The Computer Weekly Developer Network (CWDN) continues its Infrastructure-as-Code (IaC) series of technical analysis discussions to uncover what this layer of the global IT fabric really means, how it integrates with the current push to orchestrate increasingly cloud-native systems more efficiently and what it means for software application development professionals now looking to take advantage of its core technology proposition.
This piece is written by Patrick Jean, CTO of OutSystems – a company known for its modern software application development platform and tools used across industry verticals, government and throughout the enterprise application ecosystem.
Jean writes as follows…
As we know, IaC is the methodology, approach and systematic process that we can use in cloud infrastructure construction to automate the provisioning and management of compute resources with machine-readable templates.
When we look at delivering enterprise-grade applications for both web and mobile that run in the cloud or on-premises environments, we think about how the different core elements of infrastructure could and should effectively function one driven forward into live production.
With our own platform perspective in mind, a typical installation comprises of an infrastructure with four environments.
Understanding what these environments, how they differ and what role they play can help us to engineer the ‘shape’ of IaC deployments as they now form an essential lower substrate layer that supports modern computing environments.
Developer, quality, production, LifeTime
First, let’s consider the development environment. This is where the software engineering team (and wider users of development tooling) exist and operate with specifically instantiated user accounts.
Second, let’s look at quality. The quality environment is where testers and business users experiment with what is known as ‘production candidate’ applications or the application versions resulting from (Agile) sprints.
Although there are usually few scalability and redundancy requirements associated with the quality environment, lessons learned here can help to guide the higher-level subsequent architecting of the IaC estate as we progress and further augment and finesse our application base.
Third comes production. The production environment part of the deployed infrastructure is where full control is given to the operations (Ops) team. This is where it is advisable to set up read-only access accounts for development/maintenance teams to have access to analytics information on performance and application errors.
As our fourth infrastructure cornerstone, let’s make sure that we remember the LifeTime Environment. LifeTime is the console for managing the infrastructure, environments, applications, IT users and security.
A new construct & paradigm
So as we consider where the use case and application of IaC really lands and sits, let’s go back to basics for a moment and ask – why Infrastructure-as-Code?
Bespoke infrastructure builds, whether bare metal or virtualised, characteristically lead to high defect rates and unnecessary variability. Security exposures (misconfigurations) and vulnerabilities are introduced at a higher rate. It costs more, takes more time in the long run – and it’s painful to change rapidly and almost impossible to keep up with the speed of application changes.
Other than Proof of Concepts (PoCs) or very small projects, we need multiple copies of infrastructure scale units, due to high availability and performance needs. So we need the job of infrastructure building and construction to function similarly to application building and development.
Enter IaC – a developer’s solution to the infrastructure build challenge which fits quite nicely with the current DevOps toolchain.
So you want to know what the problem is with most IaC today? It’s still not directly tied to the reason infrastructure exists in the first place: to serve up applications. So while imperative and declarative IaC is better than bespoke infrastructure builds, there is still a large gap in terms of effectiveness.
When applications get updated, new services are added, the modification of the code in IaC is still done by humans. So we have two disconnected code bases, application code and infrastructure code. Human actions are still in the middle and still lead to quality issues and slower time to value. Value is only derived when applications are used, the infrastructure is a means to an end.
There is a better way.
An intentive IaC approach
Fully automated Infrastructure-as-Code, generated to match the needs of the application code, with no humans involved is that better way. Something better than imperative IaC and declarative IaC… and it is something I like to call ‘intentive IaC’ as an approach. Modern application development platforms such as our own focus on the creative aspect of application development, the visual interface, workflows, integrations and data. IaC is automatically generated, based upon the intent of the application.
Do you need users in multiple geographies worldwide? Do you need asynchronous, offline data storage? Do you need to handle 10 million end users for your mobile app? The merging of application code and infrastructure code into one seamless application leads to high-quality, extremely fast application deployment.
The modern DevOps toolchain today is an ecosystem of amazing tools and technologies to help improve the quality and speed of continuous delivery. But the DevOps toolchain is a solution to a problem we shouldn’t have.
By merging application code and infrastructure code, focusing on the intent of the application and ensuring the entire code base is automated and integrated to deliver this intent, we have a far superior approach to infrastructure as code. We realise the value prop of DevOps today by eliminating one source of the problem; disconnect application and infrastructure design and code. Unnecessary variability in the infrastructure configuration is eliminated.
Infrastructure exists to serve the application which exists to deliver value to the end user. Intentive IaC delivered through a modern application development platform such as OutSystems, eliminates bugs in IaC, greatly improves the speed of application deployment, significantly reduces security exposures and vulnerabilities, frees the developer from the IaC maintenance burden and ensures the intent of the application is delivered to the end-user or machine.