A Complete Guide to Data Breaches

Download this eBook to learn how to avoid a costly data breach with a comprehensive prevention strategy.

Download Now

Chef is one of the most widely-used CM tools today, arguably playing second fiddle to the mighty Puppet. The tool is written in Ruby and Erlang, uses a pure-Ruby DSL in the Knife CLI, and includes a nice GUI for easy management. Developers and DevOps types will prefer using Chef, much more so than sysadmins.

Two versions of Chef exist: the free, open source tool and the enterprise offering, which is then subdivided into hosted and on-premises (private) versions. Its eponymously-named parent company (previously known as Opscode) also entices potential clients by offering a free trial version of either Enterprise flavor, but only for a maximum of 5 devices and without corporate support.

Chef Offering

  • Hosted Chef is cloud-hosted, and includes configuration support and provisioning assistance.
  • On Premises (Private) Chef is the enterprise version, but implemented within a customer’s private infrastructure. Minimal assistance and support for server provisioning is available.
  • Open Source Chef is free but with comes with no support and without many of the useful add-ons available in the enterprise versions.

There are a few more variants, such as Chef Solo: a decentralized, serverless mode of Chef, akin to a peer-to-peer Windows network with no domain controller. There’s also Opsworks, the tweaked version of Chef developed by Amazon specifically for use with AWS.

Hosted Chef

Hosted Chef is one flavor of the Enterprise offering. In this mode one’s cookbooks, roles and node definitions are stored in a scalable, cloud-based Chef server provisioned by Chef, Inc. No need to worry about hardware management and maintenance or software upgrades – one simply uploads the cookbooks and Chef does the rest.

There is a price to pay for this, though-- a steep price! Hosted Chef is priced as follows:

  • Launch package: $120/month, 20 nodes, 10 users
  • Standard package: $300/month, 50 nodes, 20 users
  • Premium package: $700/month. 100 nodes, 50 users

All these tiers are exceedingly expensive for most small and medium sized organizations. There is a small reprieve, however-- as mentioned earlier, one can get the full Enterprise Hosted Chef on free trial basis for up to 5 nodes, 2 users, with no support included.

Another point to keep in mind is that as a publicly exposed cloud service, Hosted Chef is vulnerable-- as are all externally-facing cloud services-- to nasty experiences over which one has no control like service outages and DDOS attacks.

On Premises (Private) Chef

With On Premises Chef, a Chef server to be run on-premises is provisioned by the customer. The main advantage over Hosted Chef, of course, is that full control over the server is maintained. Faster rollout and better integration is also possible since the server is likely to be physically closer to the rest of the customer’s network. And because On Premises Chef servers reside behind the customer’s own firewalls, the machines are shielded from any public global issues that may affect Hosted Chef customers.

With the release of Chef 11 in 2013, On Premises Chef has shifted away from a perpetual-license model to a monthly, per node model costing $6 per node/month-- the same as Hosted Chef. Standard support is an additional $3 per node/month, and the premium version is $3.75 per node/month.

Setting up On Premises Chef is no simple task. For instance, CouchDB, RabbitMQ messaging, Java, Solr, Ruby, OS-level dependencies, and web server configurations need to be set up/configured prior to setting up Chef on Ubuntu Linux. Mind you-- this is even before starting on On Premise Chef proper, which is itself another daunting beast to install/configure. The Chef learning curve is especially difficult for newbies; requisite Ruby proficiency and convoluted documentation targeted at experienced users make it even more challenging. One quickly begins to appreciate that sans expert assistance, Private Chef is not a product for novices. Help from Chef, Inc. is available in this case, albeit limited: intermediate Chef proficiency is expected by its customer support team. On Premises Chef is mostly used by organizations with in-house Chef SysAdmins or DevOps experts such as its largest customer Facebook.

Open Source Chef

The open source route may be a viable option for those highly confident in managing Chef.  A large and active user community exists on various forums like Github, Stackoverflow, and a plethora of other Chef community sites. Subsequently, answers to questions, advice, or troubleshooting assistance is easily obtainable on the web. For those with less experience with the product, a popular mode of Open Source Chef called Chef Solo is also available. This serverless, scaled-down version is suitable for small setups, as it requires only a basic configuration to get up and running. Aside from this, reasonable expertise is still required to provision, install, configure, and deploy an Open Source Chef server from scratch.

Several concerns are worth considering before jumping head-first into Open Source Chef. For example, some knowledgeable insiders have raised serious doubts about Chef, Inc.’s continued commitment to the open nature of the Chef source code. This, of course, casts a degree of uncertainty around Open Source Chef’s future livelihood. Also, by opting for this DIY version of Chef, one forgoes all the excellent features of the paid versions, such as the GUI, useful analytics dashboard, bulk grouping tool, customizable views, and push functionality, among others. The latter feature in particular has been conspicuously absent from Chef products for some time now, only making its debut in Chef Enterprise 11. Prior to this, updates were pull-based, requiring agents to “dial home” to the Chef server to check for new updates. Changes defined on the Chef server therefore could not be propagated immediately to all node-resident agents in the environment.

Summary

As one of the most widely-used solutions for managing system configurations and automating IT environments, Chef currently offers three deployment options, each with their own caveats: Hosted Chef, On Premise (Private) Chef, and Open Source Chef. As an automation platform, Chef is worth considering due its large installed base; Puppet, the other market leading solution (and Chef’s arch-nemesis), is also worth exploring.

If the decision is made to go with Chef, the next question is which version: Enterprise (Hosted or On Premise) or Open Source. The table below offers some further guidance in making the right decision:

  Pros Cons
Hosted Chef

No worries about installation, upgrades, backups and maintenance

No worries about hardware upgrades and maintenance

Best for newbies because of extensive Chef, Inc. support and handholding

Very expensive: from $120 to $700 per month

Hosted in the cloud, therefore vulnerable to host provider service outages and security breaches 

On Premise (Private) Chef

Allows higher level of fine-grained customization

Full control over your own environment; better security

Can seat your Chef server on your network, allowing faster communication and deployments

Still expensive: $6/node/month without support

Requires real expertise to configure and use

If you don’t know what you’re doing you can mess things up very badly

Not suitable for newbies or the inexperienced

Open Source Chef

Completely Free

Access to user community

Ability to tweak source code as you desire

Even more difficult to configure than Private chef – requires expertise in Chef

No upgrades or support from Chef, Inc.

Doubts about Chef, Inc’s continued commitment to the open-source model

Ready to see
UpGuard in action?

Ready to save time and streamline your trust management process?