"Cfengine, or the configuration engine is a very high level language for building expert systems for the administration and configuration of large unix networks. Cfengine uses the idea of classes and a primitive form of intelligence to define and automate the configuration of large systems in the most economical way possible. "
The author takes the approach that this should, after a manner of speaking, represent a sort of "system immunology." One should plan to build a set of cfengine "rules" that will be applied to a number of computer systems, that should encourage the systems to converge towards "more stable" states.
The C-based version of cfd is not terribly thread-safe, and doesn't cope well if you have a whole lot of clients connecting to a single server. This would, for instance, be the case if you have a network with several hundred client machines that run a cfengine script each hour that might each make a hundred requests of the server.
We present a non interactive system, called FAI (Fully Automatic Installation), to install a Debian Linux operating system on a PC cluster.
We take one or more virgin PCs, turn on the power and after a few minutes Linux is installed, configured and running on the whole cluster, without any interaction necessary. In addition, the configuration can be changed automatically on all Linux cluster nodes. Thus we have a scalable method for installing and updating a cluster with little effort involved.
The creator of cfengine observes that configuring ACLs for Windows NT by hand is a tedious and error-prone task, and suggests that in order to usefully make use of ACLs to secure systems, you need to have some form of "policy engine" to apply the desired policies.