Infrastructure As Code
Development and coding move closer to Operations. ClickOps in portals is no longer efficient or smart.
The Secure Way To Build Cloud Infrastructure With Code
Yes, I know I may have written a little crazy on LinkedIn. But that's not what I meant. Sorry !!But with today's technology, the old ways of working will soon be dead. Everything is moving towards more and more development, those who are not willing to change, will have to find other professions.
In this article, I want to give you an overview of what IaC is, how you can apply it, the pros and cons, and what you should consider before jumping on the bandwagon….
2. We document the infrastructure in Terrarform, Bicep, Pulumi etc. We create the infrastructure in the cloud using code and version manage the code in Git or Azure DevOps
3. The code then builds the infrastructure you specified in private or public clouds such as Microsoft Azure, AWS, Google GCP, etc.
The Driving Force of Evolution
The development of the wheel has changed human society forever. As a result of the wheel's progress, we now need less time to travel. With the reduction of manual efforts, we can focus on other important activities. As innovation continued and more machines were invented, the need for management and control increased over time.
Machines have been given tasks that were uncertain, repetitive and non-strategic, while humans focused on strategic tasks. The need for data and analyzes increased to better manage the machines. We invented servers, storage systems and other hardware to increase speed, reduce manual errors as we continued our analysis.
But with these advances came the need for more manual handling. Manual processes in the data center were laborious, time-consuming and also error-prone. People used to fill out forms manually and get them approved by their managers. Then they had to go to each administrator to show the list of resources they needed
After a while they were told that they have to wait for days/weeks before they can get access to some of the things that they were in need of. This has continued for decades. The speed of the market was affected and things became chaotic as the organizations grew rapidly. Furthermore, it was not self-sustaining because the IT administrators could not work on the more important initiatives.
Public clouds such as Amazon Web Services, Microsoft Azure, Google Cloud Platform can alleviate much of the pain in this regard. However, the problem of hardware management remains, especially for sensitive data in your data centers despite being reduced.
Welcome to Infrastructure as Code (IaC)! Before we get into the benefits and challenges, I'll try to explain what IaC is and means.
What is IAC or Infrastructure as Code?
IaC is the process of managing and provisioning data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.
This is a Wikipedia-based definition. In simple words, IaC is the process of replacing manual effort required for IT resource management and provisioning through simple lines of code.
Now there are two types of IaC methods: declarative and imperative. In the declarative approach, you explain what the desired end state should be and the system ensures that you get the desired result. The imperative approach means that you define each step of the process explicitly to achieve the desired result.
What are the benefits of IaC?
Let's take a closer look at what IaC brings to your organization:
- Faster deliveries and consistent:
The goal of IaC is to do things faster by eliminating manual processes and eliminating slack in the process. A code-based approach makes it easier to get more done in less time. You don't have to wait for the IT administrator to manually complete the task before he can start the next task. It also means you can iterate quickly and more often. Consistent, is another important benefit of IaC. You don't have to worry about tasks not being completed because it's the weekend or because your administrator is focused on something else. You can also implement changes globally while keeping the same version of the software etc. - Efficient Software Development Lifecycle:
IaC moves the power into the hands of the developer. As infrastructure provisioning becomes more reliable and consistent, developers can begin to focus more on application development. They can also script once and use that code multiple times, saving time and effort while maintaining complete control. - Reduced Administration Cost:
In a data center world, there was a need to have administrators to control and manage storage, networking, compute, and other layers of hardware and middleware. IaC eliminates the need for these different roles. Administrators can now focus on identifying the next exciting technology they want to implement.
What are the challenges for IaC?
Every coin has two sides. While IaC adds a lot of value to the IT environment, there are some challenges that cannot be overlooked. Remember to account for your unique IT situations that may make the following more or less relevant (such as organization size, state, and your technology transfer lifecycle).
- Coding Language Dependency:
As I said earlier, the power is shifting to developers more. Similarly, since IaC is more code dependent, you need to be good at coding. The learning curve for this can be steeper if you don't have a dev bench ready. Some of the languages ​​used for IaC are JSON, Bicep(ARM), HashiCorp Configuration Languages ​​(HCL), YAML, Ruby, etc. The lack of these competencies can inhibit your IaC potential. Is your strategy to move away from development and make things serverless? Consider the strategic direction you are taking before jumping into IaC. Perhaps IaC is an intermediate step that you can avoid taking if your end goal is different. - Security assessment processes:
Your legacy security tools and processes may not be sufficient for the new world of IaC. You may need to manually check whether the created resources are working and being used by the correct applications. While manual verification is a trust-building step, getting your legacy security tools set up for IaC can take many iterations. Also, keep in mind that IaC is more dynamic than your existing provisioning and management processes. It can be used optimally or abused even faster. Therefore, you may need to take extra steps to ensure that you create IaC-Governance for complete governance. - IaC monitoring can be challenging:
To continue on the point above, you may need additional tools to track who is provisioning what, where, how often and at what cost. It can be difficult to track usage / capacity with your old monitoring tools, e.g. spreadsheet. Additionally, if you are a global company, you may need to consider implementing better monitoring tools.
Final words
As you can see, there are pros and cons to IaC. But I choose to see the benefits. I myself have worked a lot with Terraform and HCL together with Azure DevOps and find it relatively easy to get started with.
If you work with infrastructure regardless of supplier or in a hybrid format, Terraform is unbeatable.
If you work completely Microsoft-based and only cloud, then perhaps Bicep simplifies everyday life for operations personnel and developers who want to create resources in the cloud.
What I really like about IaC is that it's fast, it's consistent, and it's repeatable. All servers, networks, storage, policies, tags, etc. is set up the same for everyone and it can be automated in a simple way.