Infrastructure as code

Last updated

Infrastructure as code (IaC) is the process of managing and provisioning computer data center resources through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. [1] The IT infrastructure managed by this process comprises both physical equipment, such as bare-metal servers, as well as virtual machines, and associated configuration resources. The definitions may be in a version control system, rather than maintaining the code through manual processes. The code in the definition files may use either scripts or declarative definitions, but IaC more often employs declarative approaches.

Contents

Overview

IaC grew as a response to the difficulty posed by utility computing and second-generation web frameworks. In 2006, the launch of Amazon Web ServicesElastic Compute Cloud and the 1.0 version of Ruby on Rails just months before [2] created widespread scaling difficulties in the enterprise that were previously experienced only at large, multi-national companies. [3] With new tools emerging to handle this ever-growing field, the idea of IaC was born. The thought of modeling infrastructure with code, and then having the ability to design, implement, and deploy application infrastructure with known software best practices appealed to both software developers and IT infrastructure administrators. The ability to treat infrastructure as code and use the same tools as any other software project would allow developers to rapidly deploy applications. [4]

Advantages

The value of IaC can be broken down into three measurable categories: cost, speed, and risk.[ citation needed ] Cost reduction aims at helping not only the enterprise financially, but also in terms of people and effort, meaning that by removing the manual component, people are able to refocus their efforts on other enterprise tasks.[ citation needed ] Infrastructure automation enables speed through faster execution when configuring your infrastructure and aims at providing visibility to help other teams across the enterprise work quickly and more efficiently. Automation removes the risk associated with human error, like manual misconfiguration; removing this can decrease downtime and increase reliability. These outcomes and attributes help the enterprise move towards implementing a culture of DevOps, the combined working of development and operations. [5]

Types of approaches

There are generally two approaches to IaC: declarative (functional) vs. imperative (procedural). The difference between the declarative and the imperative approach is essentially 'what' versus 'how' . The declarative approach focuses on what the eventual target configuration should be; the imperative focuses on how the infrastructure is to be changed to meet this. [6] The declarative approach defines the desired state and the system executes what needs to happen to achieve that desired state. Imperative defines specific commands that need to be executed in the appropriate order to end with the desired conclusion. [7]

Methods

Infrastructure as Code (IaC) allows you to manage servers and their configurations using code. There are two ways to send these configurations to servers: the 'push' and 'pull' methods. In the 'push' method, the system controlling the configuration directly sends instructions to the server. In the 'pull' method, the server retrieves its own instructions from the controlling system. [8]

Tools

There are many tools that fulfill infrastructure automation capabilities and use IaC. Broadly speaking, any framework or tool that performs changes or configures infrastructure declaratively or imperatively based on a programmatic approach can be considered IaC. [9] Traditionally, server (lifecycle) automation and configuration management tools were used to accomplish IaC. Now enterprises are also using continuous configuration automation tools or stand-alone IaC frameworks, such as Microsoft’s PowerShell DSC [10] or AWS CloudFormation. [11]

Continuous configuration automation

All continuous configuration automation (CCA) tools can be thought of as an extension of traditional IaC frameworks. They leverage IaC to change, configure, and automate infrastructure, and they also provide visibility, efficiency and flexibility in how infrastructure is managed. [3] These additional attributes provide enterprise-level security and compliance.

Community content

Community content is a key determinant of the quality of an open source CCA tool. As Gartner states, the value of CCA tools is "as dependent on user-community-contributed content and support as it is on the commercial maturity and performance of the automation tooling". [3] Established vendors such as Puppet and Chef have created their own communities. Chef has Chef Community Repository and Puppet has PuppetForge. [12] Other vendors rely on adjacent communities and leverage other IaC frameworks such as PowerShell DSC. [10] New vendors are emerging that are not content-driven, but model-driven with the intelligence in the product to deliver content. These visual, object-oriented systems work well for developers, but they are especially useful to production-oriented DevOps and operations constituents that value models versus scripting for content. As the field continues to develop and change, the community-based content will become ever more important to how IaC tools are used, unless they are model-driven and object-oriented.

Notable CCA tools include:

ToolReleased byMethodApproachWritten inComments
CFEngine Northern.tech (1993)PullDeclarative C -
Puppet Puppet (2005)Push and PullDeclarative and imperative C++ & Clojure since 4.0, Ruby -
Chef Chef (2009)PullDeclarative and imperative Ruby -
SaltStack SaltStack (2011)Push and PullDeclarative and imperative Python -
Ansible / Ansible Tower Red Hat (2012)Push and PullDeclarative and imperative Python -
Terraform HashiCorp (2014)PushDeclarative and imperative Go -
Otter Inedo (2015)PushDeclarative and imperative-Windows-oriented
Pulumi Pulumi (2018)PushDeclarative and imperative Go

Other tools include AWS CloudFormation, cdist, StackStorm, Juju, and Step CI.

Relationships

Relationship to DevOps

IaC can be a key attribute of enabling best practices in DevOps. Developers become more involved in defining configuration and Ops teams get involved earlier in the development process. [13] Tools that utilize IaC bring visibility to the state and configuration of servers and ultimately provide the visibility to users within the enterprise, aiming to bring teams together to maximize their efforts. [14] Automation in general aims to take the confusion and error-prone aspect of manual processes and make it more efficient, and productive. Allowing for better software and applications to be created with flexibility, less downtime, and an overall cost-effective way for the company. IaC is intended to reduce the complexity that kills efficiency out of manual configuration. Automation and collaboration are considered central points in DevOps; infrastructure automation tools are often included as components of a DevOps toolchain. [15]

Relationship to security

The 2020 Cloud Threat Report released by Unit 42 (the threat intelligence unit of cybersecurity provider Palo Alto Networks) identified around 200,000 potential vulnerabilities in infrastructure as code templates. [16]

See also

Related Research Articles

<span class="mw-page-title-main">Otter (software)</span>

Otter is an infrastructure automation tool that runs under Microsoft Windows, designed by the software company Inedo. Otter utilizes Infrastructure as Code to model infrastructure and configuration.

Build automation is the practice of building software systems in a relatively unattended fashion. The build is configured to run with minimized or no software developer interaction and without using a developer's personal computer. Build automation encompasses the act of configuring the build system as well the resulting system itself.


This is a comparison of notable free and open-source configuration management software, suitable for tasks like server configuration, orchestration and infrastructure as code typically performed by a system administrator.

Azure DevOps Server, formerly known as Team Foundation Server (TFS) and Visual Studio Team System (VSTS), is a Microsoft product that provides version control, reporting, requirements management, project management, automated builds, testing and release management capabilities. It covers the entire application lifecycle and enables DevOps capabilities. Azure DevOps can be used as a back-end to numerous integrated development environments (IDEs) but is tailored for Microsoft Visual Studio and Eclipse on all platforms.

<span class="mw-page-title-main">Puppet (software)</span> Open source configuration management software

Puppet is a software configuration management tool developed by Puppet Inc. Puppet is used to manage stages of the IT infrastructure lifecycle.

AnthillPro is a software tool originally developed and released as one of the first continuous integration servers. AnthillPro automates the process of building code into software projects and testing it to verify that project quality has been maintained. Software developers are able to identify bugs and errors earlier by using AnthillPro to track, collate, and test changes in real time to a collectively maintained body of computer code.

Progress Chef is a configuration management tool written in Ruby and Erlang. It uses a pure-Ruby, domain-specific language (DSL) for writing system configuration "recipes". Chef is used to streamline the task of configuring and maintaining a company's servers, and can integrate with cloud-based platforms such as Amazon EC2, Google Cloud Platform, Oracle Cloud, OpenStack, IBM Cloud, Microsoft Azure, and Rackspace to automatically provision and configure new machines. Chef contains solutions for both small and large scale systems.

<span class="mw-page-title-main">Release management</span> Process of software building

Release management is the process of managing, planning, scheduling and controlling a software build through different stages and environments; it includes testing and deploying software releases.

DevOps is a methodology in the software development and IT industry. Used as a set of practices and tools, DevOps integrates and automates the work of software development (Dev) and IT operations (Ops) as a means for improving and shortening the systems development life cycle. DevOps is complementary to agile software development; several DevOps aspects came from the agile way of working.

HP Business Service Automation was a collection of software products for data center automation from the HP Software Division of Hewlett-Packard Company. The products could help Information Technology departments create a common, enterprise-wide view of each business service; enable the automation of change and compliance across all devices that make up a business service; connect IT processes and coordinate teams via common workflows; and integrate with monitoring and ticketing tools to form a complete, integrated business service management solution. HP now provides many of these capabilities as part of HP Business Service Management software and solutions.

Continuous delivery (CD) is a software engineering approach in which teams produce software in short cycles, ensuring that the software can be reliably released at any time. It aims at building, testing, and releasing software with greater speed and frequency. The approach helps reduce the cost, time, and risk of delivering changes by allowing for more incremental updates to applications in production. A straightforward and repeatable deployment process is important for continuous delivery.

<span class="mw-page-title-main">Jesse Robbins</span> American entrepreneur

Jesse Robbins is an American technology entrepreneur, investor, and firefighter notable for his pioneering work in Cloud computing, role in creating DevOps/Chaos Engineering, and efforts to improve emergency management.

Application-release automation (ARA) refers to the process of packaging and deploying an application or update of an application from development, across various environments, and ultimately to production. ARA solutions must combine the capabilities of deployment automation, environment management and modeling, and release coordination.

Cloud management is the management of cloud computing products and services.

<span class="mw-page-title-main">BuildMaster</span>

BuildMaster is an application release automation tool, designed by the software development team Inedo. It combines build management and ARA capabilities to manage and automate processes primarily related to continuous integration, database change scripts, and production deployments, overall releasing applications reliably. The tool is browser-based and able to be used "out-of-the-box". Its feature set and scope puts it in line with the DevOps movement, and is marketed as "more than a release automatigs together the people, processes, and practices that allow teams to deliver software rapidly, reliably, and responsibly.” It's a tool that embodies incremental DevOps adoption.

<span class="mw-page-title-main">Inedo</span>

Inedo is a software product company with headquarters in Berea, Ohio. It makes Enterprise DevOps tools, namely BuildMaster, ProGet, and Otter. Inedo also publishes software-related products, including Release! the Game, Programming Languages ABC++, Code Offsets, and The Daily WTF.

<span class="mw-page-title-main">DevOps toolchain</span> DevOps toolchain release package.

A DevOps toolchain is a set or combination of tools that aid in the delivery, development, and management of software applications throughout the systems development life cycle, as coordinated by an organisation that uses DevOps practices.

Continuous configuration automation (CCA) is the methodology or process of automating the deployment and configuration of settings and software for both physical and virtual data center equipment.

Terraform is an infrastructure-as-code software tool created by HashiCorp. Users define and provide data center infrastructure using a declarative configuration language known as HashiCorp Configuration Language (HCL), or optionally JSON.

<span class="mw-page-title-main">ModelOps</span>

ModelOps, as defined by Gartner, "is focused primarily on the governance and lifecycle management of a wide range of operationalized artificial intelligence (AI) and decision models, including machine learning, knowledge graphs, rules, optimization, linguistic and agent-based models". "ModelOps lies at the heart of any enterprise AI strategy". It orchestrates the model lifecycles of all models in production across the entire enterprise, from putting a model into production, then evaluating and updating the resulting application according to a set of governance rules, including both technical and business key performance indicators (KPI's). It grants business domain experts the capability to evaluate AI models in production, independent of data scientists.

References

  1. Wittig, Andreas; Wittig, Michael (2016). Amazon Web Services in Action. Manning Press. p. 93. ISBN   978-1-61729-288-0.
  2. Bower, Joseph L.; Christensen, Clayton M. "Disruptive Technologies: Catching the Wave". Harvard Business Review .
  3. 1 2 3 Fletcher, Colin; Cosgrove, Terrence (26 August 2015). Innovation Insight for Continuous Configuration Automation Tools. Gartner (Report).[ dead link ]
  4. Riley, Chris (12 November 2015). "Version Your Infrastructure". DevOps.com.
  5. Phillips, Andrew (14 May 2015). "Moving from Infrastructure Automation to True DevOps". DevOps.com.
  6. "Declarative v. Imperative Models for Configuration Management: Which Is Really Better?". Scriptrock.com. Archived from the original on 31 March 2015. Retrieved 14 December 2015.
  7. Loschwitz, Martin (14 November 2014). "Choosing between the leading open source configuration managers". Admin Network & Security. Lawrence, KS USA: Linux New Media USA LLC.
  8. Venezia, Paul (21 November 2013). "Puppet vs. Chef vs. Ansible vs. Salt". Network World . Network World. Archived from the original on 18 July 2018. Retrieved 14 December 2015.
  9. Garner Market Trends: DevOps – Not a Market, but Tool-Centric Philosophy That supports a Continuous Delivery Value Chain (Report). Gartner. 18 February 2015.
  10. 1 2 Chaganti, Ravikanth (5 January 2016). "DevOps, Infrastructure as Code, and PowerShell DSC: The Introduction". PowerShell Magazine. PowerShell Magazine. Retrieved 11 January 2016.
  11. "Introducing AWS CloudFormation".
  12. Sturgeon, Phil (28 October 2012). "Puppet or Chef?". Archived from the original on 1 February 2016. Retrieved 29 January 2016.
  13. Ramos, Martin (4 November 2015). "Continuous Integration: Infrastructure as Code in DevOps". easydynamics.com. Archived from the original on 6 February 2016. Retrieved 29 January 2016.
  14. Infrastructure As Code: Fueling the Fire for Faster Application Delivery (Report). Forrester. March 2015.
  15. Wurster, Laurie F.; Colville, Ronni J.; Height, Cameron; Tripathi, Somendra; Rastogi, Aditi. Emerging Technology Analysis: DevOps a Culture Shift, Not a Technology (Report). Gartner.
  16. "Cloud Threat Report Shows Need for Consistent DevSecOps". InformationWeek. 13 February 2020. Retrieved 24 February 2020.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.