Internet of things Security

The Role of Infrastructure as Code in Edge Data Center Computing

The Role of Infrastructure as Code in Edge Data Center Computing
Written by ga_dahmani
The Role of Infrastructure as Code in Edge Data Center Computing

Having servers at the edge is nothing new. IT leaders recognize that while they may want to centralize IT as much as possible to improve efficiency and reduce administrative costs, there is a need to locate systems, services and data closer to where they are needed.

A content delivery network (CDN) uses a network of servers to cache data closer to where it is consumed to speed up access. In 2020, James Staten, Vice President, Principal Analyst at Forrester, blogged that CDNs offer a way to pair endpoint-deployed applications with endpoint device content scanning. “Instead of simply allowing customers to bring their applications and data closer to the customer, these edge technologies harvest data from the Internet of Things. [IoT] end-user devices and mobile devices,” Staten wrote.

Conceptually, the CDN can be thought of as a form of edge computing in that it makes data available closer to where it is consumed. In effect, the network of servers from which a CDN is built is used to distribute data closer to the edge.

Edge computing and the idea of ​​edge data centers extend this concept. Data is not only consumed at the edge, but also large amounts of data can be processed at the edge. This avoids the need to overload network bandwidth with large amounts of data, such as when collecting video analytics streamed from networked CCTV cameras.

Devices and supporting IT infrastructure at the edge of the network take IoT to the next level, offering the potential to run sophisticated business systems in a decentralized manner.

From a software architecture perspective, the industry uses the term “serverless computing” to describe a way of providing compute, storage, and network resources needed to run cloud-native workloads. The benefit of serverless is that the application developer does not have to worry about physical servers, and these can be located in a public cloud, a private cloud running in an on-premises data center, or one running at the edge. of the organization’s network.

However, the IT operations landscape is expanding exponentially as workloads increasingly move to the edge of the network and more advanced data processing takes place outside of a traditional data center environment. The ease of centralized IT management is replaced by the need to manage a diverse and highly distributed state of servers and devices at the edge.

Running enterprise IT at the edge

Managing data center computing located at the edge of the corporate network is becoming as important as managing centralized IT systems. There has always been a need to manage the IT of remote branch offices and server rooms efficiently, because they typically have fewer resources in terms of on-site IT administrators, compared to the central IT function.

There is now a flurry of activity around managing the configuration of IT systems in the same way that software development teams manage source code. Scott McAllister, Developer Advocate at PagerDuty, says, “As IT infrastructure has progressively decoupled from physical machines, we can touch, manage and provision that infrastructure has moved to software services in the cloud. Those services are built with robust user interfaces for manual configuration. However, managing those configurations at scale is tedious and can lead to system fragility.”

Once hailed as the future of infrastructure management and now the de facto best practice, infrastructure as code (IaC) is a process that automates the provisioning and management of compute resources with machine-readable templates. According to Chris Astley, Partner and Head of Engineering at KPMG UK, in a cloud context, IaC is the clear choice for automation and is also making inroads into private data centers.

“Before IaC, systems engineers had the laborious task of manually provisioning and configuring their computing infrastructure,” he says. “With cloud providers in particular updating features and capabilities on a daily basis, this had become a daunting task. With IaC, engineers now have the means to better manage version control, deploy and enhance their company’s cloud infrastructure faster, cheaper and more efficiently than ever before.”

In addition to IaC enabling faster, more consistent, and automated infrastructure provisioning for DevOps teams, Piyush Sharma, vice president of cloud security engineering at Tenable, believes its biggest impact lies in its ability to transform the processes used to develop, implement and operate. immutable infrastructure. “Whether development and DevOps teams realize it or not, the tools and approaches they take to solve engineering challenges impact the entire business,” he says.

“IaC enforces immutability on the runtime infrastructure, which means that each component of the architecture is built using an exact configuration. This capability reduces the possibility of the infrastructure drifting, which could lead it away from desired configurations.”

While IT provisioning processes have traditionally required long waits and manual effort, the advantage of IaC is that it allows teams to provision the infrastructure they need in a matter of minutes with the press of a key, says Sharma. “Even better, modifying, scaling or duplicating the environment is as simple as modifying the source code and re-provisioning it,” he adds.

For Sharma, IaC is the key to modernizing manual processes in operations, breaking down organizational silos and delivering more value. He points out that applications need to scale automatically, and ecosystems have developed around approaches like Atlantis, Kubernetes, and GitOps. “Operational tasks are reduced to code commits that trigger automated processes that reconcile runtime configuration with committed changes,” he says.

Securing the edge

What is less understood is the role of IaC in security. KPMG’s Astley urges organizations to integrate IaC into their cyber security strategy as quickly as possible, as it can help prevent and remediate cyber attacks. A Harvey Nash study recently reported that nearly half (43%) of digital leaders say they have a shortage of cybersecurity talent.

“IaC is something that can help automate some security tasks and therefore lighten their workload and allow InfoSec teams to focus on more business-critical issues,” says Astley.

While engineers previously had to manually provision and configure their cloud, in Astley’s experience, using login scripts via IaC provides a single source of information. He says: “The positive effect of this is the elimination of potential human error when infrastructure changes are made, dramatically reducing the potential for opening up a new exploitable vulnerability for threat actors to take advantage of. It is also possible to see all the code misconfigurations in one place and therefore faster to manage and remediate.”

Astley also points out that the automation offered by IaC gives IT operations teams a way to deploy updates from cloud providers on the fly. “When new, secure iterations of cloud tools are released, there is minimal delay in updates, reducing your exposure to risk,” he says.

As Astley points out, one of the biggest benefits of IaC is that, when done correctly, it is 100% accurate and up-to-date documentation of the live environment itself. “InfoSec teams will find this invaluable when conducting threat assessments,” he says. In fact, these threat assessments can be run automatically based on code.

Additionally, Astley believes IaC provides a way for teams to understand common vulnerabilities and have a documented improvement and response process to address weaknesses discovered during threat assessment audits.

He says that IaC is also vital to an organization’s recovery after a cyber incident, especially with regard to common vulnerabilities like ransomware. “With IaC, the resource requirements are already hard-coded, which makes it ideal for incident response and disaster recovery,” he says.

“If an attack were to occur, with IaC it is now possible for IT teams to perform disaster recovery by quickly generating a new, identical environment from previous IaC scripts and backups. Being able to restore to a known working state in minutes is critical to a quick recovery from that scenario.”

Common language

Kyndryl Distinguished Engineer John Davis believes that DevSecOps has encouraged developers to become more familiar with infrastructure and operations to be more aligned with applications. He points out that IaC serves as a common language through which both can communicate, collaborate and co-create.

But to be successful with IaC, Davis urges IT leaders to consider the broader systems context of the build process. “Most organizations will have multiple systems that need to be updated due to new environments,” he says. “Anyone can provision a cloud server quickly, but being production-ready, secure, and segregated with the right network flows is where a well-defined IaC design is key.”

Davis recommends that to maximize the opportunity to use IaC, IT leaders should assess how automated IT configuration updates can be integrated into the broader IT support ecosystem. “Once you’ve moved to IaC, you should be able to remove the secondary controls that were previously in place to validate the integrity of the manual work,” he says.

For Davis, an environment built with IaC through a DevOps pipeline offers execution precision and auditing capabilities that make some of these controls redundant.

Such capabilities are essential in the organization’s network, in the context of an edge data center, whether to support a remote server room, AI-driven data acquisition from edge devices, or branch office systems.

About the author


Leave a Comment