Infrastructure as a Code and its use for DevSecOps
The common practice today divides the individual activities of IT technology management in data centres between expert teams, where their mutual cooperation is usually only at the level of internal directives or departmental routines. An external view of this situation shows differences in the speed of handling requests and the strict focus on "doing their own thing". The result is usually unfulfilled expectations of information system owners, security guarantors, and even administrators of the IT DC infrastructure.
Adopting and implementing the concept of "Infrastructure as Code" with delegation of responsibilities and division of competencies will help to straighten out this situation. The different actors, in mutual agreement, will have one goal, which is a "secure and safe environment". This is defined by means of security policies set by security. Their fulfilment and continuous enforcement is addressed by the technologies implemented by the infrastructure across the communication, technology and application layers of the data centres. Above this, the technology and communications layer is further standardised by the infrastructure team from a consumption perspective and provided towards the application layer in the form of unified "code fragments".
The actual consumers operating at the application layer level and represented by the development teams are able to use the provided IT infrastructure easily and independently thanks to the machine interface, but only within the boundaries set by the security and infrastructure teams. That is, they use a clearly defined environment that allows them to do just what has been defined within the "Security Policy" and "Infrastructure templates" for each part of the infrastructure, by incorporating "code fragments" into the "CI/CD pipeline". A secondary, but equally important effect is then to significantly speed up deployment and further management of applications, increase the efficiency of resource usage in the use of lifecycles, as well as the ability to delegate complex tasks to automation and/or junior administrators.
"Infrastructure as Code" is thus not just about implementing a specific tool, but rather about changing the approach to operating and using data centre technologies. Only on the basis of the requirements created by future users and administrators can a specific automation platform or set of tools be selected from the range of available solutions.
Pavel Vomáčka
Pavel Vomáčka, who currently works at ICZ a.s. as an enterprise architect, is one of the leading experts in the Czech Republic in the areas of automation, data centres, containerization and, of course, Infrastructure as code. Pavel Vomáčka has worked for leading Czech IT integrators and has been involved in many important projects for both the private sector and the state administration, including ministries of the Czech Republic.
As an enterprise architect, he follows the principles of TOGAF standard, for which he is also certified. Thanks to his knowledge, Pavel Vomáčka is able to design solutions from a high-level view to the actual detail of individual technologies. His knowledge extends to the level of implementation of these solutions.
As an expert and enterprise architect, he achieved the highest possible certifications from VMWare, which is one of the major players in software-defined solutions and in the field of automation. In the field of containerization and automation, Pavel Vomáčka is long focused on open source solutions.