Automate declarative configuration management for IT ops success
AWS CloudFormation is one of the top options for configuration management -- but it isn't without flaws. Compare AWS to other tools to pick the best option for your organization.
Public cloud has redefined developers' expectations -- now, teams want to consume consistent, on-demand services from agile IT infrastructure. Meanwhile, the cloud has changed IT admins' expectations for an automation tool.
To deliver and maintain these consistent infrastructure services, IT teams require declarative configuration management tools. The right set of tools to build out an IT environment depends on where enterprises start; to deploy an environment on a hypervisor in an on-premises data center demands a different set of tools than those needed to deploy, for example, a virtual private cloud on AWS.
Declare a desired state
IT operations staff can use traditional, procedural scripting tools for imperative configuration, which define a sequence of steps to achieve the desired state. Writing these scripts well, however, requires development skills that an IT operations team usually lacks.
Declarative configuration management tools reconfigure the environment to match what is described in a text file. The ops team only needs to write the description file, and the tool handles much of the complexity. Declarative tools usually have an extensive, but fixed, set of targets that are supported for configuration. A developer must extend an application to support new cloud platforms, products or features.
Some declarative tools combine together well. For example, one tool can declare the infrastructure layers, such as networks and VMs, while another tool declares the application components, such as packages, to install inside the VMs. In some cases, IT teams might have to write scripts or develop plugins to support specific applications that are not already supported by a declarative tool.
Enterprises can choose from a variety of declarative configuration management tools, such as Puppet and Ansible, which focus more on the application layer, and Terraform and AWS CloudFormation, which focus more on the infrastructure layer. The below comparison of Terraform and CloudFormation highlights some important differences between a platform-specific and general-purpose declarative tool.
CloudFormation for AWS infrastructure
AWS has an extensive collection of programmable infrastructure services, and CloudFormation codifies the deployment of those services via a template. Admins use a collection of CloudFormation templates to deploy the networking, compute, data and access layers of their environment.
CloudFormation supports conditional configuration changes at deployment. This is helpful when teams want a less resilient, but lower-cost environment for development compared to production. In this case, a single template could specify the conditions for both environments.
There are, however, some limitations to CloudFormation. One of the biggest is that it's largely designed to work only with AWS services, though IT teams can use the tool's custom resources feature to work with some non-AWS services.
Also, while CloudFormation provides powerful tools to deploy AWS infrastructure services, it's not as strong at configuring inside VMs. As a result, CloudFormation is often used alongside another configuration management tool that's triggered by the CloudFormation deployment. Managed instances of Chef and Puppet are available as the part of the AWS OpsWorks service to deliver this application configuration layer.
Terraform for multi-cloud
Unlike CloudFormation, which is specific to AWS, Terraform is more wide-ranging, with a plugin architecture that enables the tool to create an environment on top of virtually any software-defined infrastructure platform, including Microsoft Azure, AWS, OpenStack and vSphere.
One of TerraForm's great strengths is the community of developers who build plugins to support different applications and platforms -- which happens at a much faster pace than it would with in-house development. As with CloudFormation, it is common to integrate Terraform with a software configuration management platform, such as Chef, Puppet or Ansible, to complete the configuration of deployed VMs.
Terraform's cross-platform capabilities help customers who operate a multi-cloud environment and who would like to use the same tool across multiple clouds and an on-premises deployment. However, while it's possible to use Terraform across multiple clouds, admins must redevelop the configuration files for each platform, since cloud providers don't have the same network specifications or VM sizes or types.
Support for hybrid cloud
There are other tools with roots in enterprise IT that enable operations teams to deploy hosting environments both on premises and on the public cloud.
These products suit customers whose primary IT environment is on premises and have limited DevOps adoption. VMware's vRealize Automation is one example of a tool that lets teams deploy infrastructure blueprints on premises or to a variety of public clouds. Other examples include Hewlett Packard Enterprise OneSphere and Morpheus Data, both of which aim to help enterprises with hybrid cloud deployment.
However, some enterprise software vendors struggle with the diversity and rate of change of public cloud services, leading to incomplete support for those platforms.