Saturday, May 18, 2024

Why Infrastructure-as-Code Must Evolve

Today, most enterprises have migrated towards a cloud-based infrastructure where their deployments are 100% software-driven and most of the underlying resources are standardized. The volume of today’s off-the-shelf solutions and additional services have allowed developers to create complex scalable applications for both on-prem and in the cloud. Even though this delivers flexibility and agility for application development, the proliferation of solutions and services has led to a tremendous uptick in fragmentation throughout the infrastructure.

Originally, infrastructure-as-code (IaC) changed how software engineers and operations determined the provisioning and maintenance of their infrastructure, but IaC also allowed teams to treat infrastructure like product code whereby changes were easier to track, more repeatable, iterative, and easily recoverable. Combining the same tools as any other software project with IaC allowed developers to rapidly deploy applications.

Now, the increasing complexity of data center configurations, advanced security requirements, and constantly changing guidelines means IaC is no longer working as well as it once did. New technologies have been introduced along with added techniques that solve many of the unique challenges IaC presents.

IaC Must Evolve  

IaC can be defined as the process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. To create a successful IaC workflow, the user needs to create the supporting infrastructure, then build out the platform/application services, and finally conduct application provisioning (CI/CD) followed by application monitoring.

Essentially, IaC requires DevOps engineers to have an in-depth knowledge of security risk, configurations, and compliance standards, along with the ability to code well – leading to a unicorn skillset. In other words, developers are not operators and operators are not developers. The result is that DevOps teams’ needs have outgrown what IaC can provide.

While IaC shines at creating the base infrastructure and building out the platform/application services, it is strongly lacking in provisioning, application monitoring, and CI/CD.

To meet the changing and demanding needs of today’s DevOps teams, IaChas to operate at a higher level of abstraction. To do this, the following steps are recommended:

  1. Self-service with guardrails for developers: Developers want to focus on building applications – not infrastructure. With code automation, developers can ask for secured resources without having to know tons of lower-level details to meet operations or accidentally violating the needed compliance and security requirements.
  2. Application-centric automation: Application-centric infrastructure configures and displays the entire application ecosystem – allowing administrators to manage a single system for application delivery instead of managing individual servers. It encompasses the virtualization of the data center and incorporates automated load-balancing, on-demand provisioning, and the ability to scale network resources as needed.
  3. A rules-based engine: Application-centric automation by itself isn’t enough. We need a rules-based engine that can take app-centric information and automatically run the rules to make sure that the software is compliant with the relevant security standards.

IaC needs to continue to evolve to meet the demands and the dynamic environment of DevOps teams today. Fortunately, new technologies such as no-code/low code (LC/NC) are addressing many of the shortcomings of IaC. Low code/no-code applications can provide a close fit to business requirements, can be implemented quickly, and cost much less than those developed in-house. As the dynamic developer landscape continues to change, so too are the technologies that help to enable their success.

Venkat Thiruvengadam is the Founder and CEO of DuploCloud (, a no-code end-to-end DevOps automation and compliance platform that takes high-level application specifications from the user and translates them into secure cloud configurations. Venkat was also an early engineer at Microsoft Azure and the first developer and founding member in Azure’s networking team, Venkat wrote significant parts of Azure’s compute and network controller stack.