional overhead to address.

In the case of the solitary Mac in my organization, it was set up on a dedicated subnet that stuck around for years after the user's departure, and our network engineers hired after her exit had no idea what it was for.

And then there are a couple of human-related factors that argue against one-off setups...

9. Reeks of favoritism

I can't tell you how many times coworkers exclaimed to me, "Why does SHE get a Mac?" when they beheld the fancy new machine assigned to the new hire I discussed previously. Users who had worked there for years without making demands acted like I had forgotten to send them a Christmas card and no amount of explaining that "If this experiment is successful we'll consider offering Apple systems to other users" helped. Resentment for the new hire was palpable, but some of it was directed our way as well.

10. Provides a sense of entitlement

Last but not least, our special user was oblivious to the resentment directed her way by our colleagues since she felt she had gamed the system to get what she wanted. When I said the user wasn't a fan of Windows products, what I meant was she adamantly refused to use anything from Microsoft (although Outlook for Mac was the only viable option for email so she wound up using a Microsoft product anyhow). This mindset wasn't because she could only do her job with Apple products; it was simply her own personal preferences.

That's all well and good, but personal choices don't play well in a corporate environment where other people have to assume responsibility for those choices. The sense of entitlement the user displayed didn't bother me so much as her indifference to the additional cost, risk, and overhead that her choice of a personal computer entailed.

In the end, my organization was able to recoup some of the financial investment associated with this endeavor by auctioning off the Mac system once the user departed, which was a positive conclusion to the experiment.

Also read...

Your thoughts

Have you ever found yourself supporting an assortment of one-off configurations? Were you able to standardize systems and simplify your work? Share your experiences and advice with fellow TechRepublic members.

petrstranskyistock-487819826.jpg

Image: iStock/PetrStransky

About Scott Matteson

Scott Matteson is a senior systems administrator and freelance technical writer who also performs consulting work for small organizations. He resides in the Greater Boston area with his wife and three children.

Editor's Picks

Free Newsletters, In your Inbox