Plugins add new features to RUDDER, facilitate its integration into your IT toolchain, and add more supported Operating Systems.

Advanced use

The following plugins are available in our subscription offer.

Advanced reporting

This plugin is designed to offer a synthetic and accurate overview of the IT real state and its deviation over time. Indeed it gives you the ability to aggregate compliance data over time in order to create custom reports. They can target specific set of rules and/or groups of machines. Moreover, they can be exported as PDF reports for audit puposes for instance.


Web interface customization (logo, color)

When RUDDER is deployed on a large infrastructure, it is common to have several RUDDER servers, each managing a different environment (production/QA/dev, different sites, etc.). To facilitate the daily life of administrators, but also and especially to avoid confusion between different servers (which is all the more likely if they contain similar configurations), it is important to be able to distinguish them visually at a glance on the RUDDER interface, regardless of the open menu. The branding plugin, by adding coloured banners and a brief description to all pages, answers this simple but not negligible problem.

Full API access rights management

By default, API accounts can only be configured in "read only" or "full access" mode. This module makes it possible to define for each account an ACL (Access Control List) which specifies for this account the API accessible. For example, an account can be configured so that it only accesses the global compliance API - and only that one. In addition, this module allows each RUDDER user to generate a personal API account with the same rights as the user himself. In addition, this module allows each RUDDER user to generate a personal API account with the same rights as the user himself, thus allowing easy and auditable access to the rudder APIs.


Validation workflow (change requests)

The validation workflow makes it possible to secure changes by a second validation before going into production (regular pull requesters on Github already know the benefits of peer review). It can be configured to apply only to certain groups of machines (for example, only production servers with free access to the development platform).

Web access rights management (by type of action)

This plugin adds the ability to have one API token per RUDDER user, and precise acl support on system tokens (same type as user rights, with read/write limitation on different items). Everything is configurable from the web interface. This allows to precisely trace and log Rudder users' accesses to the configuration (including via the API), and to finely restrict the rights given to system API tokens (not linked to a user) for better security and privilege separation.

External data sources

This plugin enables the use of external data sources as node properties by automatically querying external REST APIs in order to collect business data for each node.

High availability best practices guide (main server)

This module provides all the documentary resources in order to configure the various bricks that make up RUDDER (databases, web application) in redundant operation.

Scale-out relay servers

Relay servers can meet two main needs: scalability on the one hand, and architecture segmentation on the other. Indeed, a relay server in a kind of proxy between the nodes managed by RUDDER and the main RUDDER server. Relays allow: to create bridges between different network zones; to isolate sets of nodes from each other; to prohibit direct access to the main Rudder server; and to distribute load across multiple servers in order to manage more machines from a single root server.

External authentication (LDAP, AD, Radius)

RUDDER has always had an integrated authentication system with password hash storage on the server. However, IT teams in established companies often use a directory-based user management system (AD, LDAP, etc.) to manage large numbers of users. This plugin dedicated to larger companies allows users to base their authentication on an external LDAP or RADIUS source, directly from the RUDDER web interface.


And soon:

  • Organization Based Access Control
  • High availability (relay servers)
  • Main dashboard customization



Ansible is an IT infrastructure automation tool whose Open Source version can be plugged in Rudder. Indeed, Ansible and Rudder are complementary tools since each one of them is dedicated to a different scope of IT automation. Ansible complements Rudder with orchestration and applicative deployment, as Rudder is focused on lower layer automation, compliance checking, data visualisation, and continuous reliability into configuration management. This plugin lets Rudder and Ansible communicate together in order to benefit from both IT automation approaches. One of the main benefit is to gather inventory data from Rudder in order to use them into Ansible.

ServiceNow (beta)

ServiceNow is a leading on-demand, cloud-based IT service management solution. It automates enterprise IT operations workflows and managed IT assets in its CMDB component. This module allows Rudder and the ServiceNow CMDB integration. It provides a Rudder side plugin along with ServiceNow UI Action and Scheduled Jobs which allows to automatically insert Rudder Nodes into ServiceNow CMDB when they are accepted into Rudder, and managed Rudder Change Requests from ServiceNow. Combined with the "external data" plugin, you will be able to manage rudder node properties (and so groups and rules target) from a ServiceNow centered workflow. For that, we provide an example of the "external data" configuration with ServiceNow.


Rundeck is an open source centralized job scheduler. As for the Ansible plugin, this one can link Rudder and Rundeck in order to benefit from enhanced orchestration features thanks to technical data gathered by Rudder and its agent.


Vault is a storage and secret management tool (asses words, keys, etc.). The integration plugin allows data stored in a Vault server to be used in configuration policies, avoiding storing it on the Rudder server and limiting access to the machines concerned.


Monitoring and configuration management are two key functions for maintaining an IS in operational conditions. Centreon is a commonly used open source monitoring tool. The integration plugin automatically adds the machines to Centreon as soon as they are accepted in RUDDER. In addition, configuration policies in RUDDER can include a new method that automatically associates the monitoring template of a configured application with the machine.


iTop is an Open Source CMDB published by Combodo, a French company. This module links Rudder to iTop in order to gather non-technical business data on machines and IT structure model from iTop in order to use them into Rudder to enhance nodes group creation. Conversely, Rudder can feed iTop with technical inventory data.


Zabbix is another widely used open source monitoring solution. The integration plugin operates in a similar way to the Centreon plugin.


This plugin enables RUDDER to interact with a GLPI server by regularly sending to it up-to-date node inventories processed by the RUDDER server.

Operating Systems

The following plugins are available in our subscription offer.

Windows agent

Developed in partnership with Microsoft, Rudder's agent for Windows uses DSC (Desired State Configuration), a native technology included into every Windows system since Powershell 4. It enables Windows based servers management on Server 2008R2, 2012, 2012 R2, 2016, and desktops on Windows 7, 8, 8.1 et 10. The Windows agent is as powerful as the Linux agent, since all its features are also available on Windows (except Linux-specific techniques, such as systemd services or SSH server management, of course).

AIX agent

RUDDER's AIX agent allows to manage AIX 5.3, 6.1 and 7.1. It delivers the same power of management as the Linux agent. All the features availables on Linux are also available on AIX (except Linux-specific techniques, such as systemd services, of course).

Interested in using one of them?