Automation is as central to DevOps as the ball is to soccer. IT automation is the use of instructions to create a repeatable process that replaces an IT professional’s manual work in data centers and cloud deployments. Software tools, frameworks, scripts, and appliances conduct the tasks with minimum or no administrator intervention. The scope of IT automation ranges from single actions to discrete sequences and, ultimately, to an autonomous IT deployment that takes actions based on user behavior and other event triggers.
IT automation is different from orchestration, but often, the terms are interchanged. Automation accomplishes a single task repeatedly without human intervention. Orchestration is a broader concept where the user coordinates multiple automated tasks into a single workflow.
IT automation/orchestration replaces a series of actions and responses between an administrator and the IT environment. For example, an IT automation platform, such as Microsoft Windows PowerShell, combines cmdlets, variables and other components into a script to mimic the series of commands and steps that an administrator would invoke one line at a time through the command-line interface (CLI) to provision a virtual machine (VM), install a certificate, or implement a backup process.
In general, there are 5 major areas that are prime candidates for automation. Take a look at these and adjust your planning by prioritizing which area is most critical to your business.
Provisioning is the process that determines the size and type of the system that we will be running our applications on — whether on physical hardware or in a private, hybrid, or public cloud. In order to scale business systems, infrastructure must be defined and configured rapidly. What used to be physical is now (mostly) all about virtualized assets, from software-defined datacenters, networks, and storage to virtual machines and containers. In AWS, this includes CloudFormation, Elastic Beanstalk, or CodeDeploy. VMWare is still very expensive in AWS, but it is an obvious solution to spin up resources rapidly.
Not all applications are created equal. They require different settings, filesystems, ports, users, etc. Once you’ve automated provisioning, you need to be able to define the resources and define what they do. Storing the settings for an application environment in a document, spreadsheet, text file, or even email is not configuration management. Configuration management needs to be stored in living documents in order to achieve repeatable, robust environments that host applications. And, as you gain more systems, more instances, and more complexity, you need a better way of recording what systems look like so you’re able to manage them effectively. That’s where a good configuration management tool comes in. In AWS, this is some combination of AWS Systems Manager, OpsWorks, and AWS Config. Puppet Enterprise, Chef (the basis of AWS OpsWorks), Ansible, SaltStack, and Terraform are well established CM solutions.
The more complex an IT system becomes, the more complex managing all the moving parts can become. The need to combine multiple automated tasks and their configurations across groups of systems or machines increases. That’s orchestration, in a nutshell. AWS has CodePipeline, CloudFormation, and a number of managed container services. There are other more use-based orchestration tools out there such as Ansible, Puppet, Chef (AWS OpsWorks), and Terraform.
Whether you use a more traditional approach to app deployment or if you use continuous integration and continuous deployment (CI/CD) approaches, development pipelines rely on robust, automated systems to achieve modern expectations. Successful app deployment hinges on a fully efficient set of automated, essential tasks and capabilities, especially during the testing phase. Automation can help you move from commit and build to testing to deployment in a proven, trusted, and codified manner. This reduces opportunities for human error while improving efficiency and throughput. AWS has CodeDeploy, CloudFormation, and Elastic Beanstalk; while other common deployment tools are Jenkins, Gradle, Maven, and MS Visual Studio
Security and Compliance
Define security and compliance policies, enforce them, and remediate issues by building them as automated steps throughout your infrastructure. Move security to the forefront of your IT’s processes and be more proactive with the help of automation. Having standardized security processes and workflows means easier compliance and auditing. You know exactly how everything is enforced and you can verify if consistently. New compliance requirements are easily implemented consistently across your IT. Amazon has many tools to help with this, from the key monitoring tools – CloudWatch and CloudTrail – to AWS Macie, Inspector, etc. I’ve written an entire document about AWS security if you’re interested.
- The Fundamental Concepts of AWS Security – Part 1
- The Fundamental Concepts of AWS Security – Part 2
- The Fundamental Concepts of AWS Security – Part 3
The Four Basic Tenets of Cloud Automation
1. Visibility – It should be simple to view assets (both physical & digital),
2. Instrumentation – This could be scaling, migration status, security issues, performance, etc.
3. Reporting – show me how the environment is doing on an hourly, daily, weekly, monthly, and yearly basis operationally. If it can be measured, provide me the metric.
4. KPI’s – Key Performance Indicators – SLO/SLA’s, MTBF, RTO, etc.