5 ways to improve DevEx and security for infrastructure provisioning
Still using manual scripting and provisioning processes? Learn how to accelerate provisioning using five best practices for Infrastructure Lifecycle Management.
In a competitive business environment, where competitors are working every day to poach your customers, speed is everything. When your product includes software, your focus needs to be squarely on giving your application developers more time to work on high-value projects, eliminating tedious manual tasks, and automating as much of their development and deployment processes as possible.
This means sysadmins, DevOps engineers, or platform teams need to stop using most of their manual infrastructure provisioning and review workflows and start giving developers the keys to provision their own infrastructure (i.e. servers, databases, load balancers, caches, firewall settings, queues, monitoring, subnet configurations, routing rules) on a platform with great developer experience (DevEx).
Here are five infrastructure provisioning strategies you can start implementing right now to speed up your software delivery.
» 1. Automate provisioning with IaC
Manual infrastructure provisioning and management often require lengthy approval processes and manual tracking of resources, which are slow, tedious, and error-prone tasks. So why do some companies continue to use these traditional system administration methods?
It typically comes down to one of two reasons:
- Developers and sysadmins/DevOps engineers use whatever vendor console or one-off script works best in the moment, not worrying about future process stability. This usually happens when an organization has loosely defined standards.
- An organization is tightly controlled, following rigid legacy processes for infrastructure management that require layers of approvals and oversight.
By automating infrastructure provisioning, using an infrastructure as code (IaC) solution, organizations can achieve both speed and control.
IaC allows infrastructure to be:
- Codified
- Standardized
- Replicated
- Reused
- Stored and centralized
- Audited
- and versioned
By defining infrastructure as code, teams can automate, understand, modify, and control their infrastructure deployment more easily. Meaning things move much faster.
How much faster?
Vodafone, a leading Italian telecommunications company, is one company that has used infrastructure automation both to lower costs and to increase its competitiveness. According to Emanuele Di Saverio, Center of Excellence Lead for automation at Vodafone, dependency on legacy provisioning processes severely limited their business.
“It put us at a disadvantage both financially and competitively. We had to over-purchase and live with the spare capacity in order to be responsive to business requests. More importantly, this approach delayed upgrades and updates to existing services as well as releases of inventive new ones, which are central to the business’s long-term strategic vision.”
—Emanuele Di Saverio, Center of Excellence Lead for automation at Vodafone
Massimiliano Romano, DevOps platform architect at Vodafone Italy, added, “Since it’s all cloud-based, we realized the only way to keep up with service demand and the various compliance standards we have to meet would be to unwind our centralized approach to infrastructure development in favor of a faster, autonomous model.”
Using IaC, Vodafone automated 95% of infrastructure provisioning, accelerated their release cadence by 3X, cut infrastructure setup time from three months to one week, and did it all while ensuring every compliance requirement was met.
» 2. Build and reuse golden configurations
Oftentimes, one casualty of moving fast in the cloud is consistency. When teams work in silos, manually provisioning infrastructure using the most expedient method, the result is a non-standard, unwieldy cloud environment (“snowflake” server) that is difficult to manage, often wastes resources, and could potentially open up security vulnerabilities.
Adopting IaC is the first step to resolving this — without it you can’t have a single language to define all of your infrastructure configurations. The next step is to use that single infrastructure language to create templates for various teams to share. Without these, teams often reinvent solutions to the same problems (reinventing the wheel), wasting time and creating infrastructure configurations that often fail to meet security standards or require manual intervention to ensure resources are protected.
Templates help organizations stop reinventing the wheel. As you create more, you start to build a golden path, where developers and other infrastructure users know that they have standard infrastructure provisioning templates that include golden images, golden modules, and golden automated policy checks that they can pick from a library and start using without having to understand the company’s cost controls, security requirements, or operational needs. Those things are already baked into the golden configurations and blessed by all relevant stakeholders before anyone starts using them.
The task of building out these components lies with platform teams, who will work with security, cost, and compliance stakeholders to design the configurations. Then they’ll test and validate the code and finally deploy it to a central library where developers can easily access and reuse it.
Golden configurations take the guesswork out of provisioning infrastructure. They not only accelerate developer workflows but also give executives confidence that the business is secured and compliant with regulations.
Cielo S.A., the leading electronic payments provider in Latin America, used standard configurations to reduce infrastructure provisioning time by 90%, which resulted in a 5X increase in speed to market while also meeting their security and compliance goals.
“Competition in payment processing in Brazil is intense and only getting more challenging. We needed to accelerate delivery of new solutions, features, and functionality to our customers if we wanted to maintain our market advantage. But to do that we needed a way to provision infrastructure faster, more efficiently, and in a cost-effective way.”
—Antonio Lombardi Neto, Infrastructure and Telecom Director at Cielo
Neto added that using an IaC solution with reusable modules helped them meet their goals and positioned the company for even more success. “Terraform helped us reduce the average infrastructure delivery time from 1 month to under 15 minutes, and cut change request time up to 50%,” he said. “The end result is that our time-to-market with new products and features is five times faster than before, ensuring we’re able to meet the evolving needs of our partners and customers and stay ahead of a growing list of competitors.”
» 3. Leverage policy as code
Enforcing security, compliance, cost, or operations policies consistently across an organization is challenging. Organizations tend to fall back on manual processes such as ticket queues and manual reviews to provide oversight and to ensure no security gaps are created. This slows down infrastructure provisioning drastically.
To address this challenge, many organizations use automated policy as code checks. Policy as code is important in the same ways that IaC is important. It enables organizations to flexibly create, review, and version control automated provisioning checks in a single language that compliance and security stakeholders can understand, audit, and contribute to. With the help of stakeholders, platform teams can build a library of standard (golden) policy templates, store them in a central library, and then pin them to run in various provisioning workflows, or in every provisioning run. This ensures no environment is provisioned without proper guardrails, and it eliminates the manual review and approval bottlenecks discussed earlier, shaving hours, days, or possibly weeks off of your provisioning wait time.
Trimble, a positioning, modeling, connectivity, and data analytics software provider for essential global industries, had manual compliance checks that really hampered the company’s ability to move fast.
“Manually building and deploying all the infrastructure made lead time for new projects and new infrastructure very hard to achieve because we spend so much time on toil: repeatable tasks that, without documentation or automation, consumed almost all of our time. We didn’t have a centralized way of managing infrastructure as code or continuous integration and deployment (CI/CD), which created a number of issues with version conflict that resulted in a lot of additional overhead and some friction among teams.”
—John Weigand, Senior DevOps Engineer for Trimble eBuilder
Weigand further explained that some of the friction involved questions about security. “Doing everything manually increased the risk of errors and challenged our ability to maintain compliance with stringent security and compliance standards,” he said.
By automating infrastructure provisioning and using policy as code, Trimble reduced infrastructure development from three days to one hour and enabled the company to control deployment based on specific policies, helping developers identify compliance, security, and governance issues much earlier in the development cycle.
» 4. Enable self-service infrastructure
The more developers can do on their own, the faster new features and products can be delivered to the market. As mentioned before, ticketing systems and other manual processes, however, slow down developers, forcing them to wait on gatekeepers and hampering production.
Self-service addresses this issue and enables organizations to scale cloud infrastructure for greater innovation quickly and efficiently. It gives freedom and autonomy to developers without allowing them to venture outside of the golden path explained earlier. Typically the golden configurations in this path start out as modules or images that developers have to do some manual work with, either through version control or command line interfaces, to start using. It requires some knowledge of the tooling by the developer, and it’s not a completely “push-button” process.
Platform teams can improve developer efficiency even further by enhancing self-service through no-code provisioning. This is exactly what it sounds like, developers can use these enhanced no-code IaC modules to provision infrastructure for their apps, without needing to type any code or understand any of the underlying systems or tools. They just select a module, and go.
To truly give infrastructure provisioning and management a push-button self-service experience, platforms should eventually work toward setting up an internal developer platform (IDP) layer and interface so that developers can just click on a menu of no-code modules and run a variety of workflows all from one portal without needing to trigger a lot of tools at runtime.
No one understands this better than Nedbank Group, one of South Africa's four largest banks. https://www.hashicorp.com/blog/5-ways-to-improve-devex-and-security-for-infrastructure-provisioning[Nedbank decreased the time it took to deliver infrastructure to apps teams by 99%, largely through IaC and self-service capabilities](https://www.hashicorp.com/case-studies/nedbank).
According to Freddy Ambani, Nedbank’s Head of Cloud Operations, “Our aspiration is to enable every developer to be as productive as possible with hyper-automation for consumption of all our cloud services, which will improve time to market.”
Using an IaC solution and leveraging self-service capabilities has helped NedBank reach its goal. “Infrastructure procurement that used to take several months now happens in just a few minutes, and we’re able to complete projects at 25% lower resource costs,” Ambani said.
» 5. Delete infrastructure automatically
It’s easy to waste money on cloud resources. In fact, out of control cloud spending is one the biggest concerns for many business leaders. When organizations scale quickly, unless there is an automated process to do so, cloud instances that are no longer used often get forgotten, wasting money as they continue to run without performing any necessary function.
By automating infrastructure destruction, organizations can set end-of-life dates or pre-defined inactivity periods and use them to remove cloud infrastructure without the need for manual tracking, audits, or intervention. Though not directly connected to accelerating provisioning, automated deletion does remove dependency on manual processes, freeing up time and resources, and is a critical step in healthy Infrastructure Lifecycle Management (ILM).
» The power of automation
Leveraging best practices for ILM and leaning into automation can eliminate provisioning bottlenecks, accelerate developer workflows, and help organizations go to market faster — all without compromising on compliance or security. For more information on how to implement a platform approach to achieve ILM maturity, check out Infrastructure Lifecycle Management with the HashiCorp Cloud Platform.
Sign up for the latest HashiCorp news
More blog posts like this one
Cracking the code to overcome developer and security team differences
Implementing the right consolidated internal development platform (IDP) can nudge your Dev and Sec cultures in the right direction — toward collaboration and away from conflict through tooling and automation.
Fix the developers vs. security conflict by shifting further left
Resolve the friction between dev and security teams with platform-led workflows that make cloud security seamless and scalable.
Best practices for avoiding cloud security and compliance costs
Learn how building an internal developer platform with a golden path, lifecycle management, and integrated secrets management can help avoid a majority of security and compliance risks.