Line 34: |
Line 34: |
| <tr> | | <tr> |
| <th>Latest version</th> | | <th>Latest version</th> |
− | <td>February 13, 2020</td> | + | <td>February 18, 2020</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
Line 57: |
Line 57: |
| <p>Infrastructure as Code represents the point where both automation and virtualization come together. Based on the practices of software development, it emphasizes consistent, repeatable routines for provisioning and changing systems and their configuration.</p> | | <p>Infrastructure as Code represents the point where both automation and virtualization come together. Based on the practices of software development, it emphasizes consistent, repeatable routines for provisioning and changing systems and their configuration.</p> |
| | | |
− | <p class="highlighted mw-collapsible-content">IaC evolved to solve this problem in the release pipeline where files are changed under source control. The IaC concept is like programming scripts, which are used to automate IT processes. However, scripts are primarily used to automate a series of static steps that must be repeated numerous times across multiple servers<ref>Cardinal, G. (2017, January 24). GCFM Planning, budgeting and forecasting Prototype.<i> [http://ppx.ca/wp-content/uploads/2016/09/GCFM-Solution-BPC-PPX-Jan-2017.pdf Cardinal, G.].</i> Retrieved from ppx.ca</ref>. IaC uses higher-level or descriptive language to code more versatile and adaptive provisioning and deployment processes<ref>Chan, M. (2018, April 3). 15 Infrastructure as Code tools you can use to automate your deployments.<i> [https://www.thorntech.com/2018/04/15-infrastructure-as-code-tools/ Chan, M.].</i> Retrieved from thorntech.com</ref>.</p> | + | <p class="highlighted mw-collapsible-content">IaC evolved to solve this problem in the release pipeline where files are changed under source control. The IaC concept is like programming scripts, which are used to automate IT processes. However, scripts are primarily used to automate a series of static steps that must be repeated numerous times across multiple servers.<ref>Cardinal, G. (2017, January 24). GCFM Planning, budgeting and forecasting Prototype.<i> [http://ppx.ca/wp-content/uploads/2016/09/GCFM-Solution-BPC-PPX-Jan-2017.pdf Cardinal, G.].</i> Retrieved from ppx.ca</ref> IaC uses higher-level or descriptive language to code more versatile and adaptive provisioning and deployment processes.<ref>Chan, M. (2018, April 3). 15 Infrastructure as Code tools you can use to automate your deployments.<i> [https://www.thorntech.com/2018/04/15-infrastructure-as-code-tools/ Chan, M.].</i> Retrieved from thorntech.com</ref></p> |
| | | |
| | | |
Line 157: |
Line 157: |
| <p>Being able to return to the previous versions of the same environment will prove to be useful in maintenance, as the exact version of an environment can be redeployed and configured in the same manner without manual work.</p> | | <p>Being able to return to the previous versions of the same environment will prove to be useful in maintenance, as the exact version of an environment can be redeployed and configured in the same manner without manual work.</p> |
| | | |
− | <p class="highlighted mw-collapsible-content">Shared Services Canada (SSC) has created a Github workspace for Microsoft AZURE Tools and templates to accelerate GC service delivery, deployments, and to be reused and improved upon via a whole of Government approach<ref>Continuous testing. (2019, December 12). <i> [https://en.wikipedia.org/wiki/Continuous_testing Continuous testing]</i> Retrieved from Continuous testing</ref>. The objective is to accelerate service delivery and compliance through the use of automation and tools that will enable departments to deploy secure cloud-based environments aligned with GC policies and standards<ref>Cowles, L. (2019, July 1). How to use infrastructure as code. <i> [https://opensource.com/article/19/7/infrastructure-code opensource]</i> Retrieved from opensource.com</ref>.</p> | + | <p class="highlighted mw-collapsible-content">Shared Services Canada (SSC) has created a Github workspace for Microsoft AZURE Tools and templates to accelerate GC service delivery, deployments, and to be reused and improved upon via a whole of Government approach.<ref>Continuous testing. (2019, December 12). <i> [https://en.wikipedia.org/wiki/Continuous_testing Continuous testing]</i> Retrieved from Continuous testing</ref> The objective is to accelerate service delivery and compliance through the use of automation and tools that will enable departments to deploy secure cloud-based environments aligned with GC policies and standards.<ref>Cowles, L. (2019, July 1). How to use infrastructure as code. <i> [https://opensource.com/article/19/7/infrastructure-code opensource]</i> Retrieved from opensource.com</ref></p> |
| | | |
| <h2>Implications for Government Agencies</h2> | | <h2>Implications for Government Agencies</h2> |
Line 169: |
Line 169: |
| <h4>Speed and Simplicity</h4> | | <h4>Speed and Simplicity</h4> |
| | | |
− | <p>One thing that professionals like about IaC is the portability. If hardware systems are provisioned as code, it is easier to move that code or deploy it in different environments<ref>Dadgar, A. (2018, August 20). Infrastructure as Code: What Is It? Why Is It Important? <i> [https://www.hashicorp.com/resources/what-is-infrastructure-as-code hashicorp].</i> Retrieved from hashicorp.com/</ref>. Just run the IaC script and the infrastructure environment is up and running, ready to test environment and configuration changes. IaC can spin up an entire infrastructure architecture by running a script. Not only can virtual servers be deployed, but pre-configured databases, network infrastructure, storage systems, load balancers, and any other cloud service can be launched via scripts. This can be done quickly and easily for development, staging, and production environments, which can make the software development process much more efficient.</p><p class="highlighted mw-collapsible-content"> Additionally, standard infrastructure environments in other regions where the cloud provider operates can be used for backup and Disaster Recovery, all by writing and running code.</p> | + | <p>One thing that professionals like about IaC is the portability. If hardware systems are provisioned as code, it is easier to move that code or deploy it in different environments.<ref>Dadgar, A. (2018, August 20). Infrastructure as Code: What Is It? Why Is It Important? <i> [https://www.hashicorp.com/resources/what-is-infrastructure-as-code hashicorp].</i> Retrieved from hashicorp.com/</ref> Just run the IaC script and the infrastructure environment is up and running, ready to test environment and configuration changes. IaC can spin up an entire infrastructure architecture by running a script. Not only can virtual servers be deployed, but pre-configured databases, network infrastructure, storage systems, load balancers, and any other cloud service can be launched via scripts. This can be done quickly and easily for development, staging, and production environments, which can make the software development process much more efficient.</p><p class="highlighted mw-collapsible-content"> Additionally, standard infrastructure environments in other regions where the cloud provider operates can be used for backup and Disaster Recovery, all by writing and running code.</p> |
| | | |
| <h4>Configuration Consistency</h4> | | <h4>Configuration Consistency</h4> |
Line 181: |
Line 181: |
| <p class="highlighted mw-collapsible-content">Configurations will change to accommodate new features, additional integrations, and other edits to the application’s source code. If edits are made to the deployment protocol, it can be difficult to know what adjustments were made and who was responsible. Since code can be version-controlled, IaC allows every configuration change to be documented, logged, and tracked. These changes in configurations can also be rigorously tested, just like code. If there is an issue with the new setup configuration, it can be pinpointed and corrected with much more ease, minimizing risk of issues or failure. IaC supports and enables change, rather than being an obstacle or a constraint. Changes are made in small increments instead of batches.</p> | | <p class="highlighted mw-collapsible-content">Configurations will change to accommodate new features, additional integrations, and other edits to the application’s source code. If edits are made to the deployment protocol, it can be difficult to know what adjustments were made and who was responsible. Since code can be version-controlled, IaC allows every configuration change to be documented, logged, and tracked. These changes in configurations can also be rigorously tested, just like code. If there is an issue with the new setup configuration, it can be pinpointed and corrected with much more ease, minimizing risk of issues or failure. IaC supports and enables change, rather than being an obstacle or a constraint. Changes are made in small increments instead of batches.</p> |
| | | |
− | <p>The version control system (VCS), usually Git via Github, is a core part of IaC. The VCS is the source of truth for the desired state of infrastructure. Changes to infrastructure are driven by changes committed to the VCS. VCS is essential for infrastructure management in that is provides Traceability (history of changes), Rollback (ability to restore to previous version), Correlation (tracing problems across environments), Visibility (changes are public to the team), and Actionability (automatically trigger actions when a change is committed)<ref>Google. (2020, January 28). Infrastructure as code. <i> [cloud.google.com: https://cloud.google.com/solutions/infrastructure-as-code/ Google].</i> Retrieved from Google</ref>.</p> | + | <p>The version control system (VCS), usually Git via Github, is a core part of IaC. The VCS is the source of truth for the desired state of infrastructure. Changes to infrastructure are driven by changes committed to the VCS. VCS is essential for infrastructure management in that is provides Traceability (history of changes), Rollback (ability to restore to previous version), Correlation (tracing problems across environments), Visibility (changes are public to the team), and Actionability (automatically trigger actions when a change is committed).<ref>Google. (2020, January 28). Infrastructure as code. <i> [cloud.google.com: https://cloud.google.com/solutions/infrastructure-as-code/ Google].</i> Retrieved from Google</ref></p> |
| | | |
| <h4>Increased Efficiency in Software Development</h4> | | <h4>Increased Efficiency in Software Development</h4> |
Line 218: |
Line 218: |
| <h4>Getting Environments In Sync and Server Sprawl</h4> | | <h4>Getting Environments In Sync and Server Sprawl</h4> |
| | | |
− | <p>For IaC to work properly, the test environment and the production environment need to be synced up, and the documentation kept organized<ref>Guckenheimer, S. (2017, March 4). What is Infrastructure as Code? <i> [https://docs.microsoft.com/en-us/azure/devops/learn/what-is-infrastructure-as-code microsoft].</i> Retrieved from docs.microsoft.com/</ref>. Without the test and production environments being in sync, changes in configuration could have wildly different consequences and impacts when implemented on the production environment.</p> | + | <p>For IaC to work properly, the test environment and the production environment need to be synced up, and the documentation kept organized.<ref>Guckenheimer, S. (2017, March 4). What is Infrastructure as Code? <i> [https://docs.microsoft.com/en-us/azure/devops/learn/what-is-infrastructure-as-code microsoft].</i> Retrieved from docs.microsoft.com/</ref> Without the test and production environments being in sync, changes in configuration could have wildly different consequences and impacts when implemented on the production environment.</p> |
| | | |
| <p class="highlighted mw-collapsible-content">While cloud and virtualization can make it easy and trivial to provision new servers from a pool of resources. This can lead to the number of servers growing faster than the ability of the team to manage them well. When this happens, teams struggle to keep servers patched and up to date, leaving systems vulnerable to known exploits. When problems are discovered, fixes may not be rolled out to all of the systems that could be affected by them. Differences in versions and configurations across servers mean that software and scripts that work on some machines don’t work on others. This leads to inconsistency across the servers, called Configuration Drift.</p> | | <p class="highlighted mw-collapsible-content">While cloud and virtualization can make it easy and trivial to provision new servers from a pool of resources. This can lead to the number of servers growing faster than the ability of the team to manage them well. When this happens, teams struggle to keep servers patched and up to date, leaving systems vulnerable to known exploits. When problems are discovered, fixes may not be rolled out to all of the systems that could be affected by them. Differences in versions and configurations across servers mean that software and scripts that work on some machines don’t work on others. This leads to inconsistency across the servers, called Configuration Drift.</p> |
Line 224: |
Line 224: |
| <h4>Configuration Drift</h4> | | <h4>Configuration Drift</h4> |
| | | |
− | <p>Configuration Drift is when servers are initially created and configured consistently, but where differences creep in over time. Unmanaged variation between servers leads to snowflake servers and automation fear. Drifts in configuration can happen over time and a variety of things can cause this. If administrators change server configurations outside of the set IaC template, there is potential for Configuration Drift. It's important to fully integrate IaC into systems administration, IT operations, and DevOps practices with well-documented policies and procedures<ref>Lewis, T. (2017, June 29). Devops Benefits of Infrastructure as Code. <i> [https://stelligent.com/2017/06/29/devops-benefits-of-infrastructure-as-code/ stelligent].</i> Retrieved from stelligent.com</ref>. Once adherence to an IaC workflow is achieved to create something, any foreign interference will change the server environment. Once a machine is created via an IaC workflow, it should not experience intervention outside of an automated, aligned, and compliant maintenance workflow. Manual or external updates (even if just security patching) may result in Configuration Drifting which in time has the potential of producing massive non-compliance or even service failure.</p> | + | <p>Configuration Drift is when servers are initially created and configured consistently, but where differences creep in over time. Unmanaged variation between servers leads to snowflake servers and automation fear. Drifts in configuration can happen over time and a variety of things can cause this. If administrators change server configurations outside of the set IaC template, there is potential for Configuration Drift. It's important to fully integrate IaC into systems administration, IT operations, and DevOps practices with well-documented policies and procedures.<ref>Lewis, T. (2017, June 29). Devops Benefits of Infrastructure as Code. <i> [https://stelligent.com/2017/06/29/devops-benefits-of-infrastructure-as-code/ stelligent].</i> Retrieved from stelligent.com</ref> Once adherence to an IaC workflow is achieved to create something, any foreign interference will change the server environment. Once a machine is created via an IaC workflow, it should not experience intervention outside of an automated, aligned, and compliant maintenance workflow. Manual or external updates (even if just security patching) may result in Configuration Drifting which in time has the potential of producing massive non-compliance or even service failure.</p> |
| | | |
| <h4>Automation Fear</h4> | | <h4>Automation Fear</h4> |
Line 236: |
Line 236: |
| <h4>Error Duplications</h4> | | <h4>Error Duplications</h4> |
| | | |
− | <p>Although the subsequent creation of machines would be through automation, the development of the initial parent code will be done manually. More often than not, whenever there is a human process involved, there is the possibility of minor errors that creep into the overall process. The problem here is that several machines may have been automatically created where such errors exist. So there is the need for applying a solid auditing process to the creation of IaC generating code<ref>Mamnani, D. (2017, September 5). From testing code to testing infrastructure as code—the new must-have testing skill. <i> [https://www.capgemini.com/2017/09/from-testing-code-to-testing-infrastructure-as-code-the-new-must-have-testing-skill/ capgemini].</i> Retrieved from capgemini.com</ref>. This can happen despite regular QA checks. These minor issues could prove to be crucial, as such errors might also be in multiple machines created by means of automation<ref>Merron, D. (2018, December 17). What is Infrastructure as Code? IaC Explained. <i> [https://www.bmc.com/blogs/infrastructure-as-code/ bmc].</i> Retrieved from bmc.com</ref>.</p> | + | <p>Although the subsequent creation of machines would be through automation, the development of the initial parent code will be done manually. More often than not, whenever there is a human process involved, there is the possibility of minor errors that creep into the overall process. The problem here is that several machines may have been automatically created where such errors exist. So there is the need for applying a solid auditing process to the creation of IaC generating code.<ref>Mamnani, D. (2017, September 5). From testing code to testing infrastructure as code—the new must-have testing skill. <i> [https://www.capgemini.com/2017/09/from-testing-code-to-testing-infrastructure-as-code-the-new-must-have-testing-skill/ capgemini].</i> Retrieved from capgemini.com</ref> This can happen despite regular QA checks. These minor issues could prove to be crucial, as such errors might also be in multiple machines created by means of automation.<ref>Merron, D. (2018, December 17). What is Infrastructure as Code? IaC Explained. <i> [https://www.bmc.com/blogs/infrastructure-as-code/ bmc].</i> Retrieved from bmc.com</ref></p> |
| | | |
| <h4>Infrastructure Erosion</h4> | | <h4>Infrastructure Erosion</h4> |
Line 256: |
Line 256: |
| <h4>Deploy Code As Much as Possible</h4> | | <h4>Deploy Code As Much as Possible</h4> |
| | | |
− | <p>A good practice to consider for IaC is to, wherever possible, deploy code to describe the infrastructure. Often, it is possible to codify traditional and cloud infrastructure, even legacy systems. For instance, the physical/virtual server management can be codified by Terraform, CloudFormation, YAML, and Python scripts. From there Puppet/Chef modules can be utilized for network management, Dockerfile for container management, and so forth, which can establish these configuration files as a single source of truth when it comes to the organization’s exact infrastructure specifications<ref>Morris, K. (2020, January 28). Infrastructure as Code. <i> [https://www.oreilly.com/library/view/infrastructure-as-code/9781491924334/ch01.html oreilly].</i> Retrieved from oreilly.com</ref>.</p> | + | <p>A good practice to consider for IaC is to, wherever possible, deploy code to describe the infrastructure. Often, it is possible to codify traditional and cloud infrastructure, even legacy systems. For instance, the physical/virtual server management can be codified by Terraform, CloudFormation, YAML, and Python scripts. From there Puppet/Chef modules can be utilized for network management, Dockerfile for container management, and so forth, which can establish these configuration files as a single source of truth when it comes to the organization’s exact infrastructure specifications.<ref>Morris, K. (2020, January 28). Infrastructure as Code. <i> [https://www.oreilly.com/library/view/infrastructure-as-code/9781491924334/ch01.html oreilly].</i> Retrieved from oreilly.com</ref></p> |
| | | |
| <h4>Version Everything</h4> | | <h4>Version Everything</h4> |
Line 264: |
Line 264: |
| <h4>Consult the DevOps Teams</h4> | | <h4>Consult the DevOps Teams</h4> |
| | | |
− | <p>IaC will be crucial if when implementing DevOps in an organization. It can be the key component needed to enable the DevOps best practices and to get the most out of DevOps. The principles of IaC and DevOps intertwine when it comes to collaboration and automation. Also, the DevOps toolchain often encompasses infrastructure automation tools. When infrastructure is coded, it paves the way for the platform to achieve superior quality control through better testing, reduced recovery times, and more predictable—as well as more effective—deployments<ref>Nallamala, N. (2019, April 19). The Top 7 Infrastructure-As-Code Tools For Automation. <i> [https://dzone.com/articles/the-top-7-infrastructure-as-code-tools-for-automat dzone].</i> Retrieved from dzone.com</ref>.</p> | + | <p>IaC will be crucial if when implementing DevOps in an organization. It can be the key component needed to enable the DevOps best practices and to get the most out of DevOps. The principles of IaC and DevOps intertwine when it comes to collaboration and automation. Also, the DevOps toolchain often encompasses infrastructure automation tools. When infrastructure is coded, it paves the way for the platform to achieve superior quality control through better testing, reduced recovery times, and more predictable—as well as more effective—deployments.<ref>Nallamala, N. (2019, April 19). The Top 7 Infrastructure-As-Code Tools For Automation. <i> [https://dzone.com/articles/the-top-7-infrastructure-as-code-tools-for-automat dzone].</i> Retrieved from dzone.com</ref></p> |
| | | |
| <h4>Requires Strong In-Depth Knowledge</h4> | | <h4>Requires Strong In-Depth Knowledge</h4> |