S

C
C
M
v
s
P
u
p
p
e
t
U

a
 r

Open-source vs. proprietary? In the software universe, this debate has raged on in almost
all sub-sectors – OS’s, databases, and even in the CM arena, where SCCM vs. Puppet are
two of the heavyweight champs slugging it out. But beyond that philosophical difference
in origin, they also take two completely different paths to the destination of easing the sys
admin’s life.

SCCM is a Microsoft product, which of course means it ties in very well with Windows
environments, especially enterprise environments, but no other platforms (except as client
machines on SCCM 2012 – more on that in a bit). Puppet is an open-source product that can
manage Linux, Unix, Windows and even and Mac OS environments, though of course it
cannot match the abilities of SCCM on Windows. So which one should you choose for
managing your data center or multiplicity of servers that’s threatening to get out of hand?
Let’s delve a bit more into them to find out.

What They Are

Puppet is the model-driven open-source CM from PuppetLabs. It’s written in Ruby, and has
both a well-developed user interface and a CLI that uses either a Ruby-derived DSL or pure
Ruby code, although this latter option is being deprecated. PuppetLabs founder Luke
Kanies stated that: “One of the benefits of Puppet’s DSL—beyond the simplicity—is that it
encourages the mental shift that Puppet requires. To use Puppet effectively, you need to
think in resources, not files or commands. If you wrote your configurations in Ruby, you
could easily just open files and run commands all the live-long day, but with the DSL, you
have to learn to think in resources.” The user describes system resources and their states,
and stores this information in files called manifests. Puppet includes a ‘resource abstraction
layer’ that enables admins to describe the configs they want to manage and the actions they
want to execute in high-level terms using the DSL. And a great benefit of this infrastructure-
as-DSL-code approach is that you don’t have to worry about OS-specific commands and
keywords. Puppet also has a great browser based UI for limited configuration and setup
 tasks, but most users will use the GUI as more of a viewing and reporting tool, and most
fine-grained work will inevitably require learning how to use the CLI.

Microsoft’s SCCM (Systems Center Configuration Manager), or to use its official title
ConfigMgr, was previously known as Systems Management Server (SMS). The latest version
is SCCM 2012, and it can manage environments with Windows, Linux, Unix, Mac OS X and
even mobile OS’s such as Windows Phone, iOS and Android. But the server console must be
installed on a Windows server, and no points for guessing which OS platform it works best
in. Also like other Microsoft products, almost all work will be done on the GUI, with some
added-on support for programmatic interfaces like VB scripts. This makes it faster to learn
and use, but less flexible than a CLI-centric tool like Puppet. One of the major changes in
SCCM 2012 is support for BYOD (Bring Your Own Device). Microsoft recognizes that users
are increasingly using devices not purchased by their workplaces’ IT, so it has added a way
of automatically onboarding such devices into the SCCM-controlled network. SCCM of
course uses and integrates very well with Active Directory and Group Policy to keep track
of and roll out updates to all devices. Other notable features of SCCM are:

• End users can search for applications via a self-service Software Center and define the times when
installations and upgrades take place.
• WSUS (Windows Server Update Services) and Network Access Protection for policy and security
enforcement and rollout.
• EndPoint Protection Manager, formerly called ForeFront, for data security and encryption on
devices.

Community, Support, Pricing

Open-source platforms typically have a much greater sense of togetherness and product
ownership. This is no different in the case of Puppet – an active user community and quick
feedback and resolution are there when needed. That said, Puppet is the largest player in
the open-source CM marketplace, and with that size comes some inertia to change and loss
of agility. There have been some small but vocal protests in discussion forums about stuff
like PuppetLabs’ slowness to resolve bugs and their pushing users towards the commercial
enterprise version, where they make their money. Puppet also boasts having some large
corporate clients on board - Reddit, Dell, PayPal, Oracle, Los Alamos Labs, and Stanford
University. When going up against a big-name established behemoth like Microsoft, such
clients offer a lot of credibility in the minds of potential clients and users. Like the open-
source version, Puppet Enterprise is also free for the first 10 nodes but then after that costs
$99 per node per year; tiered discounts are also available up to 2500 nodes. As previously
mentioned, Puppet works on almost all platforms, but simply can’t match SCCM’s
capabilities on Windows; for instance you cannot use Puppet for provisioning and
deploying new Windows servers, and it cannot directly update AD to reflect the status of
machines in the network.

With SCCM, many first of all have a problem with its closed-off, proprietary nature. That
said, support from the user community is also very good. That’s not surprising given the
dominance of Microsoft products, and you also get excellent answers and support from
dedicated in-house SCCM pros, á la the Genius bar at the Apple Store. SCCM pricing is
convoluted and not as straightforward as Puppet’s, especially if you are adding multiple
servers, but this is common in almost all Microsoft products, and is actually easier to
understand in the 2012 version compared to the 2007 version. To illustrate this clear-as-
mud pricing setup, you need both client managed licenses (ML’s) and server managed
licenses. Server ML’s are priced depending on whether you are taking up the ‘Standard’ or
‘Datacenter’ option, and also varies by the number of processors you have. So for example
the top of the range 4-processor, datacenter server ML will cost $7230, and then you still
need to factor in the cost of client ML’s ($62 - $121). SCCM will generally work out to be
much more expensive than Puppet, is what we’re trying to say here. Read more about SCCM
pricing here.

Conclusion

If you have to make a choice between Puppet and SCCM, first detail what your needs are,
then look for the tool that best fits those needs. And remember, you are lucky to even have
such a choice – just 10 years ago there was basically only one CM tool! The pros and cons
analysis below may help your decision-making, as well this site that summarizes and
compares features of both SCCM and Puppet.

Pros Cons

• Very expensive.
• Doesn’t integrate well with mixed Windows -Linux/
• Integrates very well into Windows
Unix setups.
environments.
SCCM • Not as powerful as Puppet because of GUI-only
• Guaranteed support from Microsoft.
interface.
• Easier to learn, so faster to start using.
• Proprietary model, so users cannot change or
customize the product.

• Open-source, so much cheaper and more

• More complex and difficult to learn and start using.
flexible.
Puppet • Forces users to learn and use Ruby-based DSL.
• Works well with all OS platforms.

References

http://searchwindowsserver.techtarget.com/definition/Microsoft-System-Center-
Configuration-Manager-2012
http://www.infoworld.com/d/microsoft-windows/qa-power-users-view-of-sccm-2012-
191652
http://systems-management.findthebest.com/compare/20-26/Puppet-Enterprise-vs-
Microsoft-System-Center-Configuration-Manager#/
https://puppetlabs.com/blog/part-top-questions-on-puppet-and-windows