Why Well-Oiled DevOps Rides on Immutable Infrastructure
The adoption of “immutable infrastructure” has emerged as a viable way to improve DevOps processes and culture. By introducing more of a standardization in application deployment and management, the immutable infrastructure helps, among other things, to foster a better collaborative environment among developers, operations, security teams, and other stakeholders.
“Immutable infrastructure gives you the ability to have a consistent environment, across your entire fleet of systems, which gives you a simpler and more predictable deployment,” Mike Liedike, manager, Deloitte Consulting’s Innovations and Platforms team, said. “It allows you to do the testing more consistently and promote your environments from development to test to prod.”
In other words, the adoption of immutable infrastructure is often a hallmark of a highly functional DevOps.
In this edition of The New Stack Makers podcast recorded live at Palo Alto Networks‘ studio in Santa Clara, CA, Liedike offers further insight and analysis of what the adoption of an immutable infrastructure can mean for your organization.
A good starting point to describe how immutable infrastructure works is by first detailing how it does not work — or more specifically, what “mutable” infrastructure is and how it differs compared to immutable infrastructure. Using the example of Apache servers, Liedike noted how admins might upgrade the servers by installing the latest version of the Web server software with configuration-management tools. The problem, Liedike said, is that “across 1,000 instances, you have a lot of room for error and inconsistency.” “With immutable infrastructure, instead of doing those changes in place, you would actually build a new server, with all the upgrades already in place, and then deploy your systems and decommission the old ones,” Liedike said.
Immutable infrastructure also ties in with this concept of infrastructure as code as organizations essentially us the code to manage the infrastructure. “Infrastructure as code allows you to do all that provisioning of the infrastructure components — like your instances, your networking, and your security and push it into your dev environment,” Liedike said. “And then as you promote those to dev and test and prod, you know you can easily repeat your environments in a consistent manner, all the way up to production, and allows your app developers to know that no matter what environment they’re in, they’re always going to be in a consistent environment and not have to worry about that when they deploy their applications.”
Ultimately, a large part of the value of immutable infrastructure lies in how application developers can deploy code consistently to an environment that doesn’t change. “You always know where your code is going to be deployed to how it’s going to be deployed, how the system is going to run that code,” Liedike said. “Instead of a systems admin going in making configuration or patch changes that the app developer wasn’t aware of, or if they are aware of, wasn’t ready for that change to happen on their systems, and it causes issues. So what the immutable infrastructure does when you build new systems, is it gives that consistent, reliable infrastructure for the application to run.”
For more insight from security thought leaders, Cloud Native Security Live, 2020 Virtual Summit is your opportunity to learn from the experience and expertise of developers, DevOps pros and IT leaders who all have so much at stake in container technologies and DevSecOps. Hosted by Prisma, from Palo Alto Networks, in partnership with The New Stack, you can still virtually attend this event held Feb. 11, 2020, for a full day of discussions about cloud native security — brought to you online wherever you may be.