Skip to main content

From automation to immutable infrastructure

When you are starting your company, especially IT company, and its focus is on developing some software product, you probably do not put much thoughts and time into planning and building your network and server infrastructure. 

And why should you? It is not easy, it takes time, knowledge and experience and it is not important for your development. In a small team, where you can trust everybody and everybody knows everything about infrastructure, it is faster, cheaper and easier to just roll with it.

Falling down the rabbit hole 

Planning and building your infrastructure will take time and resources that can never pay off if your company will not be successful, so it is basically not a wise investment.

It is all fine until you hit certain point when your company kicks off and you need to employ more people. More people mean more security risks and harder information flow between them. So you decide to hire a system administrator.

And he will start to set up your infrastructure. But your infrastructure is in poor condition, there are lot of problems and every old and new employee has problems, that need to be solved. So there is not much time to do things right and system administrator is just patching one problem after another as quickly as he can.

To prevent stuff from getting worse, you and your system administrator or system administrators team needs to set up some standards to make the maintenance as easy as possible.

Climbing out

First approach is to create standards and just distribute them to everybody and hope that they will hold them up. Good luck.

Better approach is to use some automation. That means to make scripts that set up your infrastructure automatically. This eliminates human errors, makes everything standardized automatically and is easier to maintain and to change later.

But why should you write your own scripts? It is hard, it takes time and it is harder to maintain. Just use some automation tool. There is a lot of them. I use Ansible.

There is not a lot of dependencies, it just uses SSH, so you do not need to install client software. All you need is Python 2 installed.

Now, instead of writing a lot of bash and other scripts, you write (mostly) Ansible playbooks. They are simpler, easier to read and easier to maintain.

Next level

After you have automatized your infrastructure configuration, you can go next level and make it immutable. What does that mean? It means that you only use your automation tool to setup your infrastructure and any changes made directly on your servers or other devices are reversed automatically to desired state defined in your automation tool.

This gives you total control over your infrastructure. At any given time you know how is any device on your network set up, who has access to what, what are the latest versions of software and configurations installed etc.


Why should you want that? You need fewer people to take care of your infrastructure, you do not need to create (almost) any documentation about the state of the infrastructure, you can easily let your system administrator leave without loosing any capability to maintain your infrastructure or (almost) without fear of it being compromised and that is just begining.

So, please, automate.


Popular posts from this blog

ProLinks #65 - North Korea, Cryptocurrencies, Propaganda and more

Tech The Incredible Rise of North Korea’s Hacking Army He was right. As the newspapers soon reported, more than sixteen million dollars was withdrawn from roughly seventeen hundred 7-Eleven A.T.M.s across Japan that morning, using data stolen from South Africa’s Standard Bank. The newspapers surmised that 7-Elevens had been targeted because they were the only convenience stores in Japan whose cash terminals all accepted foreign cards. Soon after the raids, the withdrawal limit for many A.T.M.s in the country was reduced to fifty thousand yen Why Cryptocurrency Is A Giant Fraud ❧ Current Affairs Schweikert is partly right: “selling it as a revolution” is a hugely important part of why cryptocurrency is succeeding. But as is generally the case when someone is trying to sell you something, the whole thing should seem extremely fishy. In fact, much of the cryptocurrency pitch is worse than fishy. It’s downright fraudulent, promising people benefits that they will not get and trying

ProLinks Biometrics #51 - Clearview AI and the backlash

This edition brings good and bad news about controversial company Clearview AI. You can also find out about best practices working with biometrics or huge fines for Facebook and Google. Enjoy! Biometrics Identifying anybody thanks to social media This New York Time expose of a not that well known company shows how companies and governments can utilize public information to identify anybody using facial recognition. The companies from which the Clearview AI scrapped the data are fighting back though . Without some serious changes in possibilities to scrape web we are screwed anyway, as researchers have build their own version of Clearview in about two weeks . Source: Best practices for storing biometrics Jeffrey N. Rosenthal and David J. Oberly of Blank Rome LLP. have provided short summary of issues you may face if you want to be in business of storing and working with biometrics , make sure to check it out. BIPA in action Illinois Biometric

ProLinks #11

First ProLinks edition in 2018 brings a lot of links for IT professionals including solid Ruby criticism. Also interesting links about society, science and more inside. IT Managing Engineers with Ron Lichty The Problem Solver - Good developers are good problem solvers. They turn each task into a series of problems they have to solve. Energy Efficiency: A New Concern for Application Software Developers - The prevalence and ubiquity of mobile computing platforms, such as smartphones, tablets, smart watches, and smart glasses, have changed the way people use and interact with software. Clever ideas that failed -  The cleverness of an idea is proportionate to its odds of failure. SSH Security and You - /bin/false is *not* security - I thought to myself, "Fine, no shell for me. I wonder if port forwarding works?" The 100x Engineer - If we want to be 100x engineers — engineers who have 100x the impact of ye’ old 1x engineer—how do we accomplish tha

ProLinks Biometrics #49 - How biometrics is making spying hard

In this edition the highlight for me is an article from Yahoo news about the trouble spy agencies are in because of biometrics and surveillance (I love irony). Other than that, you can read about reducing friction or using biometrics to track police (again, I love irony). Enjoy! Biometrics How biometrics has changed spying Biometrics at borders control, using it to issue documents or checking at hotels is making work of spies using fake identities hard to impossible, depending on a state. For example, Singapore will alert security forces if somebody is taking too long to check into a hotel . Read the linked article to find out much more. Source: Reducing friction Nowadays is all about the user experience and friction or the lack of it. User do not like to make unnecessary actions to accomplish something . Reducing friction is mostly great, but there are also downsides, as overusing social networks. Making sure that policemen are working Pol

Are there types of programmers?

As a response to my previous post about why there is so many programming languages I got very interesting answer about types of programmers. Than I have read linked article about Mort, Elvis, Einstein, and You  and subsequently post The Two Types of Programmers  which lead me to The Fourteen Types of Programmers .  As you have probably realized, there are many different opinions on this topic. So what is the reality? Let me add to the pile of opinions. It always comes down to this - How do we set the criteria on which we want to categorize. Based on these criteria we can form clusters. These clusters of programmers are than our categories. You could probably do this with clustering algorithm if you can form reasonable dataset. So basically the question how many types of programmers are there  cannot be answered without specifying your criteria. And from this misunderstanding of how the question works comes discussions about how many categories there is. There