Globally Consistent Infrastructure-as-Code: Why it Matters
In my Radius post “Dissecting Cloud Architectures – Getting the Best of All Worlds,” I discussed the tradeoffs and use cases for choosing the right architecture for a given application or service. I speak with a lot of IT leaders that want to strategically leverage cloud services when possible, but also want flexibility to deploy and manage applications and services consistently across multiple clouds, data centers, and sometimes even branch or edge environments. Platform as a service (PaaS) and containers as a service (CaaS), can only take you so far. Sure, those solutions make it easy to package and deploy code consistently to a variety of environments, but enterprises still must reconcile operational drift between clouds or data centers. That can lead to higher operational costs because separate tools and processes are often needed for operational requirements such as networking and security, audit, backup, performance management, and so on. In addition, agility can also be impeded because operational drift may cause additional quality assurance testing and certification to be required prior to a migrated or re-deployed application being production-ready in a new cloud or environment.
Globally Consistent Infrastructure-as-Code’s Core Value
Globally consistent infrastructure-as-code is not something required for many use cases such as SaaS and a variety of provider-native platform services. In many cases with those solutions, enterprises are forsaking some flexibility (e.g., portability to another service provider) for convenience (e.g., rapid time-to-value). That said, while SaaS and many provider-native services are part of most cloud strategies, the majority of enterprises that I meet with prefer to also have a solution that provides greater choice and control. When PaaS, CaaS, and traditional applications are run on a platform that offers globally consistent infrastructure-as-code, organizations can realize the best of all worlds – application and operational consistency, regardless of where an application or service resides. A combined globally consistent PaaS/CaaS/infrastructure solution yields what James Watters has referred to as developer-ready infrastructure. PaaS and CaaS cross-cloud/data center consistency has been fairly well accepted, whereas infrastructure has often been siloed by individual provider or vendor IaaS solutions, or abstracted by the PaaS/CaaS layer.
Regardless of whether it’s called IaaS or simply abstracted, a universal truth in IT is that all applications and services require programmatic compute, storage, networking and security. Infrastructure-as-code must exist, whether it’s offered as a native service (i.e., IaaS) or abstracted below a PaaS or CaaS solution. Sure, infrastructure details can be abstracted away and many software engineers should not have to know or care about those details, but there are reasons to care in terms of your overall strategy. To better understand the value of consistent, programmatic infrastructure services, consider the diagram below.
Running traditional and cloud native applications and services on globally consistent infrastructure-as-code offers the following benefits:
- Control of all intellectual property: Software engineers decide which open and closed source solutions they want to leverage to build and maintain services, inclusive of which software versions and use of native solution APIs. Services can be moved or re-deployed without impacting all previous engineering investments.
- Maintenance window control: IT decision makers can determine the best times to update application/service stacks, without having a platform update mandated to them by a provider. That gives software engineers more control over when they have to shift any cycles from their innovation bucket to their maintenance bucket. Purists might argue that innovation and maintenance are becoming one-in-the-same, but that’s not the reality practiced by most IT organizations today.
- Deployment Flexibility: Applications and services can be deployed and managed across several scenarios, including:
- Provider/data center choice – Any supported cloud service provider or private data center running the same infrastructure-as-code platform.
- Private cloud anywhere – Workloads born in a public cloud can shift to a private cloud stood up anywhere in the world on short notice, something that may be necessary due to unforeseen circumstances such as new regulatory constraints or a natural disaster that has cut reliable connectivity to a provider data center.
- IoT – Many Internet of Things (IoT) use cases are requiring that analytics infrastructure reside within 5 ms of the IoT gateway in order to provide the required performance SLA, something not achievable in many public cloud scenarios. Deployments to a variety of manufacturing plants are also required when sensitive data is prohibited from ever leaving the facility.
- Consistent telemetry: Developers can have a consistent way to measure performance, experience, and resolve issues between application tiers, regardless of where the application or service resides, using the same tools and APIs.
- Traditional and cloud native application co-location: Traditional and cloud native applications can be hosted on the same infrastructure in the same cloud, data centers or branch locations in order to achieve better performance and control.
- Operational consistency: IT operations teams can ensure consistent networking, security policy, audit, change management, backup and recovery, and more, regardless of where an application resides. Added operational cost, security risk (due to policy or configuration drift) and complexity are avoided. In the backup and recovery scenario, imagine trying to recover data that was originally backed up from a provider in which you migrated away from six years ago. How long would it take to recover the data?
As you can see, there are numerous benefits to leveraging a developer-ready infrastructure that provides globally consistent PaaS, CaaS, and infrastructure-as-code. Of course, many would be concerned about the potential for lock-in at the infrastructure layer. That is why it’s crucial that solutions in this emerging space offer a truly open integration layer, inclusive of PaaS/CaaS (e.g., Cloud Foundry, Docker or Kubernetes) or the IaaS layer (e.g., OpenStack or Photon). With open integration, organizations are able to move to comparable solutions that are just as committed to open integration. In addition, by standardizing on an open integration layer, you’re able to onboard emergent solutions whenever you’re ready. If you want to support one of the many Kubernetes-based private serverless solutions or Spring Cloud Functions, go ahead. Nothing is holding you back. When the next solution or project comes along that catches the eye of your software engineers, you can quickly move to support it as well while easing the integration of the emergent architecture with already deployed solutions such as VMs, containers and traditional applications.
VMware believes there is a big future in globally consistent infrastructure-as-code, and I doubt we’ll be the only ones to offer a solution in this space. Organizations can achieve the benefits that I have described today by leveraging solutions core to this vision: Cloud Foundation, NSX, DIY or VMware-Validated Designs, VMware Cloud on AWS, vCloud Air Network, IBM Cloud, Pivotal-VMware Cloud Native Stack, Photon Platform and vSphere Integrated Containers (VIC), and management via the vRealize Suite. Also, for provider-native solutions where full enterprise control is not needed, we are providing operational consistency where it’s needed most via our Cross-Cloud Services.
It’s easy to say that in the cloud era that infrastructure no longer matters. However, consistent infrastructure-as-code can give you benefits not possible with other approaches, and flexibility to take on whatever comes next. VMware believes that enterprises will see considerable value in globally consistent infrastructure-as-code and embrace its strategic relevance. Furthermore, our commitment to open source means that we will give you plenty of avenues to simply walk away. We want to win on merit and trust, and in essence we are betting on ourselves and enthusiasm around our vision. This topic is larger than a single blog post, and look for me to continue providing deeper examples in the coming months.
Follow us on Twitter @vmwocto