Infrastructure automation with Puppet’s David Sandilands
Infrastructure as Code (IaC) refers to the managing and provisioning of infrastructure through code instead of through manual processes. It is a powerful tool that aims to increase efficiency, reliability and consistency in the deployment and management of infrastructure.
It has been argued that the most successful IaC adoptions are those that work with current teams and are able to embed themselves into existing processes.
Here, Data Centre Magazine hears from David Sandilands of Puppet about how organisations can transition heritage systems to IaC, as well as adoption in regulated environments and considerations when moving to the cloud.
What is the best approach to take with an IaC project?
“The best approach to this delivery is to follow good Agile sprint practices, having epics such as delivering a core OS role, which can then be broken down. Each task within an epic should be small enough to be completed in a regular sprint cycle, typically two weeks. At the end of each sprint, these features can then be demonstrated to stakeholders to show progress, benefit, and receive feedback.
“Using techniques such as retrospectives at the end of sprints can help ensure that how you are working is still effective and that actions are taken on issues. If this approach is ignored and the team is split among many objectives, it can easily result in developers working in isolation. When developers work in isolation, other team members cannot help or provide meaningful reviews because they do not have an understanding of the work or why decisions have been made.
“Most importantly, on review of the submission of code, it becomes something the team has been actively discussing and working on together. All of this works toward a better understanding of what the code is intended to do and why the approach has been chosen.”
What about regulated environments?
“Once scope and focus is in place, an organisation’s best practices should lay out what tests the code should pass.
“Another challenge can be scope creep, which can dilute the higher-level scope and focus of how infrastructure automation is used in an organisation. For instance, when investing in a tool, such as an IaC platform, it is tempting to maximise the return on investment by expanding use cases, and as the implementation becomes successful, other teams will want to attach to that success and try to use a provided tool. Therefore, it needs to be clear what the use case for IaC is.
“Implementing automation may be more difficult in regulated environments but it is even more challenging to perform large-scale manual actions, making the potential returns on investment significant.
“The best approach is to engage with change, risk, audit, and other teams involved in the management of processes in your organisation before implementing infrastructure automation. Discussing what IaC is and how it is planned to use it can provide credible feedback, even if that means scaling back initial ambitions.”
What needs to be considered when managing transformation to IaC?
“A common pattern of IaC adoption is to progressively build up the automation levels in heritage servers to build confidence. For agent based IaC-tooling, installing a software agent on all nodes with existing infrastructure can give access to the state of the current configuration.
“The next step is to consider orchestration, and it is likely there are common scripts and tasks performed manually or semi-automatically by various teams on the heritage estate.
“Taking these scripts in their current form and wrapping them to make them useable in an Orchestrator can deliver greater control audit and automation without having to perform the rework of the scripts into a different language or technology.
“The next step is to look at a baseline configuration and ideally find something non-negotiable to start, which must be enforced on your estate, such as application agents needing versions to be upgraded and managed to avoid vulnerabilities. Once base profiles are complete, this leads to implementing the tools necessary for automated audit reporting and compliance remediation in the heritage estate.”
What are some things to be aware of when moving data centres to the cloud?
“If the intention is to move to the cloud, this cannot happen quickly in a regulated environment. So, it is important to focus on what can be done within the current constraints, show how the proposed IaC solutions fits into this, and work with stakeholders to modernise or improve processes. After completing the view of a traditional private data centre environment, it is important to consider how this approach differs in the cloud.
“The move to the public cloud has huge opportunities, particularly in terms of flexibility, with opportunities to use cloud-specific technologies to reduce the operational burden on an organisation. For example, the ease of using availability zones for compilers to reduce the risk of data centre failures is a complex feature to implement in private data centres.
“However, there are two commonly seen mistakes made in cloud adoption. The first is a wholesale copy of all infrastructure, processes, and components as they work in the private data centre to the public cloud, forcing deployments into the public cloud before organisations are ready and understand what is a suitable fit. This results in surprise bills as the infrastructure deployed is not planned to be flexible and ignores the rental nature of the public cloud.
“The second common problem is where everything is left behind, which can be seen with application teams or departments that are frustrated with internal processes and time until delivery. As a result, the lessons hard won in private data centres are lost and good practices in audit, configuration, and testing must be rebuilt as auditors find issues with the new fractured setup.
“The choice of cloud depends on implementation aims. Is the public cloud going to be used to provide flexible capacity for the private data centres, by providing an alternate site that can be built in disaster recovery? If so, it is more likely an organisation will want the configuration of servers to be the same with a shared code base, and having a single pane of glass could be advantageous to the team’s managing infrastructure.
“Deciding whether the infrastructure should be located privately or publicly will come down to cost and whether you intend to take advantage of cloud-native features such as the flexibility of availability sets and load balancers, which could allow compilers to be added on demand.”
******
For more insights into the world of Data Centre - check out the latest edition of Data Centre Magazine and be sure to follow us on LinkedIn & Twitter.
Other magazines that may be of interest - Mobile Magazine.
Please also check out our upcoming event - Net Zero LIVE on 6 and 7 March 2024.
******
BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.
BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.
