Infrastructure as Code is the New Modern Cloud
This article submitted by Simeon Cloud
Infrastructure as Code is the New Modern Cloud
Companies are increasingly adopting cloud-based software tools to empower their employees to work, collaborate, and access data remotely. However, cloud-based tools come with new settings that must be securely maintained to prevent hacks. This article will explain how the cutting-edge technology — Infrastructure as Code — differs from other configuration models and why Configuration as Code and DevOps suddenly became vital to the cloud movement.
COVID-19 accelerated the work-from-home trend. Organizations are quickly adopting modern digital workplaces where sensitive data are no longer stored in servers on-premises but rather in the cloud. On-premises servers and virtual private networks (VPNs) have been replaced with cloud-based tools and platforms that connect users with the resources needed to get work done.
Along with the change, organizations face new security concerns from employees using business software outside the office. Before, you had to manage just one network secured by geography. Now, hundreds of settings must be maintained to control who can access the global network, from which devices, where, and how identities get authenticated.
Microsoft’s lineup of cloud-based collaboration, productivity, security, and mobile device management tools is rapidly gaining adoption. However, managing settings for these new tools is difficult, resource-intensive, and prone to error. Engineers must manually point and click through thousands of properties in web-based administration portals.
Cyber-security models as well as compliance auditing place importance on establishing best-practice security settings and ensuring that they are applied correctly without drifting over time. There are three practices for managing cloud configurations: Manual, PowerShell, and Configuration as Code.
Manually, engineers configure settings by hand in administrative portals and cross-reference against documentation such as Excel spreadsheets. This method often leads to mistakes that leave companies vulnerable. With PowerShell, companies deploy imperative scripts that automatedly configure environments. While PowerShell provides some automation to the process, its imperative approach limits its effectiveness for configuration management.
Imperative vs. declarative configuration models
Imperative models, such as PowerShell, deploy settings unidirectionally, which automates the initial set-up. However, they fail to provide automation for maintaining settings. Without writing complex conditional logic, you cannot use the same script to reset an existing environment to align with its desired state. Additionally, if changes are made to settings in the portal, you cannot easily regenerate your PowerShell scripts to incorporate these changes. Your development time is focused on telling your system how to fix itself.
“What” vs. “How”
In the declarative model, Infrastructure as Code, you declare the desired state for your environment (the “what”). Your development time is focused on describing this desired state, and you let the Infrastructure as Code platform focus on applying it (the “how”). The platform understands how to compare the current state of your environment to the desired state and automatically calculates and deploys the corrective actions to re-align the settings.
What is configuration as code?
Configuration as code is the practice of describing, provisioning, and managing settings with code. Configuration code is pulled from and pushed to Microsoft’s administrative portals and used to document, backup, monitor, and implement lifecycle management.
What is DevOps?
DevOps rose to prominence 15 years ago following concerns that the current software development model had flaws. It separated development teams (Dev) that wrote code from operations teams (Ops) that deployed code. The DevOps approach merged the two disciplines, resulting in rapid code delivery via automation and collaboration. With the DevOps model, companies could more effectively test changes to code and push out updates, resulting in faster delivery times and product improvement.
Application of practices to configuration management
Configuration as Code applies the DevOps approach to configuration management. Inherent to the process, you get ongoing drift detection, backup and restore, and lifecycle management controls. Organizations that operate multiple child companies can keep their environments in sync. A gold standard for settings can be established, and the practice helps keep it that way. New settings can be stress-tested in a dev environment, and automation can promote it into production.
The Configuration as Code model is not without its flaws. Building and maintaining a solution requires niche development talent, team resources, and ongoing maintenance. For organizations that may not wish to invest in maintaining their own solution, a Santa Cruz-native startup offers an Office 365 configuration tool called Simeon Cloud, providing out-of-the-box implementation of Configuration as Code management.
For questions, please contact Josh Wittman, Chief Operating Officer of Simeon Cloud – Automate Your Microsoft 365 Configurations.
Email: josh@simeoncloud.com
URL: www.simeoncloud.com