Learn how vRealize Automation SaltStack Config helps you create an automated, event-driven configuration management system that can rapidly deploy and configure your virtual machines, servers, containers, and network devices on any cloud or on-prem network.

See vRealize Automation SaltStack Config for a video walkthrough.

What is SaltStack Config?

As IT system administrators and DevOps team members, you are aware that your role involves more than setting up servers and running services. SaltStack Config helps your team automate common infrastructure administration tasks and ensures that all the components of your infrastructure are operating in a consistent desired state.

Screenshot of Jobs workspace

SaltStack Config is pluggable and plays well with many existing technologies. You don't have to refactor all of your existing configuration management systems to use SaltStack Config. It can react to the output codes and information from third-party tools to manage the entire machine life cycle.

If you need to... Use... Along with...


Idem and salt-cloud



SaltStack Config and Salt

Ansible or Puppet


SaltStack Config and Salt

Drone or Bamboo


SaltStack Config and Salt

Splunk or CloudHealth


SaltStack SecOps

Tenable or Rapid7

What is SaltStack SecOps?

SaltStack Config also includes the option to purchase the SaltStack SecOps add-on. SaltStack SecOps harnesses SaltStack Config’s event-driven automation technology to provide two additional security services:

  • Security compliance

    Create security policies and scan your system to determine whether it is compliant with supported, industry-recognized security benchmarks. SaltStack SecOps can immediately deploy the updates or patches to bring your system into compliance.

    To view a list of supported security and compliance benchmarks and instructions to subsribe to future updates, see Supported Security and Compliance Benchmarks.

  • Vulnerability remediation

    Create security policies and scan your system for common vulnerabilities and exposures (CVEs), then immediately apply the updates or patches to remediate the advisories. You can also import security scans from other third-party scanning services such as Tenable or Rapid7, then immediately remediate these advisories as well.

For information on SaltStack SecOps, see Using and Managing SaltStack SecOps.

What does SaltStack Config do?

SaltStack Config is powered by Salt, an open-source automation and configuration management engine sponsored by VMware. Salt is built by the Salt Project community, which includes more than 3,000 contributors working in roles just like yours. This well-known and trusted community works together to improve the underlying technology and extend Salt by creating a variety of execution and state modules to accomplish the most common tasks or solve the most important problems that people in your role are likely to face.

The Salt modules can quickly and consistently automate common infrastructure administration tasks such as:

  • Managing operating system deployment and configuration
  • Installing and configuring software applications and services
  • Managing servers, virtual machines, containers, databases, web servers, network devices, and more

In other words, SaltStack Config ships with hundreds of pre-packaged Salt modules that you can begin to use immediately after installing SaltStack Config in your environment.

VMware ensures the code integrity and quality of the Salt modules by acting as the official sponsor and manager of the Salt project. Many of the core Salt Project contributors are also VMware employees. This team carefully reviews and enhances the Salt modules to ensure speed, quality, and security.

SaltStack Config extends Salt’s technology to help you:

  • Deploy and manage applications that use any tech stack running on any operating system in any cloud or on-premises environment, including different types of network devices such as switches and routers from a variety of vendors.
  • Scale your team’s ability to rapidly and consistently build servers and configure services on those servers.
  • Create self-aware, self-healing systems that can automatically respond to outages, common administration problems, or other important events.
  • Provide the appropriate level of access to the specific resources and types of jobs that can be run on the network, keeping your infrastructure secure while also empowering employees to run jobs in your environment that are necessary to their essential job duties.

Why should you use SaltStack Config for configuration management?

As IT system administrators and DevOps team members, a large part of your role might involve setting up servers and running services. Most of the nodes and applications in your system likely require custom configurations based on their intended role or purpose. Updating your configurations can also become very complex as your configurations change over time and when you need to update the configuration of hundreds or thousands of nodes at a time.

Instead of manually configuring each node or application one-by-one, you can use the SaltStack Config state management system to create state files that you can apply to many nodes simultaneously. These state files can include a set of instructions that tell SaltStack Config which operations should be run on the node and in which order and which configuration files or settings should be applied.

After you’ve written or modified a state file, you can automatically run these state files and apply them to many nodes at once. You can target nodes based on each node's inherent properties (such as its operating system) or you could also target nodes based on custom labels that you define (such as the node's role in your infrastructure or its physical location in your data center). Using this system (called "grains" in the Salt system), SaltStack Config can rapidly deploy state files to configure nodes at any scale: from one node to 100,000 nodes. You can also deploy these state files horizontally and vertically across cloud and on-premises environments at the same time.

The state management system also ensures each node is configured properly and as efficiently as possible. If a configuration has drifted, SaltStack Config can put nodes and applications back into its compliant configuration state. If a configuration needs to change, SaltStack Config can quickly deploy those changes to the affected nodes.

The SaltStack Config state management system also works well in infrastructure-as-code systems. Storing your state files in code form makes them easier for your team to read, write, and understand your system. Stateful systems simplify the complexity of your system's configuration, making it easier to onboard new team members and preventing systems that are too complex to understand. It also give your team the ability to control and monitor the history of changes to your infrastructure over time and roll back to older configuration states as needed. State files can be stored locally in the SaltStack Config file server or they can be stored the same way you store any code: connected to a secure, private version-controlled repository (such as GitHub or GitLab).

Why should you use SaltStack Config for event-driven automation?

As IT system administrators and DevOps team members, you also have additional critical responsibilities that extend beyond building servers and deploying apps. You know that many events occur in your environment and that some of these events often require a specific response from your team. Often the specific actions needed to respond to an event are routine and repetitive, which means they could be automated.

Using SaltStack Config’s event-driven automation features, you can design systems that can react to specific events by initiating a series of actions in response to those events.

Event-driven automation has many possible practical applications. For example, you could use SaltStack Config to:

  • Create a self-healing system that can notify stakeholders and begin the process of repairing itself when the system fails, such as restarting servers or applications.
  • Run a schedule that regularly backs up and stores server data.
  • Check for system updates and automatically notify or upgrade operating systems and applications to the latest version quickly and painlessly.

Why should you use SaltStack SecOps for security compliance and vulnerability remediation?

If your infrastructure is out of compliance with trusted security benchmarks or if your infrastructure is susceptible to a known CVE (common vulnerability and exposure), you need to deploy the patch or upgrade that will fix the problem as fast as possible. With SaltStack SecOps you can automatically or instantly deploy the patches or upgrades that fix these problems.

What sets SaltStack SecOps apart from other security compliance and vulnerability scanning tools is that SaltStack SecOps can immediately remediate the issues it finds by using SaltStack Config’s configuration management capabilities.

Using SaltStack SecOps’s role-based access control (RBAC) system, system administrators can give security teams the ability to create policies, run scans, and remediate compliance or security issues within the scope of their responsibilities. Administrators can monitor and control access to system resources or operations while also empowering security teams to ensure the system is secure and compliant.

For information on SaltStack SecOps, see Using and Managing SaltStack SecOps.