How Immutable Infrastructure prevents technical debt

The cloud is an inevitable part of making infrastructure dynamic. Self-service, on-demand cloud services make it possible to add, change and remove infrastructure quickly and without wasting previous capital investments in hardware and software.

This creates an operational shift from static to dynamic infrastructure consumption, changing the focus from operating infrastructure to changing infrastructure, or changing from a resistance to changing to embracing changes.

Embracing this continuous change requires not only a different operator mind-set, but also a different set of tooling. Assuming that the infrastructure itself can go away or be changed at any minute, operating those systems directly not not make sense. We need a set of tooling that manages infrastructural change by means of automation. These tools assume that the infrastructure they create, change or tear down is immutable.

Immutable Infrastructure

Immutable Infrastructure is a methodology where any given piece of infrastructure, say a virtual machine or container, is not changed after initial deployment. Changes are deployed as new infrastructure, instead of changing the original. The original is torn down after the change is deployed successfully. This approach helps operators to prevent configuration drift and snowflake deployments.

immutable infrastructure is like legos

While relatively easy to do for systems of engagement, the true value of immutability comes to life when it’s done for systems of record. By making these latter systems immutable, too, the data becomes unglued from the underlying systems (operating system and application layers).

Immutability prevents technical debt

This prevents technical debt often seen in these types of systems. Actually upgrading systems and applications like these is a notoriously difficult task for system operators. Upgrading in place introduces change to the systems, and change means risk. As many of these systems are part of the core primary processes (financials, supply chain, CRM, HR), data needs to be consistent and correct. That doesn’t mix well with upgrading database schemas, application logic or middleware layers.

dilbert technical debt
source: dilbert.com

By unglueing this data from the underlying systems, it becomes easier to move the data to a new version of the application stack.

Immutability creates a system of record for system operations

By using configuration management and infrastructure provisioning tools, system operators can create and store the desired state of their infrastructure in code repositories. By using trunk-based or Gitflow-based development practices, this code is subjected to best practices used in regular software development teams. The code, and any changes to code, are easily audited, peer-reviewed, copied and templated (to be used for other projects and applications). The audit log helps internal governance to increase compliance and security goals; no manual interaction with the infrastructure is needed and all changes go through the provisioning and configuration management tools.

And adds governance and security policies

Tools like HashiCorp’s Terraform add policy governance and engines to keep infrastructure provisioning compliant by adding approval or peer-review workflows, automated security and governance checks (before the code is executed).

HashiCorp Terraform
HashiCorp Terraform

Immutability is just one of the advantages of cloud

Immutability is just one advantage of embracing the container and cloud operating model. HashiCorp has published Unlocking the Cloud Operating Model, a whitepaper covering how to achieve the fastest path to value in a modern, multi-cloud environment. A second important way to get there is my using an enterprise container strategy.