The immunity model of system maintenance draws its name from the immune systems of verterbrate organisms. The idea contends that all large-scale cooperative organisms (animals, groups, societies) evolve self-protecting sub-systems (immune and repair systems, police and emergency services) which try to keep those organisms in some kind of balance. Without such systems, organisms would quickly perish due to random decay and crime. Computers operating systems are artificial organisms, which work on the same cooperative principles as other organisms, but they have been designed rather than having evolved. They lack basic protecting systems, or immune-repair systems. The immunity model attempts to redress this imbalance by providing an expert counterforce to the forces of random or criminal attack on system integrity. One defines the ideal (desired) state for a computer system and agents (like immunity/repair cells) make sure that no dangerous deviations from that state are allowed to grow. The immunity model uses a principle of convergence to switch on and off repair and garbage collection mechanisms. When the system is in its ideal state, the immune system becomes inert. When the system deviates from the ideal state, the immune system guarantees to bring it only closer to that state, i.e. the state of the system is never made worse by the agents. Cfengine is an agent/language framework for implementing the automatic management of large or small system installations with the immunity model. It uses the idea of an expert software agent to perform automatic maintenance on each host in a Unix or NT cluster. Cfengine is suitable for site-wide management; it can be used for large scale cloning of hosts, or for individual specialization, with any degree of granularity. A single configuration file, consisting of a specialized, descriptive language is used to describe the ideal state of groups and classes of hosts on the network. The purpose of this paper takes a critical review of the success of the immunity model computer management. What are the criteria for judging a mechanism for maintenance. What aspects of system administration are not covered in this model? Can the immunity model be judged to be superior or inferior to other approaches to system management?

Mark Burgess is an associate professor at Oslo College. He is the author of several books on computer science, including "Principles of Network and System Administration" (J. Wiley & Son) to appear in April. He is also the author of cfengine. Mark's research interests span both physics and computer system. He is particularly interested work leading to a more scientific approach to system administation. More details may be found at http://www.iu.hioslo.no/~mark.