The challenge with Infrastructure-as-Code (IaC) is that it can cut across disciplines, requiring security expertise, developer programming skills, and the deployment abilities of IT operations.
“That code doesn’t write itself — you still need [a] tremendous amount of subject matter expertise in terms of operations and security,” said Venkat Thiruvengadam, CEO and founder of DuploCloud. “This idea that developers would just use infrastructure as code and build software, I think it’s starting to hit challenges — because while they know how to do programming, the developers don’t know operations because they’re not IT [operations] people, they don’t know security because they’re not security people.”
Infrastructure-as-Code tools are growing in popularity because they automate and streamline the complexities of deploying in hybrid or multicloud environments, and now in edge computing, said Jay Lyman, an analyst with 451 Research, which is part of S&P Global Market Intelligence.
“That’s a big part of why we see traction for Infrastructure-as-Code and GitOps to where you are providing some consistency across the different environments, across dev test and production,” Lyman said. “Infrastructure-as-Code, if deployed properly, can help you mitigate some of that complexity; you can mitigate configuration, and environment drift.”
The IaC solutions market is relatively mature, said Douglas Reynolds, a software engineer at the CERT Division of Carnegie Mellon University’s Software Engineering Institute, who has studied the market.
“Where you’re gonna see the changes are going to be more towards the orchestrators that are basically running the tools,” Reynolds told The New Stack. “If you pick Ansible, a lot of times it’s an ad hoc run, or there’s a machine running it. Chef, you can run it by logging into the system, manually executing the code. […] So I think the biggest changes that are going to be coming with the orchestrators, that basically provide you a user interface over these tools.”
Thiruvengadam sees a market ripe for disruption. The cross-disciplinary skills required by IaC — someone with security, operations and coding experience — is a niche, Thiruvengadam told The New Stack. The San Jose, Calif.-based DuploCloud targets that need with a low-code/no-code solution.
“The general idea with Duplo cloud is that you can use infrastructure-as-code, but you just have to write a lot less lines of code,” he said. “A lot of people who don’t have all the three skill sets still can operate at the same scale and efficiency, using this technology — that’s fundamentally the core advantage.”
Unlike some solutions, which rely on ready-made modules or libraries, Thiruvengadam said that DuploCloud uses a low code interface to put together the rules for its rules-based engine, which then runs through the rules to produce the output.
The self-hosted single-tenant solution is deployed within the customer’s cloud account. Currently, it supports deployment on Amazon Web Services, Microsoft Azure and Google Cloud, and it can run on-premise as well.
The software runs in a virtual machine, deriving permissions to call the cloud provider via API, using permissions granted to the VM. For example, the documentation notes, in AWS it would be via instance profile, and in Azure, it would be via managed identity.
Configuration drift, system faults, security and compliance controls are monitored continuously by the solution interacting with the cloud provider, DuploCloud noted. The result is that it maintains a high fidelity copy of the configurations, which reduces errors, ensures adherence to compliance standards, and improves security, Thiruvengadam said. The solution also maintains a history of changes, he added.
DuploCloud does not generate Terraform code, but provides a software developer kit into Terraform called the DuploCloud Terraform Provider. This “allows the user to configure the cloud infrastructure using DuploCloud constructs, rather than directly using lower-level cloud provider constructs,” the documentation stated. “This allows the user to get the benefits of IaC while significantly reducing the amount of code that needs to be written. The DuploCloud Terraform Provider calls DuploCloud APIs.
It’s a layer of abstraction that Thiruvengadam acknowledged takes away some of the control of older generation tools, like Puppet and Chef. But he compared it to the loss of control experienced by C and C++ programmers after Java and other higher-level programming languages came along: People worried about memory allocation but in 99% of the use cases, the Java orchestrator handled it without manual intervention.
“It just took some time for people to accept that; and now, nobody talks about allocating memory when they write programming,” he said. “So it’s just about people getting used to it and accepting it.”
AWS and Puppet are sponsors of The New Stack.
Featured image via Pexels.