Benefits of Infrastructure-as-Code

Moving to IaC from a more traditional approach bring benefits in three areas :

The degree of value returned by IaC depends on the size of the deployment and the velocity of change within the organisation and can also be influenced by the type of applications being managed. In general, IaC brings greatest value for applications that are changing frequently. Let’s look at those three areas of benefit individually :

Reducing Cost

The core benefit of IaC is that it enables a very high degree of automation, and it is this automation that reduces cost. The initial set-up is of the first deployment is undeniably more expensive as both the tools and automation environment requires set-up, but as the size of the cloud estate and the number of environments increases, the benefits also grow.

With the techniques described in later sections, IaC can also be used to deliver a very high degree of re-use. A well-designed IaC deployment will re-use a high degree of code between similar environments (e.g. dev/test/pre-prod/prod) and also across the deployment of multiple similar applications. Typically, standard deployment patterns (e.g. Java app + database) can be generalized and the same code may be used to deploy hundreds of similar environments with only the environment’s parameters changing.

This approach can be extended to become a framework for a “composable” architecture. This breaks down the differing deployment patterns in a large cloud estate into standardized deployment fragment. The fragments are implemented as generalised deployment modules that can be “assembled” into full deployment solutions. This further speeds up deployment activity as new deployments are optimized to be assemblies of known and well-tested components.

Reducing Risk

The switch to a tightly controlled configuration management process for the virtual model brings all the benefits of a mature software development lifecycle to IaC. It enables dependency mapping, trial runs on the virtual model (which don’t impact the physical hardware) and transparency of change over time.

Moving to a fully automated model which disallows manual intervention may feel as a limitation, however, what it really does is to force all change through well-managed version control and release management which reduces the risk of unmanaged change.

The standardization into generalized patterns as described above brings very significant risk reduction. The generalized patterns can be built to a high quality of efficiency and security, and as this standardization is applied across all applications in the class, then the risk of security loopholes through mis-configuration is very substantially reduced.

Speed of response to security threats can also be greatly enhanced. If a vulnerability can be addressed through a generalized deployment model change, then this need only be implemented once for every application in that group to get the necessary corrective action.

Increasing Speed

The features of IaC that deliver reduced cost and risk also deliver much faster deployments. Automation and re-use all work together to change a slow, manual and error-prone process that takes many weeks to a stream-lined and reliable process that takes just hours or minutes.

The extension to a full modular approach extends the benefits to include novel and new requirements. Although a new solution may not be in the standard solution sets, a modular approach allows a new solution to be assembled from existing modules, perhaps with a small number of new modules to support novel architecture components.

IaC Enabling DevOps

The concept of CI/CD and DevOps has seen widespread adoption in the software development industry. It has delivered significant advances in the speed of development for projects and applications where the rate of change is high. However, many of these DevOps projects are able to change the application code quickly, but still struggle to deploy new physical environments or significant changes to existing environments at speed.

The repeatability, flexibility and consistency of an _IaS_approach bring the benefits of DevOps firmly into the physical infrastructure domain.

The automation and speed of IaC allow entire environment builds to be deployed in just minutes or hours in the cloud. This enables daily deployments of complete applications to support CI/CD, not just from the application build, but also for the physical deployment.

The industry leading tools used in IaC can all be driven CI/CD and DevOps tooling. They all support scripting and can be integrated with configuration management tools such as git.

Although production environments tend to be torn-down and recreated extremely rarely, this is not the case in development and test. The industry trend (enabled by CD/CD, DevOps and IaC) is moving away from long-lasting, static dev and test environments which are maintained and patched towards a much more dynamic on-demand build with environments built from scratch each time for specific project requirements.

Resilience and Security

We have covered the most important benefits of IaS in the previous sections, however, there are an additional set of benefits that are the consequence of the automation and standardization brought by IaC

Both Resilience and Security are critical to every production deployment and they share a number of attributes that are challenging for development teams :

Summary

?????