In­fra­struc­ture as Code (IaC)

When it comes to IT in­fra­struc­ture, there is basically no way to get around vir­tu­al­ized software-con­trolled hardware nowadays. You can assemble storage, server and network resources as well as complete data centers with precision and scale them at any time without having to manually access the devices. Through In­fra­struc­ture-as-a-Service providers, you can even rent the un­der­ly­ing, software-defined hardware at a rea­son­able price, rendering in-house in­fra­struc­ture com­plete­ly obsolete.

Nev­er­the­less, it is still difficult to manage the various resources, specif­i­cal­ly due to the ever-in­creas­ing demands on IT in­fra­struc­ture and the fact that multiple IaaS providers are often used si­mul­ta­ne­ous­ly. In­fra­struc­ture as Code (also known as pro­gram­ma­ble in­fra­struc­ture) is thus becoming in­creas­ing­ly important.

In­fra­struc­ture as Code (IaC for short) is an IT paradigm which defines software and the in­fra­struc­ture required to run it (e.g. storage space, computing power and network resources) in a pro­gram­ming language. It is also basically pro­gram­ming hardware in­fra­struc­tures as ex­e­cutable code which can be easily adapted, copied, deleted or versioned at any time. In­fra­struc­ture as Code is based on modern cloud tech­nolo­gies such as vir­tu­al­iza­tion and software-defined resource man­age­ment. These make it possible to manage hardware without needing to manually access the devices.

In recent years, the demands placed on software products have rapidly grown. As a result, de­vel­op­ment cycles have become in­creas­ing­ly short, and more im­por­tance has been placed on the quest for maximum avail­abil­i­ty and flex­i­bil­i­ty. Therefore, in addition to optimized code de­vel­op­ment, the key to a suc­cess­ful, stable and, above all, com­pet­i­tive in­fra­struc­ture is con­tin­u­al­ly refining and main­tain­ing the un­der­ly­ing hardware in­fra­struc­ture. This is where In­fra­struc­ture as Code comes in. After all, the concept of “pro­gram­ma­ble in­fra­struc­ture” was specially developed to increase the quality and ef­fi­cien­cy of in­fra­struc­tures. The following are some of the primary tasks and ob­jec­tives of IaC:

• Automate manual processes as much as possible.
• Remove the bound­aries between ap­pli­ca­tions and the en­vi­ron­ments in which they run.
• Create a flexible workflow which sim­pli­fies company-wide col­lab­o­ra­tion for everyone involved in the de­vel­op­ment process.
• Make content movement and mod­i­fi­ca­tions trans­par­ent and easily traceable at all times.
• Make hardware set-ups as “testable” as software.

In the tra­di­tion­al, non-vir­tu­al­ized en­vi­ron­ment, all resources are always directly tied to physical hardware. This results in a less flexible in­fra­struc­ture which requires a lot of manual work in order to make any changes to the set-up.

Through the vir­tu­al­iza­tion of server hardware, storage and network struc­tures, this has changed con­sid­er­ably. This tech­nol­o­gy has enabled providers to offer customers the ability to centrally manage resources without needing to assign dedicated hardware to the task. This ensures a sig­nif­i­cant­ly higher level of re­li­a­bil­i­ty since defective hardware can be replaced im­me­di­ate­ly. It is also much easier for both sides to add new resources or remove pre­vi­ous­ly rented resources.

Software-defined en­vi­ron­ments go even further than standard vir­tu­al­ized en­vi­ron­ments. These en­vi­ron­ments are dif­fer­en­ti­at­ed by the fact that their control logic is com­plete­ly ab­stract­ed from the in­di­vid­ual hardware com­po­nents and im­ple­ment­ed in a cen­tral­ized control software ap­pli­ca­tion. Using the requisite in­ter­faces and tools, providers and customers can easily operate this control unit, set up IT struc­tures in­di­vid­u­al­ly and scale them with precision. In addition, both sides will benefit from increased hardware per­for­mance since the hardware is not re­spon­si­ble for data pro­cess­ing.

In­fra­struc­ture as Code uses the pre­vi­ous­ly mentioned tech­nolo­gies to automate the software-con­trolled man­age­ment for various vir­tu­al­ized resources in order to tap into the full potential of the cloud. Sub­se­quent­ly, IaC should not be seen as an al­ter­na­tive but rather as a way to extend or optimize software-defined in­fra­struc­tures.

In­fra­struc­ture as Code con­tributes greatly to meeting the demands of agile software de­vel­op­ment. Using pre-con­fig­ured scripts, necessary changes to the in­fra­struc­ture can be made at a rate which you simply cannot achieve through manual ad­min­is­tra­tion. These ad­just­ments can be made in the middle of the night, on weekends and even on public holidays. This also reduces the potential for human error, es­pe­cial­ly for ad­min­is­tra­tive tasks which have to be fre­quent­ly repeated, because it is no longer possible to make input or typing errors. In addition to being fast and less error prone, In­fra­struc­ture as Code offers the following ad­van­tages over manual ad­min­is­tra­tion:

• High ef­fi­cien­cy: IaC allows you to automate most of resource man­age­ment and thus greatly con­tributes to op­ti­miz­ing the Software De­vel­op­ment Life Cycle (SDLC), or in other words, the entire de­vel­op­ment process.
• Reusabil­i­ty: Once the code has been written for an in­fra­struc­ture, it can be executed at any time and as often as required to deploy that in­fra­struc­ture. The same also applies, for example, to sandbox en­vi­ron­ments in the de­vel­op­ment stage(s).
• Version control: If there is code, it is possible to have version control. In­fra­struc­ture as Code thus enables any changes made to an in­fra­struc­ture to be tracked and doc­u­ment­ed. One of the ad­van­tages of this is that a previous set-up can easily be restored.
• Min­i­miza­tion of costs/effort: Au­tomat­ing in­fra­struc­ture man­age­ment saves a lot of time and money which could be better used for other things.

However, this last advantage does have its limits. When it comes to a properly pro­grammed In­fra­struc­ture-as-Code en­vi­ron­ment, this advantage holds true. However, you should not un­der­es­ti­mate the amount of effort that goes into its design and im­ple­men­ta­tion. For many ad­min­is­tra­tors involved, the IaC model implies there will be major changes. After all, you need a com­pre­hen­sive un­der­stand­ing of cloud ar­chi­tec­ture concepts, ex­pe­ri­ence with APIs and knowledge of pro­gram­ming languages such as Java, Node.js and Python (to name but a few) if you want to be able to switch to an automated in­fra­struc­ture or implement one. Therefore, you must be prepared for com­par­a­tive­ly high costs and a lot of training in the beginning.

As we mentioned pre­vi­ous­ly, companies will usually use the services of multiple different IaaS providers. As a result, ad­min­is­tra­tors have to deal with each platform’s quirks and, even more im­por­tant­ly, their different in­ter­faces. As an al­ter­na­tive, there are special IaC tools or frame­works which provide their own con­fig­u­ra­tion languages. These enable you to manage resources in­de­pen­dent­ly of providers and to eliminate the need for specific knowledge of the APIs used. The following are some of the most popular solutions:

• Terraform: It is es­sen­tial­ly open source and was developed by HashiCorp. You can download and use the basic version of Terraform free of charge. There are two paid versions which offer features for col­lab­o­ra­tion, gov­er­nance and fa­cil­i­ties.
   
• AWS Cloud­For­ma­tion: Cloud­For­ma­tion is a pro­pri­etary IaC tool of Amazon Web Services (AWS), so it is basically essential for anyone working with AWS products such as ELB, S3 and EFS. There are no ad­di­tion­al costs to use it. Users only pay for the resources they have reserved.
   
• Google Cloud De­ploy­ment Manager: What Cloud­For­ma­tion is to AWS, the De­ploy­ment Manager is to the Google Cloud platform. This means that those who receive their IaaS resources from Google can use this free tool to easily manage them via central con­fig­u­ra­tion files in the markup language YAML.
   
• Chef Infra: Chef Infra is the American company Chef’s IaC solution. Chef Infra has been free to use under the Apache 2.0 license since April 2019 and is used by Facebook, among other companies. Supported platforms include Google Cloud, Microsoft Azure, Amazon EC2 and OpenStack.
   
• Red Hat Ansible Tower: The IaC tool Ansible was created by the software company Red Hat in 2015. It offers a visual dashboard, its own command interface and a powerful REST API. However, both available packages (“standard” and “premium”) are paid packages.

The In­fra­struc­ture as Code model is useful for any company which develops and runs complex ap­pli­ca­tions and thus requires an equally com­pre­hen­sive and powerful in­fra­struc­ture. The following are some of the top reasons to use a pro­gram­ma­ble in­fra­struc­ture:

• You use a large amount of IaaS resources.
• Your in­fra­struc­ture is rented from many different providers or platforms.
• You need to make regular ad­just­ments to your in­fra­struc­ture.
• You need proper doc­u­men­ta­tion of changes made to your in­fra­struc­ture.
• You want to optimize col­lab­o­ra­tion between ad­min­is­tra­tors and de­vel­op­ers.

Although some companies can and do program their own IaC con­fig­u­ra­tion files, all ad­min­is­tra­tors who work with IaC will likely use the above-mentioned tools and frame­works regularly. Instead of providing you with concrete examples of In­fra­struc­ture as Code here, you can watch the following clips to see how in­fra­struc­ture code can be pro­grammed using practical IaC tools such as AWS Cloud­For­ma­tion and Terraform.