For designing and staging projects, you need the following specific features:
· Template-based change design--This capability provides additional security by enforcing
configuration standards and reducing human error. Your templates can be designed to
meet mandated security requirements--helping to ensure that future changes based upon
those templates also meet security requirements--without requiring as rigorous a security
review for each and every template-based change.
· Template enforcement--Rather than simply providing templates as something you can
use, some tools can require you to use them. This feature can help improve consistency
and reduce errors and the introduction of security flaws.
· Workflow management--A tool should accept proposed changes and revisions to those
changes but not allow the changes to be deployed until the changes have been reviewed
and approved. Ideally, the tool should allow some level of customization to the workflow
process so that you can define a process that meets your environment's specific needs.
· Security scanning and analysis--The solution should ideally provide some basic analysis
of proposed configurations to point out known security vulnerabilities. Often, this feature
is integrated in the templating process or in a pre-deployment review; what is important is
that some automatic scan of the configuration highlight known problems and provide an
opportunity to correct them.
Figure 6.2 provides a handy evaluation checklist for this functionality that you can use during
your tool evaluations.
For all the checklists included in this chapter, as a methodology for evaluating tools, assign a
suitability score--such as 1 to 3--for each feature. Products with higher scores should implement
features in a way that makes more sense for your environment; products with lower scores provide
features, but perhaps don't do so in quite the fashion you would prefer.
Figure 6.2: A tool evaluation checklist for the designing and staging functionality.