Skip to main content

From automation to immutable infrastructure

When you are starting your company, especially IT company, and its focus is on developing some software product, you probably do not put much thoughts and time into planning and building your network and server infrastructure. 

And why should you? It is not easy, it takes time, knowledge and experience and it is not important for your development. In a small team, where you can trust everybody and everybody knows everything about infrastructure, it is faster, cheaper and easier to just roll with it.

Falling down the rabbit hole 

Planning and building your infrastructure will take time and resources that can never pay off if your company will not be successful, so it is basically not a wise investment.

It is all fine until you hit certain point when your company kicks off and you need to employ more people. More people mean more security risks and harder information flow between them. So you decide to hire a system administrator.

And he will start to set up your infrastructure. But your infrastructure is in poor condition, there are lot of problems and every old and new employee has problems, that need to be solved. So there is not much time to do things right and system administrator is just patching one problem after another as quickly as he can.

To prevent stuff from getting worse, you and your system administrator or system administrators team needs to set up some standards to make the maintenance as easy as possible.

Climbing out

First approach is to create standards and just distribute them to everybody and hope that they will hold them up. Good luck.

Better approach is to use some automation. That means to make scripts that set up your infrastructure automatically. This eliminates human errors, makes everything standardized automatically and is easier to maintain and to change later.

But why should you write your own scripts? It is hard, it takes time and it is harder to maintain. Just use some automation tool. There is a lot of them. I use Ansible.


There is not a lot of dependencies, it just uses SSH, so you do not need to install client software. All you need is Python 2 installed.

Now, instead of writing a lot of bash and other scripts, you write (mostly) Ansible playbooks. They are simpler, easier to read and easier to maintain.

Next level

After you have automatized your infrastructure configuration, you can go next level and make it immutable. What does that mean? It means that you only use your automation tool to setup your infrastructure and any changes made directly on your servers or other devices are reversed automatically to desired state defined in your automation tool.

This gives you total control over your infrastructure. At any given time you know how is any device on your network set up, who has access to what, what are the latest versions of software and configurations installed etc.

Conclusions

Why should you want that? You need fewer people to take care of your infrastructure, you do not need to create (almost) any documentation about the state of the infrastructure, you can easily let your system administrator leave without loosing any capability to maintain your infrastructure or (almost) without fear of it being compromised and that is just begining.

So, please, automate.

Comments

Popular posts from this blog

ProLinks #65 - North Korea, Cryptocurrencies, Propaganda and more

Tech The Incredible Rise of North Korea’s Hacking Army He was right. As the newspapers soon reported, more than sixteen million dollars was withdrawn from roughly seventeen hundred 7-Eleven A.T.M.s across Japan that morning, using data stolen from South Africa’s Standard Bank. The newspapers surmised that 7-Elevens had been targeted because they were the only convenience stores in Japan whose cash terminals all accepted foreign cards. Soon after the raids, the withdrawal limit for many A.T.M.s in the country was reduced to fifty thousand yen Why Cryptocurrency Is A Giant Fraud ❧ Current Affairs Schweikert is partly right: “selling it as a revolution” is a hugely important part of why cryptocurrency is succeeding. But as is generally the case when someone is trying to sell you something, the whole thing should seem extremely fishy. In fact, much of the cryptocurrency pitch is worse than fishy. It’s downright fraudulent, promising people benefits that they will not get and trying

ProLinks Biometrics #49 - How biometrics is making spying hard

In this edition the highlight for me is an article from Yahoo news about the trouble spy agencies are in because of biometrics and surveillance (I love irony). Other than that, you can read about reducing friction or using biometrics to track police (again, I love irony). Enjoy! Biometrics How biometrics has changed spying Biometrics at borders control, using it to issue documents or checking at hotels is making work of spies using fake identities hard to impossible, depending on a state. For example, Singapore will alert security forces if somebody is taking too long to check into a hotel . Read the linked article to find out much more. Source: privateinternetaccess.com Reducing friction Nowadays is all about the user experience and friction or the lack of it. User do not like to make unnecessary actions to accomplish something . Reducing friction is mostly great, but there are also downsides, as overusing social networks. Making sure that policemen are working Pol

ProLinks #11

First ProLinks edition in 2018 brings a lot of links for IT professionals including solid Ruby criticism. Also interesting links about society, science and more inside. IT Managing Engineers with Ron Lichty The Problem Solver - Good developers are good problem solvers. They turn each task into a series of problems they have to solve. Energy Efficiency: A New Concern for Application Software Developers - The prevalence and ubiquity of mobile computing platforms, such as smartphones, tablets, smart watches, and smart glasses, have changed the way people use and interact with software. Clever ideas that failed -  The cleverness of an idea is proportionate to its odds of failure. SSH Security and You - /bin/false is *not* security - I thought to myself, "Fine, no shell for me. I wonder if port forwarding works?" The 100x Engineer - If we want to be 100x engineers — engineers who have 100x the impact of ye’ old 1x engineer—how do we accomplish tha

Are there types of programmers?

As a response to my previous post about why there is so many programming languages I got very interesting answer about types of programmers. Than I have read linked article about Mort, Elvis, Einstein, and You  and subsequently post The Two Types of Programmers  which lead me to The Fourteen Types of Programmers .  As you have probably realized, there are many different opinions on this topic. So what is the reality? Let me add to the pile of opinions. It always comes down to this - How do we set the criteria on which we want to categorize. Based on these criteria we can form clusters. These clusters of programmers are than our categories. You could probably do this with clustering algorithm if you can form reasonable dataset. So basically the question how many types of programmers are there  cannot be answered without specifying your criteria. And from this misunderstanding of how the question works comes discussions about how many categories there is. There

ProLinks #62 - AI, Statistics, Tarkovsky and more

Tech Are Deep Neural Networks Dramatically Overfitted? The fundamental idea in MDL is to view learning as data compression. By compressing the data, we need to discover regularity or patterns in the data with the high potentiality to generalize to unseen samples. Information bottleneck theory believes that a deep neural network is trained first to represent the data by minimizing the generalization error and then learn to compress this representation by trimming noise. The Therapy-App Fantasy “It would clearly be naïve for psychotherapists to turn a blind eye to science, or to be ‘against’ scientific methodology,” he wrote. “But the attempt to present psychotherapy as a hard science is merely an attempt to make it a convincing competitor in the marketplace. It is a sign, in other words, of a misguided wish to make psychotherapy both respectable and servile to the very consumerism it is supposed to help people deal with.” (Psychotherapy, he points out, emerges historically just as “t