Sign up for a live Kubernetes or DevSecOps demo

Click here

DevOps Glossary

Infrastructure as Code

What is Infrastructure as Code?

Infrastructure as Code (IaC) refers to the increasingly common practice of provisioning and managing IT infrastructure using coding. The implementation of code as the control mechanism for IT infrastructure includes the use of software development techniques such as continuous integration, continuous delivery and version control.

Infrastructure of code takes advantage of the API-driven model that underlies cloud services. Engineers can write software applications that directly interact with cloud-based infrastructure such as DNS servers, file servers, networks, and even virtual machines and containers. The ability to pass instructions to these infrastructure elements using APIs means that engineers can provision and manage IT infrastructure at scale using a code-based approach rather than manually configuring each virtualization instance.

Infrastructure as Code is an important feature of DevOps, as it provides additional automation that streamlines the code development and deployment process, drives continuous integration and reduces manual labor, enabling developers to focus more on their responsibilities in security and operations management.

What is Infrastructure as Code in DevOps

Infrastructure as code developed out of a need to standardize deployment environments in for software development teams pursuing a continuous integration or continuous delivery model and following the Dev Ops paradigm. The practice evolved as a response to a repeatedly observed issue in the software release/deployment pipeline known as environmental drift.

In the context of software deployment an environment refers to the computer system in which an application is deployed. The deployment environment can be a physical machine or a virtual machine. It could be operated on-premise or leased from a cloud service provider. Sometimes, the deployment environment is simply the developer's workstation. Other environments can include:

  • Production - the production environment is the environment where end users can actually access the application. Deployment to the production environment means that customers can interact with the updates. Production is also sometimes called the "live" environment.
  • Staging - the staging environment acts as a mirror of the production environment. Its purpose is to mimic the conditions of the production environment without actually being accessible to end-users. Staging environments enable developers to test the functioning of an application in a context similar to the production environment while still preventing users from interacting with any bugs. The staging environment may also be called the model or pre-production environment, or the demo environment.
  • Testing - the test environment is where interface testing is typically performed, and where a team of quality controllers determine whether the updates to the code should be accepted into the core application or further revised.
  • Integration - teams that are attempting to execute on continuous integration deploy new commits to the integration environment on a daily basis. Here, integration testing occurs to verify whether new commits can be integrated into the existing code base without causing errors.
  • Development - a development server offers an environment where individual developers can perform basic unit testing of small pieces of code, prior to its integration with the core application.

Developer teams must maintain the settings of individual deployment environments and ensure that a specific type of environment is configured in exactly the same way each time it is used. Each deployment environment takes on a unique configuration that may be difficult to reproduce, and errors in setting up test environments can lead to inconsistent testing results.

Infrastructure as Code enables software developers working in DevOps to set up virtual deployment environments using scripts, removing the manual process of configuring environments and eliminating a significant potential source of error.

How Does Infrastructure as Code Enhance the Software Deployment Cycle?

Before the introduction of DevOps and the enhanced focus on automation technologies like IaC as a part of the software deployment cycle, software delivery was a tedious and wasteful process that required support from a variety of roles. A single deployment might require support from:

  • A system administrator, who would configure a physical server to mirror the production environment
  • A database administrator, who would set up a database to support the application testing process
  • A developer to build and deliver the code
  • A test team to manually conduct software testing on the delivered code

Only after going through all of these steps would a new piece of code be integrated into the live application and deployed into the production environment. This process requires several man-hours, a lot of human resources, and a significant level of expense. Automation is minimal and the application may still require additional rework if errors are discovered.

Using Infrastructure as Code, developers can now complete all of the key tasks associated with software deployment independently.

To achieve this, the developer writes a special piece of code that will provide instructions to a virtualized machine, databases, testing and delivery tools and other infrastructure. This code will tell the virtual machine how to configure the environment according to exact specifications. When a new update is ready, the developer can run the code to automatically create a virtual test environment according to exact specifications.

IaC can be used to launch a new instance of a virtualized environment and configure it to perfectly mirror the production environment, even considering versioning and service packs. Automated testing tools can be implemented in place of a team of manual testers to conduct unit and integration tests on new code commits.

Streamlining the process of releasing new code through automation is part of what makes it possible for DevOps teams to achieve continuous integration or continuous delivery.

Automation and Security Integration Tools are Key Enablers for DevSecOps

DevOps is rapidly becoming the most important set of principles that governs how organizations choose to build, run and secure their applications. With the release of the Rugged DevOps manifesto in 2012 and the DevSecOps manifesto in 2015, the emerging trend across the industry is that teams are using automation and new software tools to give individual developers the capacity to manage the development, operation and security of their applications.

Sumo Logic's analytics platform was purpose-built as an enabler for DevSecOps. Developers can use the platform to analyze user interaction with applications and make better decisions about what upcoming features and capabilities should be prioritized for development. From a security standpoint Sumo Logic provides an integrated view of system and application logs from throughout the cloud environment, making it easier to correlate network events and investigate security threats in real-time.

Sumo Logic's operational analytics functionality can be used to monitor the security and stability of the IT environment and troubleshoot performance issues to ensure maximum availability of applications and services for the business.