Brave New World: Infrastructure Automation

Copyright © 2017 HashiCorp
Brave New World: 
Infrastructure
Automation

View Slide

Armon Dadgar
Founder and CTO
@armon

View Slide

CONNECT
Infrastructure & applications
RUN
SECURE
PROVISION
Applications
Infrastructure
OSS TOOL SUITE PRODUCT SUITE
Consul
Nomad
Terraform
Vault
Consul
Enterprise
Nomad
Enterprise
Vault Enterprise
Terraform
Enterprise
FOR TEAMS
FOR INDIVIDUALS
Provision, secure, connect, and run any infrastructure
3

View Slide

Market Trends

View Slide

Tractor Company or
Software Company?

View Slide

▪ Applications shifting from Back office to Front office
▪ Traditional Companies being Disrupted by Software
▪ Pressure to Deliver Applications Faster
Applications Front and Center
6

View Slide

View Slide

▪ AWS, Azure, GCP, Oracle Cloud, IBM Cloud, Alibaba, Huawei
▪ Doing $XXB in revenue
▪ Growing at 100%+ YOY
▪ Avoid CapEx for new projects, enable experimentation
▪ Elastic capacity for scaling
▪ Outsource specialized know how
Public Clouds set Sail
8

View Slide

HVAC: Security Risk?

View Slide

▪ Security has been elevated into a critical business risk
▪ Target compromised through an HVAC system
▪ Google compromised by splicing dark fiber
▪ Regulation changing the landscape (GDPR, CSL)
Security is a Board topic
10

View Slide

s
11
Rethinking Entire
Application Delivery
Lifecycle

View Slide

▪ Natural Tension of Goals
▪ Deliver Applications Faster
▪ Reduce Complexity and Manage Risk
▪ Principles, Process, and Tools all matter
Application Delivery Goals
12

View Slide

Essential Application Delivery Steps
13
CONNECT
RUN
SECURE
PROVISION
Applications
Infrastructure
Register and monitor the
application and its components
Push the application into the
environment
Secure distributed environment to
which applications will be deployed
Develop & test the application
CONNECT
DEPLOY
SECURE
BUILD / TEST

View Slide

Copyright © 2017 HashiCorp 14
CONNECT
RUN
SECURE
PROVISION
Applications
Infrastructure
environment
Create core infrastructure to
run applications
Create environment-appropriate
version of the application
CONNECT
DEPLOY
SECURE
PROVISION
PACKAGE
BUILD / TEST

View Slide

CONNECT
RUN
SECURE
PROVISION
Applications
Infrastructure
environment
run applications
CONNECT
DEPLOY
SECURE
PROVISION
PACKAGE
BUILD / TEST

View Slide

CONNECT
RUN
SECURE
PROVISION
Applications
Infrastructure
environment
run applications
CONNECT
DEPLOY & RUN
SECURE
PROVISION
PACKAGE
BUILD / TEST

View Slide

Provision
18
Providing a common workflow to
provision infrastructure and
application resources across private
cloud, public cloud, and external
services.
Multi-Cloud
Provisioning
Operations
Provision Any Infrastructure
For Any Application

View Slide

The shift to hybrid infrastructure
19
TRADITIONAL 
DATACENTER
TRADITIONAL 
DATACENTER

View Slide

20
AWS Azure GCP
Private cloud
HYBRID DATACENTER
TRADITIONAL 
DATACENTER
TRADITIONAL 
DATACENTER

View Slide

21
AWS Azure GCP
Private cloud
Application Platform
Core Infrastructure
Security
HYBRID DATACENTER
TRADITIONAL 
DATACENTER

View Slide

AWS Azure GCP
Private cloud
HYBRID DATACENTER
TRADITIONAL 
DATACENTER
Core Infrastructure
Security

View Slide

▪ Public Cloud is forcing Multi-Cloud Architecture
▪ Provisioning of Core Infrastructure is Heterogenous
▪ API driven clouds, no API standardization
▪ Usage is Elastic
▪ Scale is orders of magnitude larger
Provisioning Challenges
23

View Slide

▪ Infrastructure as Code
▪ Versioning, Automation, Sharing, Modularity, Peer Review
▪ Point-and-Click does not scale, error prone
▪ Embrace Heterogeneity, Provide Common Workflows
▪ Extensibility Critical
▪ Incorporate new technologies without retooling
Next-Generation Provisioning
24

View Slide

Secure
25
Centrally secure, store, and tightly
control access to secrets across
hybrid infrastructure and
applications.
Application-Centric
Security
Security
Secure Any Infrastructure
For Any Application

View Slide

View Slide

▪ Networks were hard on the outside, soft on the inside
▪ Deployed network middleware at ingress/egress
▪ Physical networking constrained traffic flow
▪ Complex topologies very difficult to model and secure
▪ Applications assumed confidential and privileged network
Castle & Moat Security
27

View Slide

▪ Assume “Zero Trust”, network is already compromised
▪ Application-Centric
▪ Authentication required on private networks
▪ Application to Application authorizations
▪ Data Encrypted in transit and at rest
Next-Generation Security
28

View Slide

Run
29
Cluster managers and schedulers
for self-service deployment and
lifecycle management of
applications on any infrastructure.
Self-Service
Deployment
Deployment
Run Any Application
Across Any Infrastructure

View Slide

▪ Operators coupled to Developers tightly (1:8)
▪ Low velocity of deployment
▪ Limited diversity of middleware
▪ Open Source gaining traction in Enterprise
▪ Specialized Middleware (Caches, NoSQL, Big Data, Messaging)
▪ Multi-Cloud Support
Traditional Operations
30

View Slide

AWS Azure GCP
Private cloud
HYBRID DATACENTER
TRADITIONAL 
DATACENTER
Core Infrastructure
Security

View Slide

▪ Empower Developers to Deploy, Decouple Operators
▪ Provide Higher Level Abstractions
▪ Support highly diverse applications and middleware
▪ Cluster Managers and Schedulers provide self-service, decoupling,
higher density
▪ Nomad, Kubernetes, Mesos, etc
Next-Generation Deployment
32

View Slide

Connect
33
Service discovery, runtime
configuration, and orchestration
needed for micro service based
applications to operate.
Enabling Services
Service Catalog
Connect Any Application
Across Any Infrastructure

View Slide

▪ Monolithic applications
▪ Low churn
▪ Limited scale out
▪ Load balancers
Monolith Connectivity
34

View Slide

▪ Service Oriented Architecture ~= Microservices
▪ N-Tier applications
▪ Public Cloud and Containers increasing churn
▪ Applications being updated more frequently
▪ 10-100x traditional scale
SOA strikes Back
35

View Slide

▪ Dynamic Service Catalog
▪ Services “Publish” availability
▪ Clients can “Discover” location services at runtime
▪ Handle high rate of change
▪ Route around failures
▪ Mix Mainframes, VMs, Containers, Serverless, etc
▪ Network is the connectivity layer
Service Discovery
36

View Slide

▪ Dynamic CMDB
▪ Service level abstraction
▪ Platform Agnostic (Public/Private Cloud, VM/Container)
▪ Resilient to Cloud reliability / Container churn
▪ Provides visibility into global state
▪ Enforce service level security policy
Next-Generation Connectivity
37

View Slide

s
38
Paradox of Automation

View Slide

View Slide

▪ Automation enables a change to be repeatable and fast
▪ Gives developers and operators enormous leverage
▪ Does not imply every change is desirable!
▪ Physical world made mistakes more obvious
▪ Did you really mean to order 5000 servers?
▪ Did you really mean to rewire traffic around the firewall?
Automation Challenges
40

View Slide

▪ Infrastructure as Code
▪ Codified and Versioned Infrastructure
▪ Policy as Code
▪ Codified and Versioned Policies
▪ Policy ensures incremental changes are safe
▪ Prevent automation avalanche
▪ Automation with Guardrails!
Next-Generation Automation
41

View Slide

Thank you.
[email protected]
www.hashicorp.com

View Slide

Brave New World: Infrastructure Automation

Brave New World: Infrastructure Automation

Armon Dadgar

More Decks by Armon Dadgar

Featured

Transcript