Drifting from the desired state
Imagine you are a chef, and you design a whole menu, which customers love and come back for, again and again. But over time, your line cooks make changes to the recipes. Some are just not paying attention, but a few of them are actively trying to ruin your dishes. You'd want to know which ones just need a chat, and which ones you should fire.
For system architects, it's a similar story. They need to know when manual changes to a system configuration they designed were made through inattention, and when they were made with malicious intent. I designed a reporting tool to help users of Puppet, the industry standard in automated configuration management, to quickly discern one type of change from another.
UNDERSTANDING THE PROBLEM
My research partner and I interviewed Puppet users with large system counts. We learned when and what kinds of manual changes worried them most.
While my engineering collaborators worked on an ingenious backend that would detect manual change, I designed a reporting prototype.
After a few rounds of testing and revisions, we focused our first release on single system (node) discovery, both current state, and over time.
The new tool lets users quickly find systems where manual change was attempted, then lets them filter systems by key attributes. To see it in action, go to minute 45:48 of the PuppetConf 2016 Keynote, where l tell a user story about it.