Infrastructure Deployment - Vulnerability Management

Limitations Managing IT Infrastructure

Managing IT infrastructure was a manual process. People would physically put servers in place and configure them. Only after the machines were configured to the correct setting required by the OS and applications would those people deploy the application. Unsurprisingly, this manual process would often result in several Limitations.

  1. The first big limitation is cost: Companies would hire many professionals to perform the necessary configuration tasks at each step of the process, from network engineers to hardware maintenance technicians. All of those people need to be paid, obviously, but they also need to be managed. That leads to more management overhead and adds more complexity to communication inside the organization. increase the costs by orders of magnitude.

  2. The next limitation is scalability and availability: It all comes down to speed. Since the manual configuration is so slow, applications would often struggle with spikes in access, while the system administrators would be desperately trying to set up servers to manage the load. This necessarily impacts availability. If the organization didn’t have backup servers or even data centers, then the application could be unavailable for long periods.

  3. Limitation of inconsistency: If you have several people manually deploying configurations, discrepancies are going to be unavoidable.

Infrastructure as Code(IaC)

IaC is often wrapped up with the topic of automation, and many of the best practices of IaC involve smarter deployment of scripts and automating manual processes. But IaC is a concept that extends beyond simple infrastructure automation. 

  • IaC requires applying DevOps practices to automation scripts to ensure they're free of errors

  • Able to be redeployed on multiple servers

  • Can be rolled back in case of problems

  • Can be engaged by both operations and development teams. The use of modern coding systems like Ansible or Puppet is designed to make IaC environments accessible to anyone with basic knowledge of modern coding techniques and structures.

Four best practices of IaC:

  • Manage infrastructure via source control, thus providing a detailed audit trail for changes.

  • Apply testing to infrastructure in the form of unit testing, functional testing, and integration testing.

  • Avoid written documentation, since the code itself will document the state of the machine. This is particularly powerful because it means, for the first time, that infrastructure documentation is always up to date.

  • Enable collaboration around infrastructure configuration and provisioning, most notably between dev and ops.