CI/CD / Tools

New Chef Features Focus on ‘Effortless Infrastructure’

22 May 2019 8:20am, by

“That will never be us,” General Dynamics’ Brad Shelton said he remembered thinking at ChefConf last year. But even working in a highly regulated security-focused industry, his shop has been able to implement automation to achieve great gains in time to production, he told the crowd on Tuesday at ChefConf 2019 in Seattle.

General Dynamics Information Technology division is a government-focused IT organization with around 300 cloud accounts and operates around 15,000 nodes. The company was taking nine to 18 months to achieve “authority to operate,” its lingo for a green light for moving applications to production, said Shelton, who is a senior Linux cloud engineer at General Dynamics Information Technology. Using Chef, it has been able to get that time down to two months.

On top of Chef’s April announcement that it’s making all its software open source, relying on a subscription business model with a collaborating community, it introduced new features at the conference to make it easier for customers to deliver and secure infrastructure and applications in any environment.

That subscription involves bundled services it calls the Enterprise Automation Stack, which includes its automation visibility tool Automate, app builder Habitat, security and compliance tool Inspec, infrastructure automation tool Infra and developer tool Workstation.

Infra originally managed cookbooks and recipes covering the operating system as the bottom layer, but also libraries, pages, middleware and applications. Infra now focuses on the OS, while Habitat manages the rest, while Inspec automates security and compliance rules for them all, Corey Scobie, Chef’s senior vice president of product and engineering, explained.

The new features include a new pattern for deployment that it calls “effortless infrastructure.” It treats Infra and InSpec as applications to be managed by Habitat’s lifecycle management technology to simplify deployment, updating and management of the entire stack in any environment. Pre-configured compliance profiles and hardening cookbooks simplify users’ ability to customize and modify security and compliance controls, allowing them to turn controls on and off without having to write or modify code.

The company has more than 140 different profiles and asked for input on which ones to work on next.

The EAS Migration Accelerator grew out of concern about applications highly dependent on their infrastructure when that technology is being phased out. The most pressing case is Windows Server 2008, which is facing end of support in January 2020. Another case will be Red Hat’s RHEL 4.0 next year.

Its first Migration Accelerator — it plans others — is for Windows. It scans existing .NET applications to discover their configuration and dependency requirements, then packages this information as code, decoupling the application from their infrastructure platforms. They then can then run on any modern platform, including AWS, Microsoft Azure and Google Cloud Platform.

It can capture the configuration and dependency requirements in about 10 minutes and package them up in about an hour, Chef’s Trevor Hess explained during a demo. With deep native integration with Azure and GitHub, you can use the whole EAS stack with the pipelines and repos available there.

“This is not just lifting and shifting that application. You’re understanding that application, moving that application and all the dependencies and configurations it needs to run into a modern environment, so you get support, from Microsoft, in this case, and you’ve begun the process, if required, of adding cloud-native capabilities to those applications,” Chef’s Brian Goldfarb said of the accelerator.

It also has added dashboards to Automate to give operations teams comprehensive visibility into the health of services that make up the application. Filtering and reporting capabilities enable users to see how individual security and compliance controls are performing across a heterogeneous environment and simplify compliance reporting. Chef has expanded the visibility features it offered with AWS to Microsoft Azure and Google Cloud Platform.

They enable teams to scan cloud nodes and APIs to ensure compliance across heterogeneous, multicloud environments.

The company also is introducing high-availability clustering, providing highly available data stores and API services for Chef Automate deployments, even at 100k+ nodes; and professional services maintenance plans to help enterprises integrate with disaster recovery systems.

Emphasizing its mantra of collaboration through code, Scobie said its focus is on collaboration earlier in the process, from idea conception through product evolution, and invited participation on all it’s working on.

Feature image: General Dynamics’ Brad Shelton and Chef’s Corey Scobie at ChefConf 2019.