Is your business diving into the Cloud after being on-prem? Cloud capabilities and platform services have the scale and functionality you need. At first glance, it may seem like a straightforward migration.
The same patterns that served the on-prem world seem to hold true within the Cloud. The virtualization of on-prem servers seems to mean that VM’s and Kubernetes clusters should be provisioned and maintained through some simple scripting and point-and-click management consoles.
This assumption is dangerous, however. If there is a demand for scale that your current on-prem can’t deliver. Cloud is the way to go.
Pets vs. Cattle: Achieving a Different Management Modality
A core component of cloud computing is the API structures built to allow management of Cloud resources with code, also known as infrastructure as code or IaC. With API-driven resource provisioning, Infrastructure as Code (IaC) changes the game and allows for both cost controls and scale through the use of automation to provision and manage your cloud infrastructure.
Traditional On-Prem: Pet Mentality
Traditionally, on-prem data centers relied on a “pet” mentality (like baby Yoda there) for resource management. Upgrades, patches, and configs were applied in place to resources such as virtual machines or bare metal. Each resource is persistent, tended over time to continue functioning and evolving, resulting in the moniker of “pet”.
The Cloud: The Infrastructure as Code (IaC) Cattle Mentality
In the Cloud, Infrastructure as Code (IaC) allows for a new paradigm known as the “cattle” mentality. Each resource is replaceable, not something to be kept and tended forever, allowing for a different management modality.
Stop Tending Existing Resources. Stand Up New Ones Instead.
Cloud infrastructure can be stood up with code, allowing resources to be ephemeral or temporary. Instead of tending existing resources, replace them by standing up newer versions.
Example of ephemeral replacement of compute within the Cloud using immutable images and automation
You’re no longer tied to legacy actions that provisioned resources as pets a long time ago. In some cases, pets have zero documentation describing those who initially provisioned them. With a cattle mentality, we understand what was done, by whom, and when. The process is implemented by automation tied to a code repository where all the Infrastructure as Code (IaC) change requests come from.
Immutable and ephemeral models allow you to take one or more copies of the proposed new image and test it without deployment. You can know that what you’re testing is immutable. There are zero unknowns or configuration drifts between what’s tested and what’s deployed.
Gain Critical Organizational Feedback With Complex Deployment
Using Infrastructure as Code (IaC), complex deployment models such as canary deployment can test changes with fractional traffic. As a result, developers can push new features out into production, have real users test them and receive feedback about the changes.
This feedback is critical for deciding if the new features should be permanent or if further work is required. Any unknown bugs or user errors will surface, allowing you to mitigate without risking your entire user or code base.
Example: Canary Deployment Model
Canary deployments begin the process of integrating the organization into the DevOps mindset. Customer support relays feedback to the developers who create and deploy new features. As a result, a feedback loop works to improve the product iteratively. The canary model enables you to give users what they want, quickly, since deployments increase in frequency.
Example of a canary deployment model
The Differences Between Traditional DevOps & Organizational DevOps
Traditional DevOps and organizational DevOps are self-reinforcing cycles. They use the outputs of the preceding department as input. Merging the business processes with IT DevOps processes improves software development.
IT versus Organizational-level DevOps
Example: Disaster Recovery
By managing your infrastructure with code, tasks such as disaster recovery (DR) become easier to complete. DR strategies vary between cold, warm and hot, depending on specific goals wrapped around recovery time objectives (RTO) and recovery point objectives (RPO).
Even with a cold DR plan, Infrastructure as Code (IaC) allows you to reconstruct environments in another region to restore normal operations through automation, backups and platform services. Reduced recovery time is the final result. The more complex the infrastructure and application, the more IaC increases in value during a DR scenario.
High-level Cloud-based DR process
Infrastructure as Code (IaC) allows you to test your disaster recovery plan by deploying your infrastructure and applications to see if automation succeeds or fails. You may not route production traffic to the test site, but you’ll see if your recovery is successful.
IaC’s Many Capabilities Are Critical to Supporting Scale
Infrastructure as Code (IaC) is powerful. It enables multiple capabilities critical to supporting scale, including:
- A team-based approach: All code is stored in a common repository with proper access levels and auditability. Automation via pipelines allows for less manual work, so teams can eliminate the time it takes to care for “pets”.
- Auditability: See what’s done, when it was completed and who did it. No one is manually provisioning resources. Instead, every request is logged allowing for granular auditability.
- Automation: Automation is the key to reducing manual overhead and approaching the Cloud strategically. When set up, consumers can utilize built automation in a self-service model, including Secpol which increases the security of every request via PaC (policy as code). Each request for resources is automatically tied to the proper cost centers for visibility and budgeting, keeping resource usage under control.
- Consistency: Automation ensures consistency through repeatability.
- Policy enforcement: Secpol enforcement begins before changes are made by integrating PaC. Through this method, you can determine if requests for resources follow compliance and security standards.
- Automated testing: Testing within automation is critical to reducing deployment issues, vulnerabilities and dependencies. It also adds another layer of quality assurance without manual processes.
- Sophisticated deployment: Enabled by IaC and automation, periodic deployment allows you to continuously lower risk per deployment as changes are incremental.
- Organizational DevOps: It’s easy to bring production user feedback into your development cycle by using sophisticated deployment processes such as canary. Plus, you can integrate DevOps into your organization beyond IT.
- Cost control: When resources are provisioned in the right place, costs stay at the proper level. Resources previously requested are auditable, allowing a clear tie back to the individual requesting the resource.
Get Started Today With an Agosto Project Factory
Discover the capabilities of IaC with an Agosto Project Factory, the tooling needed to begin managing your core infrastructure. To learn more about our Project Factory or to get started today, give us a call at 612-430-6316 or send us a message.