Cloud vendors make a point of how easy it is to create infrastructure in the cloud. You can use consoles or the command line to add and remove resources one at a time or in bulk. You can incrementally debug problems and move onto the next task, repeating this process until all resources are functioning properly. This method sounds appealing. It’s straightforward and efficient. It often seems a quick way to deploy infrastructure and applications. Unfortunately, that’s not always the case in the long term.
When you do something manually, a lot can go wrong, resulting in errors. Sometimes errors are bugs in applications and sometimes they’re security vulnerabilities. Regardless of their type, they will cost you.
Ad Hoc Deployment
Let’s consider what you need to do to deploy a Web server. First, you authenticate to your cloud service using an identity with sufficient permissions to access needed resources. Next, you specify a compute resource, such as a VM or container. This requires configuring CPUs, memory, and persistent disks. Plus, you have to configure the network interface, specify firewall rules, enable monitoring and logging, and set up software and local users. You may also need to configure routing, internet gateways, subnets and other network components.
At first glance, this seems a fine way to get a server up and running. It’s simple, and there’s a clear line from point A to point B. However, there are long-term concerns with this approach.
It’s easy to make mistakes when configuring infrastructure in an ad hoc way. One wrong digit when allocating memory could make your server unusable. You could forget to open a needed port or close unneeded ports. IP addresses need to be specified correctly every time for the server to function properly. And so on.
Of course, mistakes can be fixed, but how long does it take to detect and repair them? How often are mistakes like these repeated when you create new Web servers? These errors can have a significant security impact. It’s bad enough when you find your own security vulnerabilities. It’s much worse when someone else finds them first.
What automation brings to the table is repeatable, consistent infrastructure configuration. Not only does this reduce errors, but you no longer lose the time it takes to find and fix these errors.
Some advantages of cloud automation are immediate. For example, as you debug your automation scripts, you’ll be collecting lessons learned and embedding them within the scripts. The next person to run the scripts won’t repeat those initial mistakes. This essentially upskills the entire team by making the knowledge shared.
Moreover, automation makes it easier to replicate infrastructure. After you define a production environment, you can use the same scripts to create a user acceptance testing environment. In the event of a disruption of service, you can quickly recreate the production environment as part of a disaster recovery plan.
Dependency configurations are easier, as well. With automation tools, you can specify any dependencies that need to be in place to deploy an application and associated infrastructure.
Security also benefits from automation. It takes time to configure and manage stored secrets, such as security keys. Consistent control over security and compliance assets is critical. This includes the ability to audit changes to access controls and permissions granted to various users.
To keep up with your organization’s information security policies and industry and government regulations, you often need to be able to demonstrate compliance. How much time will you spend writing scripts to collect information about infrastructure running in your environment so you can report to managers? Again, cloud automation can help relieve this by providing reliable, repeatable tools for auditing.
Avoid Headaches Down the Line
In the end, it may be best to not even start with a traditional point-and-click infrastructure. While cloud vendors make it a point to show all the fine-grained controls users can have over configuration, it doesn’t mean users should be leveraging them in day-to-day tasks.
It seems almost blasphemous to go out and find a new tool to help you use your other new tool, but in this case, it can save you a lot of time and headaches down the line. Cloud automation saves time, improves consistency, and reduces management overhead on system administrators. It also reduces the long-term costs by reducing the risk of bugs and security vulnerabilities.