Managing IT Complexity through Infrastructure as Code (IaC)
(Note: This blog is an excerpt from Tom Petrocelli’s current report: Infrastructure as Code: Managing Hybrid Infrastructure at Scale)
Key Stakeholders: CIO, Sysops, System Admins, Network Admins, Storage Admins, IT Operations Managers
Why It Matters: New software architectures continue to add complexity to it infrastructure management. At the same time, organizations expect IT to deploy applications faster. New tools are needed for IT operations to perform in this environment.
Top Takeaways: Infrastructure as Code, or IaC, offers a path to faster and less error prone management of new software infrastructure at enterprise scale. IaC abstracts the myriad of ways IT professionals interact with systems into a simple, plain text, code file.
Infrastructure as Code
Today, IT is continuing to virtualize infrastructure even more with container clusters. Containers often fulfill the same role as a server, even though they do not require an entire stack including an operating system. Like a server, they are a unit of computing that houses services that comprise an application. Unlike a server, containers often contain a single purpose service called a microservice. Microservices architectures lead to a large number of containers, within virtual servers, running on physical or cloud servers. For large enterprises, this new model expands the number of virtual, physical, and cloud devices under management, adding complexity to the infrastructure.
Managing tens of thousands of heterogeneous nodes, where only a few thousand, fairly homogeneous ones existed before, represents a massive challenge to IT. This is further compounded by the presence of (often more than one) cloud services alongside on-premises servers. To add to the challenge, new development methodologies have increased pace of modern software development which constantly alters the IT infrastructure.
To cope with this greatly enlarged management burden, IT managers and professionals are increasingly turning to Infrastructure as Code (IaC). IaC is part management technique and part toolset. The philosophy behind IaC is to write code that defines the desired state of the infrastructure. While this could be carried out using shell scripts or homegrown programs, increasingly IT practitioners are turning to purpose-built tools that allow for infrastructure to be defined as a program (i.e. code) and then executed by automation servers, often with the help of local commands and agents on the physical and virtual servers or service calls of cloud services.
Key Infrastructure as Code Functions and Challenges
While provisioning, configuration, and code deployment may be the most common functions of IaC, it is hardly limited to such a small set of capabilities. IaC can accomplish most of what sysops, network administrators, and other IT operations professionals have to do by hand, via shell scripts, or through management consoles through the following capabilities.
While there are some clear advantages to DevOps, there are also some issues with the approach. Some of the problems are technical but many are social or managerial. A mixture of IT silo politics and skill deficits may lead to a toxic DevOps team environment that no amount of technology can overcome. However, problems associated with IaC itself are relatively straightforward and can be managed with training, support, and planning. Some of the standout issues for IaC include:
Key IaC Vendors
There are a number of vendors offering products in the IaC space. While they all offer the basic functions of provisioning, updating, and configuration, many have a number of other features as well. No product offers the full list of these features, so it is important to choose a vendor based on the automation priorities of the organization.
As enterprise IT infrastructure has evolved from a simple, single mainframe to the highly distributed, hybrid cloud, multi-cloud, microservices architecture, managing a datacenter has become terribly complex. Along the way, the tools available to sysops and admins have likewise evolved into entire management platforms, the so-called single pane of glass.