Table of Contents
Introduction
Few days back, my daughter was assembling her multi-color Lego blocks to build a beautiful castle. It took a while and some assistance to complete it first time. She enjoyed playing with it. After a while she challenged herself to rebuild the same castle with different color all by herself. For several times, she dismantled and rebuild it in a much faster pace to bring back the same beautiful castle in different color. If we relate it to IT lifecycle management, this process of rebuilding the infrastructure to same initial state during maintenance or promotion is called “Immutable Infrastructure”.
Mutable vs Immutable
Traditionally, system engineer builds server for their application team. Then, they manage it periodically by patching, upgrading, and securing them. The effort required to perform all those tasks is huge; often, it is proportional to the size of your infrastructure. For some enterprises, the administration complexity adds up due to OS variants, S/W, Network, VPN and application versions etc. Until now, engineers and administrators are constantly striving to automate several tasks in order to manage their environment efficiently.
With emergence of Infrastructure as Code (IaC), this automation endeavor has given rise to replacing the server with in-place infrastructure operation. Now, engineers adapt immutable infrastructure approach by building server from a golden image; then apply required changes followed by provisioning them for validation. Finally, the engineers will replace old server with new server along with changes. This immutable strategy entirely removes broken infrastructure during in-place upgrades. Old servers can sometimes be made available as roll back strategy in case of failure.
Reference diagram
Common Industry Usage
Immutable infrastructure strategy has evolved along with IaC (Terraform), containers (Docker) and orchestrator (Kubernetes) to solution several use-cases for enterprise team. By encapsulating the applications and its dependencies into a workload as containers, engineers have an ability with these new state-of-art technologies to replace workloads while promoting the changes rather making in-place promotion. This architecture can be extended to address several design requirements like deployment strategies, horizontal scaling and zero-downtime.
Apart from promotion use case, Immutable infrastructure is used by few customers to manage demo environment, or quickly build performance test environment or troubleshooting a bug by bringing up quickly to perform the job and tear it down to reduce cloud or operation cost. One of the evolving but not widely used use-case is to reduce security blast radius by rebuilding a critical business application and rotate their keys on a periodic interval. This will allow enterprise to mitigate the risk of an unknown breach in the infrastructure.
Use case and Benefits
Some of key benefits of an immutable infrastructure are
- No configuration drift across environment
- Consistent and faster promotion strategy
- Quicker rollback strategy
- Fewer incidents during change
- Easy horizontal scaling
How to get started
OneSight has enormous industry experience in designing and implementing an immutable infrastructure of your choice in cloud or on-premise environment. Our engineers and architect can conduct a bootcamp to bootstrap your developers or provide consultation to your IT organization to design and implement the immutable infrastructure.