Automation is key for improving infrastructure standardization in order to speed up deployments, replicate the same environment several times, or reduce wrong configurations which are not aligned with regulatory or security policies.

Even to react quicker to market with new web services in a region where we are extending our business or some new attractive features to sell our products and services to worldwide customers.

Moreover, it´s crucial for leveraging performance and reliability as much as possible and increase productivity which impact directly in cost. If you can read between lines, we are talking about Well-Architected-Framework. A popular concept nowadays…

But, can we consider automation like some run books and scripts here and there to solve specific issues in our private or public cloud?

Milind Govekar, research vice president at Gartner, said in 2016, that IT organizations need to move from opportunistic to systematic automation of IT processes.

As a consequence of opportunistic automation, he remarked “Most current use of automation in IT involves scripting,” . “Scripts are more fragile than agile. What you end up with is disconnected islands of automation, with spaghetti code throughout the organization when what you need is a systematic, enterprise-wide lasagne“

Therefore, it is clear like water, let´s focus on automation as a centralize and systematic approach to rule all those aspects and pain points that i mentioned before. Automation as part of our operational excellence, our security posture, to improve reliability and resilience and reduce cost. To summary, automation as a solid requirement for our WAF strategy within our organization or company.

---

But how can we afford automation in our current hybrid model?

Well, we need to choose the tool but it depends on environments you have to maintain. Let say your infra, how many clouds, public or private, are you using. To be honest, the complexity of your technologies, current infrastructures and DEVOPS daily effort determine many of the approach.

Let see the best options in the market:

Azure Devops & ARM & PowerShell – are the right technologies to provide automation with a systematic strategy not just with ARM templates deployment alone but also with other alternatives such as PowerShell tasks or with Yaml files. So you have a RBAC, you have traceability and you consolidate and deploy all your automation actions just for one place with a single pane of glass. Adding to that works in perfect harmony with Github.

Furthermore you can include those solutions with other such as Azure Arc, Azure Security Center or Azure monitor to achieve the suitable Well-Architected-Framework for your platform.

Terraform – Another strong solution in the market. A leader to consolidate automation in multicloud environments as it works with many providers or plugins as to ingest data. Just take a look to this incredible list: Browse Providers | Terraform Registry

It is a great approach in IaC (Infrastructure as Code) for complex environments as it can work together with your Active directory (announced some days ago), or with AWS, Alibaba, GPC, Vmware,etc.

The new Windows Active Directory (AD) provider for Terraform allows admins and sysops to manage users, groups and group policies in your AD installation. It is a very flexible solution in terms of versioning code within Github and allows changes to be tracked and audited easily.

Cloud formation – AWS Cloud Formation is a framework for provisioning your cloud resources with infrastructure as code within AWS accounts. Specifically a Cloud Formation template is a JSON or YAML formatted declarative text file where you will define your cloud resources. AWS defines it as “CloudFormation enables you to create and provision AWS infrastructure deployments predictably and repeatedly. It helps you leverage AWS products to build highly reliable, highly scalable, cost-effective applications in the cloud without worrying about creating and configuring the underlying AWS infrastructure”. 

AWS use Control Tower somehow similar to Ansible Tower that i´ll introduce below, works across AWS accounts and regions. It uses a more advanced AWS CloudFormation feature; StackSets: AWS CloudFormation StackSets extends the functionality of stacks by enabling admins and sysops to create, update, or delete stacks across multiple accounts and regions with a single operation.

Ansible -It is defined as “a simple open source IT engine which automates application deployment, intra service orchestration, cloud provisioning and many other IT tools.” Ansible works very well on Red hat open shift and open Stack and has a centralize solution calle Ansible Tower to orchestrate your IT infrastructure with a visual dashboard including RBAC. Ansible use playbooks. A playbook is a configuration file written in YAML that provides instructions for what needs to be done in order to bring a managed node into the desired state. It works on open source platforms and hardware solutions integrating modules as follows: All modules — Ansible Documentation

Chef and Puppet – Also are quite extended but more related to Devops and CI/CD solutions on complex environments to achieve DSC (Desired State Configuration). Both are configuration managers with an image. Chef is similar to previous approaches in the sense it use Json or Yaml declarative text files and more focus on supporting administrators. It use recipes and cookbooks through a Chef Server VM to orchestrate standardize IaC to other VMs from scratch while Puppet is more focus on programing some criteria or controls thought the VM´s life. Anyway these alternatives are today no so popular in Enterprise companies and private and public clouds are adopting other automation solutions as above.

To summarize, your automation strategy depends on your platform or platforms that determine a holistic tool or not, your goals more related to Devops or Well-Architected-Framework, and how complex is your environment.

What is out of discussion and a solid tendency, its to apply a systematic automation strategy to reduce silos in your daily infrastructure deployment. Please take into account those scripts here and there fixing issues.

In the next post we will see how it works automation as IaC with Azure Devops.

Enjoy the journey to the cloud with me…see you then in the next post.