What is infrastructure-as-code (IaC)?

Infrastructure-as-code (IaC) allows developers and operations teams to automatically manage computer data centres using machine-readable definition files.

Also called software-defined or programmable infrastructure, IaC eschews physical hardware configuration and configuration tools for repeatable digital configuration files. Using high-level descriptive coding language, IaC automates IT-infrastructure provisioning and eliminates the need for manual management and provisioning of infrastructure elements, such as servers, storage and database connections. IaC is a key practice of DevOps, and allows for a more streamlined set of processes in developing and deploying new software applications. IaC provides a way to ‘shift left’ the management of infrastructure—meaning it can move under the control of developers or DevOps teams rather than being a manual step at the end of the deployment pipeline.

At first glance, it may seem that infrastructure-as-code really isn’t bringing anything new to the table—it’s just changing what has traditionally been a manual task (configuring IT infrastructure), and making it a digital one. But with this switch comes the solutions to several key problems that have been facing IT personnel for decades.

Difficulty managing IT infrastructure

Managing IT infrastructure is not only complex and labour intensive, it’s also costly. At each stage of the process, engineers, maintenance technicians and others have to be available to perform essential tasks. Organisations need to be able to meet the salary needs of these experts. On top of that, ensuring proper coordination and resource deployment demands necessitates increased management costs.

Monitoring and visibility issues are likewise potential problems in traditional configuration. Traditional infrastructure configuration relies on multiple individuals or teams, creating inconsistency and often making monitoring and performance optimisation extremely difficult. That inconsistency can also lead to problems of misconfiguration where an incorrect parameter is used which can result in potentially serious consequences. Misconfiguration has been blamed for many high-profile outages of systems that affect many people.

Finally, because manual configuration depends on system administrators to set up new servers, it responds slowly to increased demand. As need for resources spikes, manual configuration can prevent effective scaling and make it difficult for businesses to handle the increased load. And, without available back-up servers, then application availability suffers.

DevOps challenges

DevOps experiences its own problems when working with traditional configuration techniques. Instead of identifying and eliminating misconfigurations and other problems during the build process, traditional management all but ensures that these issues remain unnoticed until runtime. And, by having to reallocate developer resources to address these issues at runtime, organisations are forced to pull experienced professionals from other important tasks, without actually addressing the core fault.

Additionally, newly configured infrastructure must be capable of joining the organisation’s existing environment. Manual configuration can create security and compliance issues in the context of the broader environment, particularly as the cloud is a dynamic and constantly changing entity.

Effective infrastructure-as-code provides solutions to many of the issues and inefficiencies associated with traditional infrastructure configuration. With IaC, organisations can enjoy the following advantages:

Increased Speed

With IaC, complete infrastructure can be created simply and quickly, simply by running a script. This is possible through every stage of the software development lifecycle, regardless of environment.

Graphic Showing the Benefits of IaC

Reliable consistency

When configuration is the responsibility of human IT personnel and operations teams, discrepancies are unavoidable. But when IaC files exist as the primary source of truth, organisations can add configuration data management tools and policies to consistently deploy the right configurations as many times as needed.

Improved tracking and accountability

A sometimes overlooked advantage of IaC files is that they maintain a clear record of any and all changes. Teams can easily review what changes have been made, when, and (in the event that accountability becomes an issue) by whom. And, because IaC maintains previous versions in an accessible repository, developers can return to previous instances and redeploy earlier environments in the event that problems arise.

Optimal efficiency

By codifying and automating the deployment of infrastructure architectures, organisations can significantly increase efficiency and productivity throughout the development lifecycle. Testing can occur simultaneously in multiple staging environments, which can themselves be created and deployed in minutes. At the same time, IaC makes it easy to incorporate continuous integration and continuous deployment techniques.

Reduced costs

Taken all together, perhaps the greatest advantages of IaC are reduced costs and increased returns. By automating configuration and deployment, organisations cut many of the expenses associated with hardware, staffing, training and management, while also allowing experienced IT personnel to refocus their energies on tasks that bring in greater value.

Add to this the aforementioned speed, consistency and efficiency, and it becomes clearer how IaC investments are capable of paying for themselves extremely quickly.

IaC uses the same versioning that DevOps uses for source code. In fact, DevOps treats IaC as any other code development in the DevOps toolchain. This means that any infrastructure code changes are managed alongside the rest of DevOps tasks.

DevOps can also apply policies to the IaC changes, and allow for automated tracking and approvals of changes—such as through the use of ServiceNow DevOps for automated change. IaC also empowers DevOps to easily create production-identical test environments at any stage in the development cycle, reducing the likelihood of experiencing potentially critical deployment issues. With IaC, DevOps is more capable of coordinating effectively using consistent practices and tools, and delivering applications and infrastructure quickly, reliably and with the ability to scale to meet demand.

In the CI/CD process, infrastructure-as-code control is shifted from IT operations personnel to developers. This allows DevOps teams to treat the infrastructure changes like any other pieces of code, and apply DevOps and site reliability engineering (SRE) tools and products to provide oversight through the entire value stream.

Getting the most out of an IaC strategy means identifying and following best practices. These tried-and-true suggestions can help ensure an effective IaC approach to configuration and deployment.

Avoid documentation for specifications

External documentation of infrastructure specifications is inexact and easy to lose track of. Break the habit of external documentation, and instead code specifications into the configuration files themselves, where they will always be accurate and available.

Recognise code as the single source of truth

As mentioned in the previous point, coding infrastructure specifications into configuration files is preferable to using external documentation. And once those specifications have been coded, refer back to those configuration files as the single source of truth for all things related to infrastructure management.

Test thoroughly

One of the benefits of code when compared to physical configuration is that code can be tested. Employ IaC testing tools to ensure that configurations are free of errors and inconsistencies before they move through to production.

Version control everything

As IaC fits so well with the CI/CD approach to development, it can move at a breakneck pace. Be sure that as new changes are deployed, old versions are kept safely available using source control. This allows teams to revisit and reload previous versions in the event that new deployments create unforeseen problems.

ServiceNow and IaC

As noted above, misconfiguration is a major challenge for infrastructure. It has been blamed for security lapses, exposure of private data, and significant system outages that affect millions of users.

In 2020 ServiceNow acquired a company called Sweagle which is now a part of the DevOps portfolio as DevOps Config. DevOps Config provides a central location for managing configuration data. This solves the remaining problems for DevOps teams when using IaC, namely:

  • Access controls can be applied to the configuration data and only authorised users are given the permission to make changes and define configuration files for use in IaC. This helps to protect passwords and other sensitive data, and it prevents changes that might otherwise happen in standalone configuration tools.
  • Policies can be applied to configuration information. For example, it is common to use different databases for testing an application versus using it in production. Policy can validate that the database configuration string is correctly altered in IaC between internal testing and releasing into production.
  • The system can learn from prior configurations that resulted in problems. Artificial Intelligence and Machine Learning can be applied to help write new policies to ensure an issue does not recur.
  • The central place for managing infrastructure configurations provides the oversight that a single repository allows. A person does not have to look in Git code repositories, network configuration tools, and other sources to understand configurations—they are all available in one place. This also includes the ability to keep a snapshot of prior configuration versions to help with later troubleshooting.

Capabilities that expand with your business

Expand DevOps success across the enterprise. Take the risk out of going fast and minimise friction between IT operations and development.