The Configuration Audit tests and verifies that the correct version of the code (called configuration items or CIs) are in production (or QA, for that matter). There are two types of Configuration Audits. The first is a physical audit that verifies that the correct physical files (e.g. binaries, config) are in place. The second is a functional audit that verifies that the Configuration Items are performing as expected. It is essential that Configuration Management best practices include automated procedures to conduct the configuration audit. This means that you need an automated procedure to extract the unique immutable version ID from the binary itself.
When you deploy a release, you must also be able to conduct the configuration audit to (trust but) verify that the correct CIs are in place (and are performing correctly).
There are many techniques for doing this and I will be adding articles showing specific examples. Please send me an email and tell me which examples you would like to see!
The configuration audit is one of the four core functions. The others are configuration identification, status accounting and change control.
More articles by this author