two silver metal arms with grabbers facing each other

Automation: what's the difference between management and orchestration?

Automation Published on 5 mins Last updated

Automation tools are designed to make our lives easier — reducing the number of errors associated with manual tasks, allowing for the creation of more efficient, cost-effective, flexible software and applications. But what exactly do we mean by 'automation'? And which tools work best for each scenario?

The language of automation

Rather than the manual repetition of a series of tasks, automation of prescribed activities saves time, reduces the potential for errors, and frees IT teams up to embark on new innovations. But the structured language used to achieve this can vary greatly, regardless of the automation category it falls into (think JSON, PHP, Python, YAML etc).

So before we get into the nitty-gritty though, it's worth remembering that some of the associated automation tools will therefore typically lend themselves to line-by-line and single component modification, while others will be much more useful when trying to build entire applications from scratch. Hence, as per usual, the right tool will depend on your individual use case.

What is configuration management?

Configuration management is a way of configuring servers so activities such as application and system updates, opening ports, or stopping and starting services automatically. This keeps infrastructure and servers secure, available and up to date. For example, nightly backups might be automated using command line scripts. The bottom line? Management ensures stability.

What is configuration orchestration?

Orchestration is the automation of processes. In other words, determining the order in which certain tasks need to take place. For example, prescribing how an application should move from provisioning to deployment. The bottom line? Orchestration facilitates agility.

Why do we care? It's just semantics, right?

Well, yes and no...It's important to distinguish between management and orchestration from the outset so you can work out what tool you might need. Some are also more complicated than others and require different skills sets.

Management automation tools

Configuration management tools are great for managing different environments (or different versions of the same environment), ensuring systems are maintained in a consistent, specified state, or conducting tasks within a single organization.

Let's take Puppet as an example...

Puppet relies on a client-server architecture for its deployment and is predominantly used for configuration management and software deployment for servers. It is highly scalable, and relies on manifests for client configuration. There is however a higher learner curve when starting out with Puppet (which is written in Ruby). An example Puppet manifest might look like this:

# node configuration
node '' { 

  service {
	ensure => running

  file { '/etc/haproxy':
   ensure => 'directory',
   owner => 'root',
   group => 'apache',
   mode => '0755',

This example, simply checks that HAProxy is running, and that the /etc/haproxy directory exists, with correct ownership and read/write properties on the client node,

Another Puppet example might be:

# deploy updates to haproxy allowed_list.lst to all Loadbalancers
file { '/etc/haproxy/allowed_list.lst'
 ensure => 'present',
 content => "",
    owner => 'root',
   group => 'apache',
   mode => '0755'

This example will set the contents of a file that is referenced by an ACL defined within the HAProxy configuration, adding a single IP address to the file allowed_list.lst within the /etc/haproxy/ directory. This would be particularly useful if you have a large pool of servers that you wish to distribute file lists to, like the example above.

A similar tool is Chef...

Both Chef and Puppet perform very similar roles in terms of configuration management, utilizing the same server-client model. However, instead of manifests or playbooks, Chef uses a repository with cookbook recipes for its orchestration and deployment management. Both Chef and Puppet rely on their own style of scripting to prescribe actions, which look something like this:

# deploy updates to haproxy allowed_list.lst to all Loadbalancers
file 'etc/haproxy/allowed_list.lst' do
 content ''

Like Puppet, this is a variation of the example listed above, with a file distributed to a targeted list of servers where this file (for example) referenced by an ACL rule defined within the HAProxy configuration.

Orchestration automation tools

Configuration orchestration tools on the other hand are great for automating multiple tasks on multiple platforms, as well as service process automation such as event triage, service request fulfilment, or ticket synchronization.

Let's take Ansible as an example...

Ansible is classed as an automation and orchestration tool. It relies on SSH to connect and automate common tasks, without the need for an agent or client installation to work. It is also written in Python, making it a popular tool for automation. Due to it's reliance on SSH, it also makes it a very secure automation tool.

All tasks are orchestrated from a single point that is the Ansible server, where Playbooks (from which the tasks are stored) are then executed, using a very simple YAML file format. A simple example of a playbook might look like this:

# code: language=ansible
# file: deploy_public_key.ansible.yml
- name: ssh public_key upload playbook
  hosts: lb1

      ssh_user: root
      ssh_key: "/home/root/.ssh/"
      inventory_hostname: myhostname
      wui_https_port: 9443
      vault_wui_user: loadbalancer
      vault_wui_password: lbpassword


    - name: upload the ssh key of localhost
        url: "https://{{ server_ip }}:{{ wui_https_port
        method: "POST"
        force_basic_auth: yes
        return_content: yes
        user: "{{ vault_wui_user }}"
        password: "{{ vault_wui_password }}"

        validate_certs: no
        body_format: "form-multipart"
          action: "upload_pub_user"
          hostname: "{{ inventory_hostname }}"
          username: "{{ ssh_user }}"
            content: "{{ lookup('file', '/home/root/.ssh/') 
            mime_type: text/plain
        status_code: 200
      register: result
      loop: "{{ groups['all']}}"

    - name: Print return information from the previous task
        var: result
        verbosity: 2
      loop: "{{ groups['all']}}"

The above Playbook simply takes the local public key and uploads it into the targeted Loadbalancer appliance. Of course, this is a very simplified example of how you can automate and orchestrate deployments of files, and also configuration updates.

Ansible is the easiest of all three automation and orchestration tools to work with, as well as being the only one of the three example tools described here which does not require an agent/client code to be deployed to any of it's targeted clients.

Is one form of automation better than another?

The short answer is 'no'. You need both. The trick is choosing the right tool for your use case. Having said that, the learning curve for Ansible is relatively low compared to Puppet and Chef, making it a popular tool for DevOps automation. And if your world is DevOps then you'll likely need to shorten and improve your development lifecycle using a variety of tools that will help you develop, build, test, containerize, monitor, deploy, provision, modify, or virtualize your application. And you may therefore require both management and orchestration tools.

My personal advice would be to start small, automating just one or two processes or systems, and grow from there. Keeping it simple, accurate, and consistent is likely to stand you in good stead to grow your confidence using a variety of tools, regardless of whether you are trying to automate a service, platform, solution, or process.

Want to do more cool stuff with your load balancer?

Check out our technical 'how-to' blogs