BPA: Friend or Foe?

I vividly remember reading Arthur C. Clarke's seminal 2001: A Space Odyssey when I was a boy. One of the things that made a huge impression on me was HAL 9000, the supercomputer that changed from an indispensible part of the spaceship Discovery's mission to a paranoid loner. The idea of a self-repairing, self-modifying, self-aware computer was terribly far ahead of the then state of the art, and for the most part it still is today.

However, one way in which we're inching closer to Clarke's vision is in the proliferation of tools that attempt to automatically diagnose, and even repair, minor problems or misconfigurations before they cause real problems. IBM has been pushing its vision of autonomic computing for a few years now, and Microsoft has its own Dynamic Systems Initiative. These big, macro-scale projects often take a long time to show results, but in the Exchange world we have some smaller-scale efforts that have been paying off for a while. In case you've been stranded on a desert island for the last few years, I'm talking about the Microsoft Exchange Server Best Practices Analyzer (ExBPA) and its siblings for SQL Server, Office Communications Server, and other Microsoft products. These tools let Microsoft build a corpus of rules that are delivered as a set of XML files; when you run a BPA on your network, your configuration is checked against the predefined set of rules. Exceptions are flagged, giving you an easy way to find areas where your network departs from standard or accepted practices.

This capability seems pretty useful, and in practice it certainly is—but what about the long term? Are automated fix-it tools a threat to those of us who make our living managing messaging and collaboration services?

It's certainly possible to argue that these tools reduce the need for troubleshooting skills. Because tools such as ExBPA automatically find problems, the argument goes, less-knowledgeable administrators can identify and fix things that formerly would have required someone more skilled. In addition, as these tools improve we'll probably see them add the ability to fix things (hopefully asking the admin for permission first!). I've also heard occasional complaints that some administrators have become too reliant on the tools to find and fix their own latent problems.

The other side of the argument is more compelling. There are lots of relatively obscure settings and parameters that can affect the performance, stability, and security of Exchange, SQL Server, and other server and infrastructure products. Automated analysis tools such as ExBPA provide a means to quickly scan even large infrastructures to look for a broad range of potential problems; checking things on one server doesn't sound too bad, but doing the same checks on 10 or 100 servers quickly becomes untenable. In the security world, we've long been able to depend on automated tools for log analysis and vulnerability scanning precisely because those tasks are very tedious and thus subject to poor follow through by people. ExBPA and its relatives are particularly useful when you're moving to a new environment (say, when changing jobs or starting a consulting engagement) because they give you a reliable way to check the baseline configuration of the systems you'll be managing.

Having said that, I do think there's room for caution. ExBPA is a wonderful addition to our arsenal of management tools, and Microsoft has done a great job of continuing to improve it. Plus, it's free. However, don't let its quality fool you: You and the other administrators you're responsible for training and managing still need to understand the underlying mechanisms that ExBPA checks. You need to understand why ExBPA makes the recommendations it does, and know when it's OK (or even necessary) to deviate from them in your environment. This discretion takes individual learning and study, which I expect will always be a part of the IT industry.

Now, if only Microsoft would release an analysis tool that would scan my office and tell me what I can safely throw out . . .