michelangelus - Fotolia

Tip

Infrastructure as code benefits range from audits to ops

When an auditor asks to see how the entire application stack is configured, you'll recognize the benefits of an infrastructure-as-code implementation.

The sound of a humming data center in an organization is still commonplace, but their numbers are dwindling in favor of cloud providers. Who wants to deal with server installs and upgrades in production when the click of a mouse provides one in minutes?

VMs and as-a-service resources translated infrastructure into software. The next step is infrastructure as code. Benefits of coding the resources that support an application range from configuration enforcement to easier updates and increased compliance.

Infrastructure as code, sometimes called IaC, can sound misleading: There is physical infrastructure running somewhere, whether hosted by a cloud provider, such as Microsoft Azure or Amazon Web Services, or in an organization's data center. The term refers to infrastructure automation and a process to manage it, not replacing physical resources entirely. Configuration as code is more technically accurate, but infrastructure as code became common parlance.

As code means all facets of an infrastructure device's lifecycle are defined and controlled via code. No physical servers are built or racked to implement a change, nor is there a VM management console in Microsoft Hyper-V or VMware vCenter. Infrastructure as code benefits include that out-of-spec, individual changes are harder to make. In a declarative infrastructure as code setup, if someone changes the device directly, rather than via the code that controls it, the code overrides the change and brings the device back into the defined state.

Think of infrastructure defined in a configuration or hierarchical template. In something like an XML file, an example looks like this:

infrastructure as code XML file

There is a hierarchical code structure setup that defines the resources needed for a particular server and leaves room to add servers, if necessary. But the server won't magically know to adhere to these set rules. Admins must build the code to read the template above and enforce these rules. Multiple tools can write this code, such as Chef, Puppet, Ansible and Microsoft PowerShell Desired State Configuration. Each tool has its own way to define a configuration and subsequently ensure that the infrastructure adheres to it.

Some PowerShell pseudocode for the above example looks like this:

infrastructure as code PowerShell pseudocode

This code reads the configuration, verifies the current state of the devices and, if not in compliance, sets the desired value.

Embrace a new way to manage IT

There are numerous infrastructure as code benefits, but it isn't easy to implement in an organization that manages infrastructure the old-fashioned way. Everything is code. The IT operations team must understand how to write high-level code. Don't fire IT admins and replace them with pure software developers, but do train and recruit infrastructure developers. Infrastructure as code doesn't mean you create full software applications from scratch -- tools are there to do the heavy lifting -- but admins must understand code structure, syntax and design.

IT ops must learn to manage infrastructure in code and not attempt to change configuration settings in any other form. There will inevitably be instances wherein an admin changes a configuration directly on the server and then wonders why that configuration suddenly reverted without warning. Any changes to the infrastructure must be performed in the code that dictates that deployment.

There will inevitably be instances wherein an admin changes a configuration directly on the server and then wonders why that configuration suddenly reverted without warning.

Unless all of your infrastructure is in the cloud or highly virtualized, not everything will work in this new way. You cannot define a virtualization hypervisor in code, for example, if that service must be hosted on a physical machine. All coded configuration must be accessible via software.

The transition can be a difficult one, but infrastructure as code benefits materialize quickly. Organizations can be confident that there is a text file to define each device supporting an application exactly how it is intended to run. Documentation won't go stale because, as soon as the IT admin updates any documentation, the server immediately follows suit; it reverses traditional IT operations where admins change the server now and update the documents at some later date -- if at all.

When admins place infrastructure code under source control, every change is recorded and easily reverted -- an impossible feat for physical server updates. There are no more conundrums of something changed -- but no one knows what. If your IT ops team manages infrastructure as code under source control, simply look at the history of versions. If changes fail, revert to the old version, and the device will return to its former configuration.

Easier auditing and security are other benefits of infrastructure as code. With traditional infrastructure, when an auditor needs reports on the state of a network, administrators have to rush to write scripts that pull the desired information from servers -- only to find that they aren't properly configured. If everything is defined in code, IT operations can provide the auditor with a network diagram in the form of all server configurations. This time, however, rather than hope the diagram accurately represents the actual state of the servers, you know it does.

Infrastructure as code benefits prove it is the next generation of infrastructure management, at scale, with fewer people. It's not only a technological innovation but a human one. Once this concept is fully realized, organizations will wonder how they ever managed infrastructure differently.

Dig Deeper on Systems automation and orchestration