Risk Focus On Infrastructure As Code

Risk Focus On Infrastructure As Code

Infrastructure as Code

Written by: Cary Dym, Global Head of DevOps Business Development

Infrastructure as Code (IaC) transforms and automates the manual process of standing up datacenter environments and processes, such as hardware instantiation, networking, run books, and appliance and software configuration, into automated deployment and configuration.The IaC concept has been around for several years in both startups and many tech firms and is gaining wider traction.  TechNavio cites the increased adoption of IaC as a major trend across all industries and geographies in their Global DevOps Platform Market 2018-2022 report.

Every industry is challenged by Digital Disrupters:  firms that are competing based on enhanced capabilities and lower costs derived from digital innovation.  According to the 2018 IDC Whitepaper, Designing Tomorrow, “Over 67% of companies believe a digitally enabled competitor will gain a competitive advantage within the next five years.”  Traditional companies must be able to move faster at lower cost, and yet continue to manage risk.  Firms willing to undergo digital transformation are able to achieve this with IaC.  Infrastructure cost (CAPEX) and human cost (OPEX) can be reduced by leveraging the dynamic and self-service capabilities that IaC provides.  Increased velocity means recasting multi-step, multi-hour, manual processes—such as racking servers, loading software patches, installing services and applications, configuring networks, and enabling storage—into automated, repeatable, scalable processes that are performed in minutes.  When done properly, IaC reduces risk by addressing traditional IT problems, including configuration drift, human error, inconsistencies, and loss of context.

These additional capabilities – faster delivery of infrastructure, and consistent configuration during the software delivery cycle – allow organizations to make changes faster, with more confidence, and lower risk.

A good place to start Digital Transformation is implementing IaC to facilitate adoption of DevOps practice.  Firms starting on this journey are faced with the hard task of assessing whether the organization has skills and know-how to embark on the journey alone or requires collaboration with skilled practitioners.  Most “not-born-in-the-cloud” firms realize they need to bring in outside resources (unfortunately, sometimes after first failing internally).  Risk Focus has broad industry expertise across Finance, Healthcare and Telecom industries with deep expertise in IaC technologies.  We realize that even large journeys start with a single step and have developed a unique Player-Coach engagement model that facilitates new DevOps principles, enabling demonstration of best-practices through quick-win projects.

At Risk Focus, we are agnostic (yet opinionated) about the tools we use. Our choices are informed by a variety of factors and determined by our clients’ needs.  However, we do have our favorites.  One such tool is Terraform, which is the service provisioner and infrastructure orchestrator in the suite of offerings by HashiCorp. Terraform is cloud-agnostic and supports all major clouds, both public and private.  In hybrid environments where there are advantages to a single set of tooling, Terraform allows our practitioners to quickly develop, validate and roll out orchestration templates.

We implement CM with two tools:  Salt and Ansible.  Ansible focuses on simplicity, and getting going is quick, changes are easy to understand, and organizational adoption tends to be fast.  We recommend Saltfor organizations with greater infrastructure complexity. Salt has a completely declarative model that includes components to dynamically manage configuration and detect drift, along with the ability to layer buildouts and react to signals from the environment, changing infrastructure dynamically in response to changing conditions.  These abilities necessarily require additional complexity and result in a steeper learning curve, but clients with sufficient scale, compliance requirements, or complexity find great benefit from the additional features.

At Risk Focus, our Cloud and DevOps team support transformation initiatives and demonstrate domain expertise in the following areas:

– Infrastructure as Code Orchestration with tools like HashiCorp’s Terraform, as well as cloud-native Orchestration with CloudFormation, ARM, and HEAT.

– Configuration automation with technologies including Salt and Ansible.

– Migrating applications to public cloud, including re-architecting of applications to become more cloud-compatible or cloud-native.

– Containerization including extensive experience with Docker, Docker Swarm, OpenShift, Kubernetes, EKS, GKE, and

– Cloud migration and hybrid cloud implementation using VMWare, Openstack, AWS, GCP and Azure.

– Process and methodology improvements and CI/CD pipeline implementation leveraging tools such as Git, JIRA, Jenkins, and

– Multi-cloud Monitoring and Log aggregation via Splunk, Elastic, and InfluxDB.

“Tour of Cloud Computing” – In Depth Interview

The August 23 Jaxenter interview of Peter Meulbroek, Head of DevOps and Cloud Solutions at Risk Focus by journalist Gabriela Motroc entitled “A Tour of Cloud Computing” dives deeply into several key topics.

The interview is organized around the following themes:

Security – Discusses the new paradigm.

Benefits – Discusses key benefits like automation and the self-service nature of the cloud.

Preferred Tools and Technologies – Describes the various technologies that Risk Focus prefers for Configuration    Management, Orchestration, Packaging and Distribution, Data Masking, Containerization, and Monitoring.

The limitations of a Cloud-Neutral approach.

The article gives Meulbroek the platform to share the approach that Risk Focus brings to clients grappling with a Cloud Strategy. For instance, regarding Cloud-Neutral strategies, Meulbroek states “Cloud-neutral adds a large amount of complexity and risk to a migration, without really solving the issue”.

Regarding Security, he states “the old, obsolete paradigm for security — the perimeter defense — has gone the way of the curtain wall and needs to be replaced with defense in depth.  Nor is it enough to manage data security between applications. Data, at rest or in flight, needs to be protected at all levels within an application, and managing security for an application is largely managing access to decrypt narrowly-focused cohorts of data”

Read The Full Article Here