Please share with the community what you think needs improvement with Puppet Enterprise.
What are its weaknesses? What would you like to see changed in a future version?
The main thing that we noticed when we switched from the enterprise version to the community version was the difference in cost — the infrastructure is pretty expensive. We work in the education sector so we get really good discounts from vendors. Other universities, including Harvard, use a competing product called Ansible. The only reason they use Ansible is that they got it for a really good price. We tried to get an educator's discount with Puppet, but unfortunately, we couldn't reach an arrangement. That's why we had to switch to the community version.
Puppet may be already working on this, however, it would be helpful if they made the product agent-less or making an option for agent-less. They may offer that in Puppet Bolt. I haven't explored that much. The compliance side needs work. Puppet doesn't have much in terms of dealing with compliance. Chef has inSpec. On Red Hat, we are getting Insight so that we can run some standard templates for compliance, like CIS or DSR, PCI, or something of that nature. We can use those templates to harden the environments and perform a security checklist within those environments. There's a lot of scope for enhancement on the DevSecOps side. They should definitely include features for compliance, for both the Linux and Windows side of the devices, as well as for network devices. Compliance is something they need to work on. It would be great if there was integration with some InfoSec tools like Lenovo. The pricing of the solution is a bit high.
We are constantly improving new features, like deploying. But also, I think that they're very strange. It is how the community contributes with the models that they have in Puppet first. But it's a continuous improvement process. We are always discovering new things.
What do you like most about Puppet Enterprise?
Thanks for sharing your thoughts with the community!