What is the value of adopting Terraform Enterprise?
Dec 11, 2018
HashiCorp co-founder and CTO Armon Dadgar breaks down the ROI for Terraform Enterprise.
Founder & Co-CTO, HashiCorp
We're often asked: What is the value for an average organization of adopting a technology like Terraform Enterprise? When we started to build Terraform Enterprise, what we looked at is: What are the challenges of a large organization that's trying to consume a tool like open source Terraform? If we look at a tool like open source Terraform, it looks a lot like Git. It's free, it's command line based, it's open source.
But then you consider how most organizations actually use a tool like Git, they use it within the context of a larger version control system like GitHub or Bitbucket. And so what these higher level platforms do is start to provide a workflow around the underlying tool. It gives us some way for multiple people, multiple teams, to collaborate around infrastructure. It gives us a way to have role-based access control so we can say the networking team is able to modify networking config, while only the database team is able to modify database configurations.
It also starts to let us look at how do we make this technology more broadly usable within the organization. Particularly, how do we take users who are less sophisticated with Terraform, less aware about the intricacies of operations, and let them still consume it, still deploy their applications.
» Module templates
That starts to look at things like: can we have a registry or service catalog where we define how we do a Java app, or here's how we do a C# application, and now, as a developer I can come into this portal and say, "Great. I want a Java app. Here's the name of my .jar. I want three copies and I want it running in our east data center."
And so, I can now come in without a deep understanding of the nuances of how our infrastructure works, but quickly select from the catalog what do I want to deploy, what are the few parameters and knobs I want to tweak, and then push go. And under the hood, Terraform Enterprise is templating and generating Terraform configurations to go and deploy that application.
The last piece of this is, how do we recognize the fact that tools like Terraform give enormous capabilities. In 30 seconds I can describe what it looks like for me to spin up five VMs and a databases. The problem is in that same 30 seconds, I can also specify that I want 5,000 VMs and 100 databases. So, how do we deal with the fact that these tools have an enormous amount of leverage?
They let us get a lot done when we're being productive and smart and doing the right things, but they also let us create a whole lot of wasted resources, or quickly get into situations where we're out of compliance maybe by opening up our firewalls, or creating S3 buckets that are on the public internet. So how do we give developers and operators the agility of using a tool like Terraform without exposing ourself to that risk? And that becomes a governance question.
So, we start to look at that problem through the lens of how do was apply policy as code, and define a sandbox in which people are allowed to operate. As long as I'm asking for my 50 VMs in an appropriate region, I'm allowed to do that, but then I get automatically rejected if I ask for 5,000 VMs or I deploy to the wrong region.
As we talk about the value of Terraform Enterprise, it's a few of these different buckets.
How do we enable multiple people, multiple teams, to collaborate together?
How do we tie that back to single signon and role-based access control and be able to decompose the problem into bite-sized chunks that many teams can work on?
How do we bring in people who are not necessarily Terraform experts, but make them productive and quickly able to provision and manage infrastructure?
How do we do all of this safely? How do we put the guardrails of the sandbox in place so that we have confidence that yes, people have the power of Terraform, but no, they're not provisioning 5,000 VMs and opening up our firewall? That's about policy as code.
That's our view of the value of Terraform as we go from individual users to large-scale organizational usage.