Q&A

Introduction to Azure Infrastructure as Code

• By David Ramel
• 09/25/2023

Infrastructure-as-Code (IaC) automates the provisioning and management of IT infrastructure via machine-readable definition files, obviating the need for manual configuration and management of servers, storage and networks while also facilitating collaboration, reuse and rapid deployment.

In Microsoft's Azure cloud computing platform, the company describes it as a key DevOps practice and a component of continuous delivery.

Primary benefits include:

• Efficiency: Automation lessens the time and effort required to set up and manage infrastructure.
• Consistency: By defining infrastructure as code, teams ensure that the setup is repeatable and eliminates manual errors.
• Speed: IaC allows for rapid deployment of infrastructure, which is particularly beneficial in a cloud computing environment.
• Collaboration: Since the infrastructure is defined as code -- in machine-readable definition files that can be version-controlled and treated just like any other code -- it can be reviewed and collaboratively changed for circumstance just like any other software project.

As such a key component of Azure DevOps, Carey Payette, senior software engineer at Trillium Innovations, will introduce the concept to beginners at the Cloud & Containers Live! event in November, just one part of the big, umbrella Live! 360 conference.

"In this session, we'll review the importance of IaC and how it fits into the Continuous Delivery aspect of DevOps," she told Virtualization & Cloud Review. "In addition, you will get a taste of different IaC technologies, such as ARM, Bicep, Terraform, and more, to manage your Azure resources."

Attendees of the 75-minute introductory-level presentation will lean:

• Understand Infrastructure as Code
• How to leverage Infrastructure as Code in DevOps pipelines
• About tools available that enable Infrastructure as Code

We recently caught up with Payette to learn more about her upcoming session.

VirtualizationCloudReview: What inspired you to present a session introducing Azure Infrastructure as Code?
Payette: As a software developer, discovering IaC was a game-changer that completely transformed my approach to work. I was always drawn to the Azure Portal's user-friendly interface and visual cohesiveness, never realizing how time-consuming and error-prone the process of manually setting up infrastructure could be. I would often diagram the resources needed for a project on a notebook or whiteboard and then access the portal to create the envisioned environment. Unfortunately, my initial deployments were rarely 100 percent correct, resulting in multiple manual configuration changes and the addition or removal of resources until everything was right. Then, once the project was stable, I had to go back and document all the deployments and configurations, which was yet another time-consuming task.

It wasn't until I worked on a large-scale project with colleagues from my company's infrastructure practice that I could witness the power of IaC firsthand. During a working session with this group, I watched in awe as they went from diagram to resource definition to configuration and deployment of initial resources in a single meeting. Even when there was a misconfigured setting, it was easily fixed by changing the value in a code file and re-deploying. This same code was parameterized and re-used to create the test environment. It was checked into source control and included in pipelines, making applying subsequent changes consistently across all environments easy as the project matured.

From a personal perspective, I created a repository of common cloud architectures that I use for customer demos or conference talks. With IaC, I can set up and tear down the infrastructure as required, benefiting from consistency, practicality, ease and repeatability. I also save a lot of money by not having unused resources sitting out in the cloud waiting for my next conference talk!

For newcomers to the concept, how would you define IaC and its significance in today's evolving IT landscape?
IaC is a powerful tool enabling you to define, document, implement and maintain new and existing IT infrastructure. It serves as the source of truth for infrastructure deployments and configurations, and it is a living document that evolves alongside the systems it supports.

One of the core benefits of IaC is that it allows you to check infrastructure code files to source control, just like you would with software code. This means that you can version and manage your infrastructure code just like any other codebase, which is important for ensuring consistency and enabling collaboration among team members.

In early project work, IaC allows for quick iteration on potential configuration options through automated deployments instead of a manual "hunt and peck" approach. Templates can be parameterized to reuse code assets, making deploying repeatable environments such as dev, test and production easy.

During the lifecycle of a system, IaC serves as an effective change-control mechanism. All changes to the infrastructure are first reflected in the code, which is then checked in as files in source control. The changes are then applied to each environment based on current CI/CD processes and pipelines, ensuring consistency and reducing the risk of human error.

In a nutshell, IaC's ability to automate repetitive tasks, reuse code assets and serve as an effective change control mechanism makes it an essential component of modern IT infrastructure management.

Following up on that, for organizations just beginning their IaC journey, what are some common pitfalls or challenges they might encounter, and how can they best prepare or avoid them?

• Pitfall 1: Boiling the ocean/biting off more than you can chew.
  Starting small is essential if you're just starting your journey into IaC. For your first project, I recommend choosing a small, simple, greenfield project that is easy to manage. Bite-sized projects are ideal for learning because the end goal is well-defined, and the team can focus on learning how to incorporate IaC instead of spending time figuring out solutions to complicated architectural problems. It's also beneficial to identify IT staff or consultants who have experience with IaC and can mentor and guide the process. Mentorship is important, as in the software development world, we're all too familiar with the concept of "spaghetti code," which may do the job but is difficult to read and maintain. IaC is also code and is not immune to this type of problem. With guidance, your company can adopt standards for code organization, naming conventions, and reusable modules to increase the chances of success for current and future projects.
• Pitfall 2: Choosing the right framework/tool.
  When selecting an IaC tool, choosing one that best fits your team's skills is essential. Some tools, such as Azure Resource Manager (ARM) templates or Terraform (see below), require knowledge of programming languages like JSON or HCL. Other tools, such as Azure Bicep, allow developers to use programming languages they are already familiar with, such as TypeScript or Python. By choosing a tool that fits your team's skills, you can reduce the learning curve and speed up the implementation process.
• Pitfall 3: Lack of planning.
  Planning ahead concerning CI/CD processes, pipelines, environments, security and testing is also crucial. This means thinking about deploying and managing your infrastructure code across multiple environments, what approval gate checks are needed, code reviews, and how to test your code to ensure it meets your requirements. By planning ahead, you can ensure a smooth implementation process and avoid any potential roadblocks down the line.

For organizations looking to transition to an IaC approach, what are the preliminary steps or considerations they should keep in mind to ensure a smooth transition?
It is important to note that IaC is not just for greenfield, new development projects. Most IaC tools allow for the import of existing deployments. This means you can point the tool to your Azure resources, and the IaC tool can generate code for you. However, it's crucial to review and alter the code to fit the IaC code standards set by your organization. By doing so, you can ensure that your infrastructure code is consistent and maintainable.

Understand that IaC is not a replacement for infrastructure staff. Your infrastructure staff are the domain experts with the knowledge and experience to manage your organization's infrastructure effectively. IaC is a tool they can use to automate the management of that infrastructure, but it doesn't replace their expertise. To ensure a successful IaC implementation, it is essential to give your infrastructure staff the necessary training and time to learn and incorporate IaC into their daily workstream. This includes providing them with the resources they need to learn IaC tools and practices, such as training courses, documentation and access to experts who can provide guidance and support.

The role of IaC in the Continuous Delivery (CD) aspect of DevOps seems critical. Could you elaborate on one way in which IaC complements and enhances the CD process?
Change management. Infrastructure-as-Code can be unit tested and validated, just like any other source code. All infrastructure changes made using IaC are recorded historically with version control. This provides several benefits, including the ability to deploy consistently across multiple environments and roll back changes if necessary, thus providing a level of control and visibility essential for effective change management, ensuring that infrastructure changes are made in a controlled and predictable manner. Remember that including IaC in deployment pipelines doesn't result in full environment rebuilds with each deployment. Only changes to the current state are acted upon -- even though the code files holistically define the environment.

What resources and learning paths do you recommend for Azure users who want to get started with or improve their skills in IaC?
This really comes down to the choice of tools the organization decides to move forward with. Here is a non-exhaustive list of links to get started with some of those tools.

• Azure Resource Manager
• Bicep
• Ansible
• Terraform
• Pulumi
• Chef
• Puppet

Note: Those wishing to attend the conference can save hundreds of dollars by registering early, according to the event's pricing page. "Save up to $400 if you register by Sept. 29!" said the organizer of the event, which is presented by the parent company of of Virtualization & Cloud Review.