3. AGENDA
• Getting the audience understanding about IaC
• State of DevOps Report
• Problems/Challenges
• Principals and Practices
• Examples
• Demo
4. What is Infrastructure as Code?
• Infrastructure as Code is one of the cornerstones of
DevOps. It is the “A” in “CAMS”: culture, automation,
measurement, and sharing.
• Infrastructure as code is an approach to infrastructure
automation based on practices from software
development.
• It emphasizes consistent, repeatable routines for
provisioning and changing systems and their configuration
6. Pitfalls of Manual Infrastructure
Management
• No Reproducibility
• No Versioning
• No Seamless Audits
• Manual verification test
• Operational Overhead (time/cost)
7. HOW LONG?
Provision a new server?
Rebuild and environment?
Change a configuration setting?
Update package across all servers?
10. HIGH PERFORMING ORGANIZATIONS
• Deploys 46 times more frequently
• 440 times faster lead times
• 96 times faster mean time
• 5 times lower change failure rate
THEY SPEND
• Spent 21 percent less time on unplanned work and rework
• 44 percent more time on new work
• 50 percent less time remediating security issues than low
performers
11. FASTER IS SAFER
2017 State of DevOps Report
High Performing Organizations vs medium/low performing organizations
19. The idea of enabling Infrastructure as Code is that the
systems and devices used to run software can be
treated as if they, themselves, are software.
IaC by Kief Morris
32. ALTERNATIVE CHANGE STRATEGIES
Immutable servers Make changes by rebuilding servers
Phoenix servers Burning down servers at regular
intervals to avoid configuration drift
Containerized services Make changes by building and deploying
new containers
33. AUTOMATED INFRASTRUCTURE TESTING
• Syntax validation/Linting
• Provider specific tests for verifying resources setup
testing ex. AWSpec tests for AWS infrastructure
• Integration and compliance tests for the infrastructure.
ex. InSpec tests along with CIS profiles for compliance
51. AWS region
Availability zone2Availability zone1 Availability zone3
Public subnet-1a
Private subnet-1cPrivate subnet-1b
Private subnet-1a
Public subnet-1b Public subnet-1c
EC2 instances
EC2 instances
EC2 instances
VPC NAT
gateway
Auto Scaling
Auto Scaling
Auto Scaling
Auto Scaling
Bastion
(Jumpbox)
IGW
router
Between 2016 to 2017, the gap for frequency of code deployments narrowed: High performers are still shipping code as the business demands, while low performers went from shipping between once per month and once every six months in 2016, to shipping between once per week and once per month in 2017. Low performers in 2017 have also reduced their lead time for changes: from between one month and six months in 2016 to between one week and one month. This change does not mean that high performers are no longer performing as well. It simply means that low performers are doing better with throughput than they were, on average, and we applaud them for this improvement.
In contrast, high performers have gained an even greater advantage over the past year when it comes to recovering from production and infrastructure outages, and preventing failures in the first place. This is likely giving them an advantage in delighting their customers, because they have many more chances to deliver new value, and what they release is of higher quality. The result is faster time to market, better customer experience, and higher responsiveness to market changes.