Module-4

Configuration Management: The Process of Configuration in Devops. Configuration

Management Tools Containerization: Docker introduction, Docker Image, working
with Docker Containers, Docker Engine, Creating Containers with an Image,
working with Images, Docker Hub, Docker Trusted Registry, Docker File &
Commands. Devops Monitoring Tool: Introduction to Nagios, Architecture
Virtualization and Containerization: Virtualization, Virtualization vs
Containerization, Micro-services and Containerization, orchestration, Difference
between orchestration and automation.
Configuration Management
The Process of Configuration in
Devops
• What is Configuration Management in DevOps
• Configuration management is a process by which the changes to a product’s components are
systematically identified, organized, controlled, and maintained throughout the lifecycle.
• DevOps Configuration Management Outcomes
• Infrastructure-as-a-Code: It refers to the existence of code that automatically prepares the
necessary environment.
• Configuration-as-a-Code: It defines server or resource configurations as code, stored in version
control to automate infrastructure setup.
• 5 Stages of Configuration Management in DevOps
• Planning
• Identification
• Control
• Status Accounting
• Audit and Review
• Why should you use Configuration Management?
• Inadequate configuration management can lead to system outages, data
breaches, and leaks. Not to mention the fact that bad environments make
for improper, incomplete, and shallow tests.
• Using Configuration Management is imperative in DevOps infrastructures.
Remember, DevOps is about facilitating speed, accuracy, and efficiency.
• DevOps Configuration Management automates mundane maintenance tasks,
and frees up dev time for actual programming.
• This increases agility, both on the part of individual devs and the organization
as a whole.
• At this point, it would be correct to state that Configuration Management is
necessary for setting up a DevOps-driven framework.
• How does Configuration Management fit with DevOps, CI/CD, and
Agile?
• Configuration data, once overlooked, is now central to modern infrastructure.
With Infrastructure as Code (IaC), files like YAML define and provision cloud
resources, making system management easier, reliable, and repeatable.
• Here is how configuration management connects with the below key practices:
• DevOps: It streamlines infrastructure management, prevents drift, and helps
dev and ops teams work seamlessly.
• CI/CD: It provides stable environments for testing and deployment, automates
setups, and makes rollbacks quick and easy.
• Agile: It speeds up sprint setups, removes delays, and supports frequent,
reliable updates.
• 5 Stages of Configuration Management in DevOps
• Configuration Management is a methodological process that ensures consistency
and control over a product’s functioning and performance throughout its
lifecycle. It consists of 5 main stages:
• Planning: Policies, processes and tools are specified to manage configurations.
The goals and requirements of the system are defined.
• Identification: Identify and document configuration items i.e hardware, software
or documentation for establishing clarity on their attributes and relations.
• Control: This stage includes change control, access control, version control and
baseline control that ensures the implementation of approved changes, manage
who makes changes, establishing baseline versions and tracking changes on the
configuration items.
• Status Accounting: The status of configuration items are tracked and reported to
maintain visibility and control. This could include changes, versions and baselines.
• Audit and Review: Verify the configuration items against the documented
specifications regularly to facilitate consistency, accuracy and compliance
throughout the system.
• Elements of DevOps Configuration Management
• The Elements of DevOps Configuration Management are:
• Configuration Identification: Identity the configuration of the environment to be
maintained. One can also use discovery tools to identify configurations automatically.
• Configuration Control: Remember that it might not remain unchanged once the
configuration has been identified. Consequently, there needs to be some mechanism
in place to track and control changes to the configuration. Most configuration
management frameworks have a change management process regulating these
configurational changes.
• Configuration Audit: Even with control mechanisms, changes may bypass them.
Configuration audits at regular intervals prevent such incidents. When choosing
DevOps Configuration Management tools, select one that facilitates these three
functions with the most efficiency and ease.
Configuration Management Tools
Containerization
Docker architecture
• Docker uses a client-server architecture. The Docker client talks to the
Docker daemon, which does the heavy lifting of building, running, and
distributing your Docker containers.
• The Docker client and daemon can run on the same system, or you
can connect a Docker client to a remote Docker daemon.
• The Docker client and daemon communicate using a REST API, over
UNIX sockets or a network interface.
• Another Docker client is Docker Compose, that lets you work with
applications consisting of a set of containers.
Docker architecture
• The Docker daemon
• The Docker daemon (dockerd) listens for Docker API requests and manages Docker objects such as images, containers,
networks, and volumes. A daemon can also communicate with other daemons to manage Docker services.
• The Docker client
• The Docker client (docker) is the primary way that many Docker users interact with Docker. When you use commands such
as docker run, the client sends these commands to dockerd, which carries them out. The docker command uses the Docker
API. The Docker client can communicate with more than one daemon.
• Docker Desktop
• Docker Desktop is an easy-to-install application for your Mac, Windows or Linux environment that enables you to build and
share containerized applications and microservices. Docker Desktop includes the Docker daemon (dockerd), the Docker
client (docker), Docker Compose, Docker Content Trust, Kubernetes, and Credential Helper. For more information, see
Docker Desktop.
• Docker registries
• A Docker registry stores Docker images. Docker Hub is a public registry that anyone can use, and Docker looks for images on
Docker Hub by default. You can even run your own private registry.

• When you use the docker pull or docker run commands, Docker pulls the required images from your configured registry.
When you use the docker push command, Docker pushes your image to your configured registry.
• Docker objects
• When you use Docker, you are creating and using images, containers, networks, volumes, plugins, and other
objects. This section is a brief overview of some of those objects.
• Images
• An image is a read-only template with instructions for creating a Docker container. Often, an image is based on
another image, with some additional customization. For example, you may build an image which is based on
the ubuntu image, but installs the Apache web server and your application, as well as the configuration details
needed to make your application run.
• You might create your own images or you might only use those created by others and published in a registry. To
build your own image, you create a Dockerfile with a simple syntax for defining the steps needed to create the
image and run it. Each instruction in a Dockerfile creates a layer in the image. When you change the Dockerfile
and rebuild the image, only those layers which have changed are rebuilt. This is part of what makes images so
lightweight, small, and fast, when compared to other virtualization technologies.
• Containers
• A container is a runnable instance of an image. You can create, start, stop, move, or delete a container using the
Docker API or CLI. You can connect a container to one or more networks, attach storage to it, or even create a
new image based on its current state.
• By default, a container is relatively well isolated from other containers and its host machine. You can control
how isolated a container's network, storage, or other underlying subsystems are from other containers or from
the host machine.
• A container is defined by its image as well as any configuration options you provide to it when you create or
start it. When a container is removed, any changes to its state that aren't stored in persistent storage disappear.
Docker Image
• Docker Image is an executable package of software that includes everything needed to
run an application. This image informs how a container should instantiate, determining
which software components will run and how.
• Docker Container is a virtual environment that bundles application code with all the
dependencies required to run the application. The application runs quickly and reliably
from one computing environment to another.
working with Images
• Docker images are the blueprints used to create Docker containers.
Images are lightweight, standalone, and executable software
packages that include everything needed to run an application:
code, runtime, libraries, environment variables, and configurations.
Docker Hub
• Docker Hub is a repository service and it is a cloud-based service where people push their
Docker Container Images and also pull the Docker Container Images from the Docker
Hub anytime or anywhere via the internet. It provides features such as you can push your
images as private or public.
• Mainly DevOps team uses the Docker Hub. It is an open-source tool and freely available for
all operating systems. It is like storage where we store the images and pull the images when it
is required. When a person wants to push/pull images from the Docker Hub they must have a
basic knowledge of Docker. Let us discuss the requirements of the Docker tool.
• Docker is a tool nowadays enterprises adopting rapidly day by day. When a Developer team
wants to share the project with all dependencies for testing then the developer can push
their code on Docker Hub with all dependencies. Firstly create the Images and push the
Image on Docker Hub. After that, the testing team will pull the same image from the Docker
Hub eliminating the need for any type of file, software, or plugins for running the Image
because the Developer team shares the image with all dependencies.
What is Docker Image?
Docker images are built using the Docker file which consists of a set of
instructions that are required to containerize an application. The docker image
includes the following to run a piece of software. A docker image is a platform-
independent image that can be built in the Windows environment and it can be
pushed to the Docker hub and pulled by others with different OS environments
like Linux.
•Application ode.
•Runtime.
•Libraries
•Environmentaltools.
Docker image is very light in weight so can be portable to different platforms
very easily. To explore more about creating and managing Docker images within
a DevOps pipeline, the DevOps Engineering – Planning to Production course
covers Docker image creation, optimization, and deployment.
Components of Docker Image
The following are the terminologies and components related to Docker Image:
•Layers: Immutable filesystem layers stacked to form a complete image.
•Base Image: The foundational layer, often a minimal OS or runtime environment.
•Dockerfile: A text file containing instructions to build a Docker image.
•Image ID: A unique identifier for each Docker image.
•Tags: Labels used to manage and version Docker images.
Continued…
• Main Uses of Docker Hub
• Efficient Image Management: Docker Hub simplifies the storage, management,
and sharing of Docker images, making it easy to organize and access container
images from anywhere.
• Enhanced Security: It runs security checks on images and provides detailed
reports on potential vulnerabilities, ensuring safer deployments.
• Automation Capabilities: With features like webhooks, Docker Hub can automate
continuous deployment and testing processes, streamlining your CI/CD pipeline.
• Integration and Collaboration: Docker Hub integrates seamlessly with popular
tools like GitHub and Jenkins, and allows managing permissions for users and
teams, facilitating efficient collaboration.
Docker Trusted Registry
Docker Trusted Registry (DTR)
• Docker Trusted Registry (DTR) is an enterprise-grade, private image registry used
to store, manage, and secure Docker images. It is part of Docker Enterprise
Edition (EE) and allows organizations to:
• Store and manage Docker images on-premises or in the cloud.
• Enforce access control and security policies.
• Sign and verify images for content trust.
• Perform image vulnerability scanning.
• 📌 Key Difference from Docker Hub:
• Docker Hub is a public registry (default) for sharing images.
• DTR is a private registry for internal use, with enhanced security and
management features.
Key Features of Docker Trusted
Registry
• a) Private and Secure Image Storage
• DTR provides private image storage, ensuring that your images remain within your organization's
infrastructure.
• Supports TLS encryption for secure image transfer.
• b) Role-Based Access Control (RBAC)
• DTR offers granular permissions with RBAC, allowing you to define who can push, pull, and manage images.
• You can assign roles like:
• Admin → Full control over the registry.
• Developer → Can push/pull images.
• Viewer → Can only view images.
• 🔍 c) Image Scanning and Security
• Built-in vulnerability scanning checks for security risks in your images.
• Integrates with CVE (Common Vulnerabilities and Exposures) databases.
• Helps prevent the deployment of vulnerable images.
• d) Image Signing and Content Trust
• DTR supports Docker Content Trust (DCT), allowing you to sign images.
• Verifies the authenticity and integrity of images before deployment.
• 🌐 e) Integration with Docker Enterprise
• Works seamlessly with Docker Universal Control Plane (UCP) for cluster
management.
• Provides single sign-on (SSO) and LDAP/Active Directory integration.
• 🚀 f) Automated Image Lifecycle Management
• You can configure policies for automated image retention, pruning, and
cleanup.
Docker File & Commands
• A Dockerfile is a script that uses the Docker platform to generate containers automatically. It
is essentially a text document that contains all the instructions that a user may use to create
an image from the command line. The Docker platform is a Linux-based platform that allows
developers to create and execute containers, self-contained programs, and systems that are
independent of the underlying infrastructure. Docker, which is based on the Linux kernel’s
resource isolation capabilities, allows developers and system administrators to transfer
programs across multiple systems and machines by executing them within containers.
• Docker containers may operate on any Linux host thanks to Dockerfiles. Docker images are
used to construct container environments for applications, and they may be produced
manually or automatically using Dockerfiles. Docker containers can execute Linux and
Windows apps. Developers may use Dockerfiles to construct an automated container build
that steps through a series of command-line instructions. Docker containerization is
essentially virtualization at the operating system level. Without the startup overhead of
virtual machines, several independent containers can run within a single Linux instance.
• Docker builds images automatically by reading the instructions from a Dockerfile.
• It is a text file without any .txt extensions that contains all commands in order, needed to
build a given image.
• It is always named Dockerfile.
• Docker image consists of read-only layers each of which represents a Dockerfile
instruction. The layers are stacked and each one is created by the change from the
previous layer. For example, if I create a base layer of ubuntu and then in second
instruction I install Python it will create a second layer. Likewise, if I do any changes by the
instructions(RUN , COPY , ADD) it will create a new layer in that image.
• Containers are read-write layers that are created by docker images.
• In simple words, a Dockerfile is a set of instructions that creates a stacked-layer for each
instruction that collectively makes an image(which is a prototype or template for
containers)
Frequently used Dockerfile commands -
•FROM - Defines a base image, it can be pulled from docker hub
(for example- if we want to create a javascript application with node as backend
then we need to have node as a base image, so it can run node application.)
•RUN - Executes command in a new image layer( we can have multiple run
commands )
•CMD - Command to be executed when running a container( It is asked to have
one CMD command, If a Dockerfile has multiple CMDs, it only applies the
instructions from the last one.
•EXPOSE - Documents which ports are exposed (It is only used for
documentation)
•ENV - Sets environment variables inside the image
•COPY - It is used to copy your local files/directories to Docker Container.
•ADD - It is more feature-rich version of the COPY instruction. COPY is preferred
over ADD. Major difference b/w ADD and COPY is that ADD allows you to copy
from URL that is the source can be URL but in COPY it can only have local ones.
•ENTRYPOINT - Define a container's executable (You cannot override and
ENTRYPOINT when starting a container unless you add the --entrypoint flag.)
•VOLUME - It defines which directory in an image should be treated as a volume.
The volume will be given a random name which can be found using
docker inspect command.
•WORKDIR - Defines the working directory for subsequent instructions in the
Dockerfile(Important point to remember that it doesn't create a new
intermediate layer in Image)
Devops Monitoring Tool
Introduction to Nagios
Nagios is an open-source monitoring and alerting solution designed to oversee IT infrastructure
components like servers, networks, applications, and services. Originally developed by Ethan
Galstad in 1999 under the name NetSaint, Nagios has since grown into a robust and widely
adopted tool for ensuring the availability, performance, and security of critical systems. With
contributions from a large open-source community, Nagios has evolved into a cornerstone of IT
operations, offering solutions like Nagios XI, Log Server, Network Analyzer, and Fusion, which
cater to the diverse needs of modern infrastructure monitoring.
How Nagios works
Nagios is a comprehensive monitoring tool designed to ensure the smooth operation of IT
infrastructure. It offers flexibility with both command-line and web-based interfaces, allowing
administrators to monitor systems efficiently. Here's how Nagios works, step by step:
1.Monitoring Setup: Nagios provides two options for monitoring:
1. Agent-based: Independent agents are installed on servers to collect data, which
is then sent to the Nagios server.
2. Agentless: Uses existing protocols to gather data without installing additional
software on servers. Both methods monitor critical system metrics like file system
usage, CPU performance, and service status.
2.Dashboards and Alerts: The Nagios dashboard offers a real-time overview of key
parameters, making it easy to track system health. When predefined thresholds, such
as high CPU usage or low disk space, are crossed, Nagios sends alerts via email or SMS.
This ensures administrators can respond quickly to issues, minimizing downtime.
3.Plugins and Scripts: Nagios runs as a service on a server and uses small scripts or
plugins to check the status of hosts and services in your network. These plugins, written
in languages like Perl or shell script, are executed at regular intervals. Results are
collected and stored for review. If a significant change is detected, additional scripts are
triggered, and further actions or notifications are initiated.
4.Integration with AWS: Nagios integrates seamlessly with AWS environments. When
installed on AWS, it provides scalable and secure monitoring for cloud infrastructure.
The collected data is accessible through the Nagios web interface, allowing
administrators to monitor both local and cloud systems in real-time. We discuss this
installation process in more detail in the section below
• Monitoring Process
• Nagios Web Interface (GUI): The Nagios Web Interface is a user-friendly
dashboard where administrators can see the real-time status of all monitored
resources. It helps users quickly check the status of different services, get
alerts, and track performance over time. Accessible through any modern web
browser, this interface is crucial for real-time monitoring and fixing issues
easily.
• Alert Notifications (SMS and Email): One of Nagios' key features is its ability
to alert administrators when something critical happens. These alerts can be
sent through SMS or email, based on the settings. If a resource or service
reaches a critical point, like low disk space or a service going down, Nagios
quickly sends a notification to ensure the issue gets addressed right away
Key Features of Nagios

• Monitoring: Nagios continuously checks hosts, meaning devices or servers, as well as

services, which are applications or protocols, for problems and performance.
• Alerting: It sends IT alerts when problems arise or thresholds are being exceeded through
email, SMS, or other methods, allowing quick response to an issue.
• Notification Escalations: Notification escalations can be set up to customize them in such a
way that prompts a response by the appropriate personnel without delay.
• Graphical Dashboards: Allows for detailed reports with graphical representations of
monitored data, so as to facilitate the ease in performing analysis and decision-making.
• Plugin Architecture: It is extensible with plugins and easily tied to a broad set of systems
and applications for diverse monitoring purposes.
• Configuration management: there is a possibility of hosts, services, notification rules, and
other parameters to be configured through configuration files, hence making it very flexible
and customizable.
Virtualization and Containerization
• A virtual machine (VM) is a technology for stimulating a physical computer. It
contains the same components, an operating system (OS), a network
interface, and applications. However, it’s sandboxed inside a physical
computer.
• This means one computer can run multiple VMs and their isolated
components. These can be used to develop, stage, and produce the
application code. You can build virtualized computing environments with
VMs, considered the first generation of cloud computing.
• A virtual machine cannot run without a hypervisor. These lightweight
software layers separate VMs and allocate processors, memory, and storage.
They’re basically machine monitors that enable multiple operating systems to
run simultaneously.
What is virtualization? How it works
• Virtualization refers to the process of using software to create a virtual resource that runs on a layer
separate from the physical hardware. The most common use case of virtualization is cloud computing.
• You can run several VMs on a computer through virtualization. These VMs are independent systems but
share the same physical IT infrastructure and are managed by the hypervisor.
• Virtualization has gained massive prominence in the recent software field. The global application
virtualization market is expected to be valued at $5.76 billion by 2026. This is because virtualization allows
users to access applications and features without installing them on the computer.
• This cloud-based technology saves money, time, and storage space while offering all cloud computing
powers. Both large enterprises and small businesses benefit from it. Some of the advantages of
virtualization are:
• Availability of all OS resources for apps
• Well-established functionality
• Better security tools and controls
• Robust management tools
• Cost savings and high efficiency
• Centralized workload without overheads
• VirtualBox, VMware Workstation Player, and Microsoft Hyper-V are the most popular VM providers.
Limitations of virtualization

• Virtualization is a powerful technology that has many benefits, but it also has a few limitations
that you should be aware of. Some of the main limitations of virtualization include:
• It requires significant RAM and CPU resources to run multiple operating systems and a virtual
hardware copy.
• The shift between private and public clouds and data centers makes the software development
lifecycle more complex.
• It’s monolithic and runs applications as single, large files.
• Adds up computing resources and cycles very quickly.
• It doesn’t run some applications properly.
• Some older or specialized applications may not be compatible with virtualization software, or
may require additional configuration to work properly
• Virtualized environments may not be as easy to scale as physical ones, especially when it
comes to adding more hardware resources.
What are containers?

• Containers are a means of isolating an application from its

surroundings by encapsulating its dependencies and configurations in
a single unit. After that, the unit can be shipped to other
environments such as private clouds, public clouds, and data centres.
• Containers are more lightweight and agile when it comes to
virtualizing your environment without a hypervisor. They enable
DevOps to concentrate on developing and deploying code, allowing
for faster resource provision. A containerized application behaves
consistently across development, staging, and production
environments.
What is containerization?

• As mentioned earlier, containerization is the process of packaging every

component needed to run an application or microservice, including
associated libraries. Each container consists of codes, dependencies, and the
OS itself. It allows applications to run the same way on multiple platforms.
• Containerization is a form of OS virtualization that leverages the features of
the host operating system to isolate processes and control their access to
memory, disk space, and CPUs.
• The mainstream advent of containerization began with Docker, an open-
source platform to build, deploy, and manage containerized applications.
With its introduction in 2013, container technology and ecosystem evolved
massively.
Some benefits of containerization
are:
• Reduced occupancy of IT management resources
• Smaller size requirements
• Faster spin-ups and simplified security updates
• Less code to migrate, transfer, or upload workloads
• Faster delivery
• Easier management
How does containerization work?

• Containerization works by sharing the host OS kernel with other containers as a

read-only resource. You can deploy multiple containers on a single server or virtual
machine as they’re lightweight and scalable.
• This way, you only maintain one OS and don’t dedicate an entire server to one
application. Containerization is the answer to several DevOps problems. This is why
several enterprises adopt this approach to migrate managed services to the cloud.
• Containers let you break down applications into their smallest components or
microservices. These services are developed and deployed independently,
eliminating a monolithic unit.
• For example, if you support multiple action buttons on your website, the failure of
one doesn’t affect the performance of others. This reduces downtime,
maintenance pressure, and dependency.
Limitations of containerization

• All containers must run on similar operating systems.

• If containers are based on a different OS, they need a different host.
• They can create security vulnerabilities in the OS kernel as all
containers on the host machine share the OS.
• This solution is still developing and improving, so it can be more
complicated to adopt.
Containerization vs. virtualization
Property Virtualization Containerization

Isolates the host and other containers to a certain degree; doesn’t

Isolation Fully isolates the host operating system and virtual machines
provide a strong security boundary between hosts and containers

Includes a separate, completely independent operating system Involves a user-mode operating system that can be tailored to
Operating System with the kernel and requires more CPU, memory, and storage contain only those services your app needs, so its light on
resources resource requirement

Compatible with almost all operating systems inside a virtual Compatible only with a similar operating system version as the
Guest Compatibility
machine host

Deploys individual containers through Docker and multiple

Deployment Can be deployed individually with a hypervisor for each VM
containers with Kubernetes orchestration

Uses a virtual hard disk (VHD) for single VM local storage or server Uses local disks for local storage for a single node and SMB for
Persistent Storage
message block (SMB) for shared storage on multiple servers shared storage on multiple servers or nodes

Manages load balancing by automatically starting and stopping

Load Balancing Runs VMs on other servers in a failover cluster for load balancing
containers on cluster nodes through an orchestrator

Networking Conducted via virtual network adapters (VNA) Uses an isolated view of a VNA for lightweight virtualization
Micro-services and Containerization
• What are microservices?
• Gartner defines a microservices as a service-oriented application component that is:
• Tightly scoped
• Strongly encapsulated
• Loosely coupled
• Independently deployable
• Independently scalable
• According to AWS, microservice architecture involves building an application as independent components that run each application
process as a service, with these services communicating via a well-defined interface using lightweight APIs.
• The characteristics of microservices as described by microservices.io is that they are:
• Highly maintainable and testable
• Loosely coupled
• Independently deployable
• Organized around business capabilities; and
• Owned by a small team
• Take the example of an e-commerce web application as shown below. A microservice architecture approach would see the separation
of the:
• Logging service
• Inventory service
• Shipping service
• Each service would have its own database and communicate with the other services via an API gateway. The development and
• The approach to microservices adoption has been geared towards
refactoring existing monolithic applications, rather than building new
applications from scratch. While microservices provide agility and
scalability options, they also require relevant supporting
infrastructure especially when you consider the complexity that
comes with managing hundreds of microservices across different
teams.
• For this reason, approaches such as DevOps and CI/CD are better
suited to ensure that the services are efficiently and effectively
managed from design, through development and deployment.
Orchestration
• Orchestration in DevOps refers to the automated coordination and
management of complex IT workflows, services, and infrastructure. It
involves:
• Automating repetitive tasks
• Managing multiple services across environments
• Ensuring smooth deployments and operations
• Reducing human intervention and improving efficiency
• 📌 Key Difference:
• Automation: Performing individual tasks automatically (e.g., deploying a
container).
• Orchestration: Managing the entire workflow (e.g., CI/CD pipelines,
infrastructure provisioning).
IT orchestration and automation
differences
Automation Orchestration

Automates repetitive tasks and processes to streamline Manages complex workflows and processes involving multiple
Complexity
operations and reduce human intervention. systems, tools, and dependencies.

Focuses on specific tasks or processes and may not consider Integrates and coordinates tasks across diverse systems, APIs
Integration
interactions between different systems. and platforms for end-to-end processes.

Follows predefined rules and instructions without real-time Enables decision-making logic and branching within workflows,
Decision-making
decision-making capabilities. allowing dynamic routing and adaptations.

Typically lacks collaboration features, focusing solely on task Facilitates collaboration among cross-functional teams through
Collaboration
execution and process automation. workflow visibility and shared task management.

Minimizes human intervention by automating repetitive tasks Enables human intervention at specific decision points for
Compliance
and reducing the risk of errors. complex decisions or exceptions to workflows.