A common myth in the DevOps space is a lot of customers viewing infrastructure as code as something that’s only designed for small startups who are just getting their business started; however, what many don’t realize is the power and effect it has in the enterprise. On this episode of CloudUp, we’ll go through how to successfully manage your infrastructure as code and the benefits it can bring to your organization.

Meet the Speakers

Han Kim

Principal Architect

Jeremy Pries

Director of Cloud Infrastructure

Transcript

Han

I was just at a Google PSO event in New York and they have this new diagram which is a subway map so it starts with the main trunk and then it splits off into network, application, and policy but it begins with infrastructure because without that, nothing else can actually have a life right? So, the idea of not using infrastructure as code seems old school, maybe that’s the right way to put it.

Jeremy

It does, yeah, it does. Today we’re talking about infrastructure as code as a trend in DevOps. So, with infrastructure as code, a lot of customers view it as something that’s really designed for small startups who are just getting going and they don’t really see it as something that works in the enterprise. Maybe it has this sort of superhero complex that goes with it where an individual is able to develop the infrastructure as code from the ground up all the way through the app stack and it doesn’t really work in a team approach. So, they view it maybe more as a deployment script methodology.

Han

Versus what you’re thinking about you’re saying or with how you would frame it?

Jeremy

Right, versus using it as a way to actually manage your infrastructure going forward. So, instead of just deploying a particular environment and then managing it with some other config-management techniques, live the lifestyle of infrastructure as code which means every single change, you’re gonna go back to the code repo and go back to the code lifestyle and deploy it.

Han

From the infrastructure network side and all that you’re saying, like managing that in a code repo as if it were a exactly that code.

Jeremy

Yeah, for sure, for sure.

Han

So, helping to facilitate sort of like the separation of duties, who has control over each aspect of that stack really you know? Not having to superhero controlling all of it.

Jeremy

Yeah, instead of having the super hero, we have different responsibilities within the environment as well and we have more than one person on a particular team.

Han

That makes sense.

Jeremy

So, take a network person, for example, they may manage just the network portion of the environment and the rest of the team contributes at other levels.

Han

Makes sense. I was just at a Google PSO event in New York and they have this new diagram which is the subway map so it starts with the main trunk and then it splits off into network, application, and policy but it begins with infrastructure because without that, nothing else can actually have a life right? So, the idea of not using infrastructure as code seems old school, maybe that’s the right way to put it.

Jeremy

It does, yeah, it does. I think implementing infrastructure as code is a little bit of an investment upfront, the more you do it, the easier that becomes and we all have our habits to go back to you. You know, pressing buttons or maybe running command line utilities to manage an environment and it’s sort of in an ad hoc manner and not very controlled. And the other benefit we get out of infrastructure as code is we can rebuild the environment as we need to. It could be part of our DR plan, could be a part of our duplication plan like if we need numerous dev environments.

Han

For sure

Jeremy

Or, lower tiers to go along with production.

Han

I think, like, you and I differ slightly on like how different ways we think about implementing infrastructure as code cause I think you think of things in a very holistic manner, and this is kind of new, the policy as code wraps around it so you have a little more free form in terms of ability for developers to stand up their resources and I like more front end where we control lets say a self service or ticketed UI type of you know? So, we control it on the front end rather than the back end you know?

Jeremy

Yeah for sure, for sure, yeah, I mean, I think that’s maybe a next phase for infrastructure as codes so we have legacy IT that is struggling to understand how they work in a Cloud environment and so if they think in terms of policies, eventually the software stacks will get to the point when we can allow self service throughout the organization and our central IT controls is able to control the policies. It says what’s allowed and what isn’t allowed and then the users can commit code to the pipeline if it’s allowed, cool, goes through, everything fine, but if we find something like lets just say we have a policy that says no bucket should be open to the outside. Like, we could have our pipeline deny and reject that change, push it back if it violates a policy.

Han

And see my way of thinking is let’s just not let them ever do that up front you know?

Jeremy

Right, right, absolutely, and there’s a couple different ways to implement that right? We know the policy as code software is getting better. It’s kind of emerging.

Han

Yeah, I think that all the Cloud providers now are starting to dive into that CICD, cloud controls because I think that we’re seeing that the initial move to the Cloud seemed easy, but then the management and the operations were more and more difficult with controlling costs, controlling access to resources you know? It gets out of control really quickly if it’s not set up properly in the beginning.

Jeremy

Yeah, yeah, for sure. Access control can be all over the place so that’s actually the easiest spot to get started with infrastructure as code is simply provisioning things like projects and IM roles and managing who has access to what. It’s very easy to manage now with something like Terraform and live the lifestyle, manage it every day. You need to give someone access to something, go ahead and add in new code, commit that, and it’ll push right into your environment. It’s an easy way to get started.

Han

Do you think that besides Terraform, what other tool sets have we been seeing that customers kinda migrate to? Cause I think the challenge is old school IT on prem as they move into cloud, have a difficult time releasing the tools, methodology, and processes of like managing the pet based approach to infrastructure into this new kinda ephemeral, scalable, open ended kind of infrastructure universe. What other tool sets do you see that would easily port over from on prem into lets say the Cloud world versus the ones that don’t really work as well?

Jeremy

Yeah, I mean, good question. Terraform’s definitely the strongest tool set in terms of infrastructure as code and we see a lot of skill sets out there in config management products like say, Ansible for example. There’s no reason you couldn’t bring those tool sets into Cloud and maybe even have a mix right? Like everything isn’t ephemeral in Cloud right?

Han

For sure.

Jeremy

You have stuff like databases and other things that just aren’t gonna go away. We need a pre-exist something along the way and maybe those are good tools sets to mix in. We’ve also found that cross training to learn, if you know Ansible, the config language is all totally different but the mindset isn’t that far off.

Han

Yeah, right, well, I think as long as it’s more declarative and allows us to kinda track state, I think a lot of tool sets will fit the bill and there’s plenty coming up now that are web based I think as well that will lend to that same model, declarative model of infrastructure network and policy.

Jeremy

You know, there’s numerous different dev ops roles and I think understanding micro services architecture is a really important role to have so, if you have performance problems are a great example where it’s tough to diagnose what’s going on without understanding the apps and how they talk to each other and what their dependencies are, that’s an example of definitely where you need quite a bit of dev skills to be able to troubleshoot that.

Han

Where do you think server lists and things that are kinda moving a little more into the future, where do you think that plays in in terms of infrastructure as code or in infrastructure kind of concepts?

Jeremy

Sure, yeah, I mean it kind of is, we need to use infrastructure as code to set up the plumbing in order for the pipelines to be deployed right? So, we don’t manage as much stuff with infrastructure as code, but it still needs to exist in order for things to work so it still is relevant in that space for sure.

Han

Well, do you think that like in terms of a policy as code, or maybe even infrastructure in general as code lets organizations control like costs more so? Cause I know the primary or chief complaint is that it’s easy to look through shift VM’s over but then there’s no inherent process or model to manage or see or it be visible to how much things will cost. How do we manage that better with infrastructure as code?

Jeremy

Yeah, I mean good question. So, we know very well what we’re provisioning with infrastructure as code. Some wild cards there like Egress for example, wouldn’t be really controlled with infrastructure as code but we’re able to see that in the config right? We know HashiCorp just released the capability and enterprise to give you a price and to set a policy based on that price so we could maybe follow a separate work flow if something costs more than it’s allowed. So, we can set some policies around what they cost. Totally emerging space there, I mean, in general infrastructure as code helps us to understand what we’re deploying so that we could maybe make a quick calculator around what it costs.

Han

So, like, we’re starting to see how policy and how you see infrastructure as code can then distill down to the management modality or the business level management of Cloud.

Jeremy

Yeah, yeah, agreed.

Jeremy

Thanks for watching this episode of Cloud Up.

Han

Leave your comments and questions below and win some Agosto swag.

Jeremy

Thanks and see you next time.