Managing Cloud Resources¶
Rethinking Resource Management¶
Moving to Clouds¶
Nowadays, it is just a matter of time before a company on its digitalization path faces a cloud migration project. This endeavour could take many forms:
- moving workloads from a private data center to a public cloud (or back and forth),
- stretching an application across multiple VPCs in the same cloud,
- distributing microservices over various public clouds,
- dispatching workloads from a public cloud to a network edge.
In any of the above mentioned scenarios, the ability to set up, operate and maintain the resource layer of cloud infrastructure in a resilient, secure, and efficient way becomes crucial for the company.
Leaving Configuration Behind¶
Traditional approaches to the high availability, precise isolation, and maintenance automation of infrastructure resources stop working the very moment these company resources need to operate in a heterogeneous and dynamic environment.
Application services begin communicating over numerous and ever-changing administrative, security, technological, and geographical boundaries. In a traditional paradigm, moving any application service from one walled-garden location to another requires reconfiguration of several platforms (data center, public cloud, SD-WAN), at multiple levels (computational, network, application), by multiple teams (NetOps, SecOps, DevOps, AppDevs).
A long waterfall-defined deployment cycle, wide variety of required skills, and risk of inconsistent policy are among the major drawbacks of bringing old techniques to the cloud world.
Managing Infrastructure as Code¶
In new realities, the management of the cloud resource layer commonly becomes part of the infrastructure-as-code domain with its declarative language, ability to quickly reproduce deployments, consistency and predictiveness of outcome.
Because the resource layer itself doesn’t solve the whole problem of infrastructure setup, operation and maintenance, the cloud resources integrate into a broader cloud infrastructure-as-code stack.
The SIF cloud resource layer utilizes infrastructure platform capabilities, performs specific jobs, and passes abstracted resources to an upper layer as outcome. This approach not only decouples the company infrastructure from various platform implementations, but guarantees policy consistency with synchronized and instant response to changes across all layers.
Application services might need to be scaled-out in the same VPC, spread across several VPCs for higher isolation, replicated to a new public cloud for better redundancy, or moved from a test to a production multi-cloud environment. In the SIF, a single resource-copy-and-paste approach enables all of these use cases.
First, the current state of the source VPC, cloud or multi-cloud environment is exported to a file. Next, the resource instance names in the state file are changed to match a target environment. Finally, the current state of the target VPC, cloud or multi-cloud environment is updated with new resources from the state file. It works the same across different clouds, various regions, and multiple VPCs.
The SIF cloud resource layer performs jobs in Azure, AWS, and GCP on the following types of cloud resources:
- security group,
- virtual machine.
It’s easy to add new types of managed resources or to support a new cloud platform because the SIF employs HashiCorp Terraform to work with infrastructure platform APIs.
After processing, the cloud resources are abstracted in the SIF as follows:
- node (i.e., orchestrator, processor, workload).
By abstracting the underlying infrastructure, the SIF allows a company to manage its cloud resources using a small set of basic operations: create, show/export, delete. These operations can be performed on a single node, entire VPC, or multi-cloud deployment (i.e., fabric). With the SIF, the multi-cloud resource deployment becomes reproducible, secure, fast, and simple.
It is not enough to simply spin up a new virtual machine from a cloud image in order to add it to the company cloud stack for application deployment. The setup of multiple infrastructure services–ssh, PKI, telemetry, logs–often is part of the resource bootstrap. Also, in the course of resource operation, it may be required that the machine change initial settings, restart hosted services, and upgrade software.
While moving to clouds, it is crucial to have in place a maintenance automation tool that allows a company to automatically set up secure access to resources, to provide these resources with infrastructure services, to start/stop services on those resources, and to upgrade software across infrastructure boundaries. No less important is having secure transport between the tool and the distributed resources.
As new resources constantly appear, the maintenance automation tool and multicloud control plane must transport dynamically adapt to changes. The tool and resources may exchange control traffic across public network boundaries, and control flows may terminate in overlapping private IP address spaces. Resource discovery, authentication, and authorization–along with control channel encryption–become necessary components of multicloud maintenance automation.
The SIF offers a complete approach to resource maintenance automation, allowing a company to automatically set up the following infrastructure services:
- SSH access,
- X.509 node certificate,
- control plane mTLS,
- software upgrade.
It’s easy to add new maintenance procedures or to modify existing maintenance procedures because the SIF employs RedHat Ansible for task automation.
Again, all maintenance procedures are executed using another small set of basic operations: configure, start/stop, update. Similar to the resource deployment operations, the maintenance can be performed on a single node, entire VPC, or multi-cloud deployment (i.e., fabric).
Managing infrastructure resources as code allows a company to quickly generate deployments with predictive outcome in any cloud. With the SIF, cloud resources integrate as a layer into a broader infrastructure-as-code stack, abstracting application communication and computational environment from cloud platforms. As a result, the SIF cloud software stack provides a company with a unified and easy-to-use set of resource management operations–e.g., create, configure, update, delete–across all clouds. As well, the SIF cloud software stack implementation guarantees application policy consistency with synchronized and instant response to changes across all infrastructure layers.