In the first post of our DevOps for Devices series, we talked about using Esper Blueprints to manage by exception. But that’s just the first step to a unified, systematic approach to optimizing your company hardware. In this post, we’ll focus on the next phase of managing by exception: drift management and automated remediation.
Those two go together like peanut butter and jelly. Sure, they’re both great on their own. But when you combine them, you get something truly extraordinary!
What is Drift?
Let’s start with a couple of quick definitions.
When you configure a device precisely how you want it to be, that’s called the desired state — it’s an all encompassing term that covers applications and versions, screen configurations, security settings, and everything in between. It’s precisely how you want your device to be set up and function. With Esper, you encode your desired state into an artifact called a blueprint.
Now, when the device deviates from this desired state — whether it's a small change in volume or a severe change, such as improper application configuration or connection to an unauthorized Wi-Fi point, we call that drift.
There are various reasons why a device can drift from its desired state — software updates, a malicious actor tampering with a device, or an application causing an undesired change on the device are just a few examples. While some of these changes introduce mere inconveniences, others can dramatically affect security settings, the end user’s experience, or business operations (think a broken point of sale, health monitoring device, or an ATM)! That is anywhere from “yuck” to “that's a serious incident — wake everyone up!!!”
Fortunately, there’s a solution here, too — converging is the act of bringing a device that is in drift back to its desired state.
Now, let's see why good drift detection and remediation are crucial to enforcing critical policies.
A Glimpse Into the Future of Drift Detection and Automated Remediation
Imagine a tool that constantly monitors your fleet, detects every tiny change on each device, determines if the device has drifted from its desired state (while ignoring things you don't consider meaningful changes), and alerts you when the device is indeed in drift.
Now, that is what you need in your tool chest! Without such a tool, policy enforcement and managing device fleets becomes a laborious and manual effort. Detecting drift isn’t something you should do passively, but rather have it be part of your overall fleet management strategy. The absence of this only makes managing by exception a manual hunt-and-seek effort.
But wait! We can take this a step further. We can remediate this drift!
However, if good drift management relies on notifications and reactive solutions, better drift management is automated and proactive. That’s exactly what automated remediation is about — it removes all the manual elements associated with drift management, virtually eliminating the need for manual oversight. That’s next-level managing by exception! That's having your desired state cake and eating it too!
Sticking with our example above, now imagine if everything after the notification just automagically happened! The system detects a device went into drift, and then applies the correct desired state to bring it back up to snuff. You wake up from a good night’s sleep and see a notification from your robot friend letting you know, “Howdy! I noticed things were broken, but I fixed them according to your specifications. Here are all the details. And … You’re welcome” Bam!!! Day saved! Now, you can worry about that new project that's been sitting for a while.
Keep in mind that this isn't where the industry is as a whole right now, but it's the direction we're going in. But these aren't theoretical examples, either — this is practical, tangible, and in the features are in the works right now.
Let's Bring All This Together
Drift remediation is necessary — not a luxury — as you scale. The more devices you have, the harder it is to keep them all aligned with their desired state(s). Drift detection and remediation fixes that. Period.
Consider the security implications here. The longer a device is in drift, the more of a security risk it becomes. And the more devices you have to manage, the higher the odds are that a device stays in drift longer than it should. In the future, automated remediation will fix problems almost in real-time, these threats are suddenly nullified before they can even become threats. Until then, dependable drift detection is a great start!
Additionally, what happens if your security settings, application versions, or user experiences change? The best thing about an integrated desired state, drift management, and remediation solution is that all you have to do is update the desired state! The tool enforces that new state and automatically converges your entire fleet to the new desired state!
In my previous article, I said, “Set it and forget it.” Now, it's also “update it and forget it!” — in a single operation!
Enabling Managing by Exception Across Device Fleets of All Sizes
As your device fleet scales and needs change, the importance of drift monitoring ensures security, compliance, and operational efficiency. It simplifies device management strategies, allowing teams to maintain control over assets in a streamlined manner, meaning they have more time to focus on strategic initiatives instead of being loaded with repetitive management duties (or worse, putting out fires).
This is yet another foundational example of managing by exception. I wouldn’t go as far as saying your fleet can manage itself (we’ll get there soon), but advanced drift management tools really make it feel that way.
The good news is that, with Esper, you can already do most of this! We continue to evolve our platform to achieve this vision.
Exciting times! Join me on this journey! Let's get that fleet management streamlined!