Day 5 - My old White boarding Script
(This is my whiteboarding Script)
As an industry we are going thru a transition from traditional Static infrastructure to a new(ish) style of computing which is much more dynamic and distributed infrastructure across various providers , leveraging the best of each (on premise, AWS,Azure, GCP, Alibaba e etc).
This transition into multi-cloud is happening because the cloud enables “on demand” usage of infrastructure, using more than one infrastructure provider gives us greater resiliency and efficiency.
The cloud is much more of a new operating model(it's not just someone else’s computer) than just an infrastructure provider change, this new Cloud Operation Model requires some mind shift.
We will still have the 4 main actors in IT but their activities will change.
In a Static world:
static IPs
strong perimeters(a gate and moat)
static applications
and a much more defined environment.
In a Dynamic world:
the operations team provision infrastructure on demand so the way we provision infrastructure needs to change
this infrastructure has no (or low perimeter) so the way we think about networking needs to change
the applications running on these are ephemeral need to change as well and due to this dynamic nature of the infrastructure
the way we think about security has to change from a host based to identity based.
These changes bring with them a series of challenges we need to think about :
Scale: how do we go from provisioning 50 Servers in a year to 50000 as needed
Variety: how do we deal with the different demands, not only from the different providers but from different programming languages and resource models
Managing Dependencies: how do we ensure our resources have the dependencies they need: networking (VPCs, Subnets), Secrets, Services e etc
Access Management: how do we enable our ephemeral applications to have the access they need in a secure way and still prevent secret sprawl
Low Trust Networks: how do we manage identity and who our trusted providers are
Secrets Management: how to we ensure our applications have access to the secrets they need, prevent secrets sprawl and centrally manage different authentication and access types.Scheduled Workloads: how do we schedule workloads as needed , how we distribute our workload throughout our available infrastructure.
Bin Packing: how to we ensure our resources are being use to their full potential and we are reducing waste.
Resource Registry: how do find available services and the nodes they are on.
Service Mesh: how do we connect and manage our services with each others.
Collaboration: how do we get all of the actors to collaborate on the above points together.
If we map these to Hashicorp’s tools we come up with the following:
Terraform: handles the provisioning of different infrastructure as code, it help us deals with the Scale, Variety and their dependencies.
Vault: handles the secret management aspect. Who are our trusted providers, how do we manage their authentication and what secrets they have access to.
Nomad: handles the Job Scheduling and Bin Packing it ensures jobs can be distributed and executed throughout the available environment as needed
Consul: Handles the Service mesh and central resource registry it allows services to find each other and knows which services are deployed on which nodes.
Now, which one would you like to talk about first ?