1
00:00:00,000 --> 00:00:00,870
In this lesson,

2
00:00:00,870 --> 00:00:02,430
we're going to talk about infrastructure

3
00:00:02,430 --> 00:00:05,760
as code, which is used for automation and orchestration.

4
00:00:05,760 --> 00:00:09,450
So let's talk about this IaC, or Infrastructure as Code.

5
00:00:09,450 --> 00:00:12,390
Essentially, Infrastructure as Code is the ability to manage

6
00:00:12,390 --> 00:00:15,000
and provision infrastructure through code instead

7
00:00:15,000 --> 00:00:16,680
of through manual processes.

8
00:00:16,680 --> 00:00:19,410
The term infrastructure here is also rather generic.

9
00:00:19,410 --> 00:00:21,690
It can refer to virtual machines that contain servers

10
00:00:21,690 --> 00:00:24,900
or clients, or virtual devices like switches, routers,

11
00:00:24,900 --> 00:00:27,330
firewalls, and other security appliances.

12
00:00:27,330 --> 00:00:29,670
To use Infrastructure as Code effectively, we need

13
00:00:29,670 --> 00:00:32,365
to also use scripted automation and orchestration.

14
00:00:32,365 --> 00:00:33,780
Now, scripted automation

15
00:00:33,780 --> 00:00:34,950
and orchestration are used

16
00:00:34,950 --> 00:00:36,990
in cloud computing all over the time.

17
00:00:36,990 --> 00:00:39,600
This allows our development, security, and operations teams,

18
00:00:39,600 --> 00:00:41,310
or the DevSecOps team

19
00:00:41,310 --> 00:00:43,800
to rapidly deploy things like a new router switch

20
00:00:43,800 --> 00:00:46,320
or even an entire network complete with servers

21
00:00:46,320 --> 00:00:47,970
and security devices.

22
00:00:47,970 --> 00:00:50,730
The best part of all this is that it is less error prone,

23
00:00:50,730 --> 00:00:53,160
and it's a lot faster than having our network technicians

24
00:00:53,160 --> 00:00:56,220
or system administrators building out these things manually.

25
00:00:56,220 --> 00:00:58,890
The great thing here is that if we use scripted automation,

26
00:00:58,890 --> 00:01:01,020
we're relying on a computer script to do most

27
00:01:01,020 --> 00:01:03,630
of the hard work, and once you have a well-written script,

28
00:01:03,630 --> 00:01:05,370
it can be reused over and over again

29
00:01:05,370 --> 00:01:07,140
and it will never make a mistake.

30
00:01:07,140 --> 00:01:08,910
So this allows us to get a lot

31
00:01:08,910 --> 00:01:10,440
of our deployments done faster

32
00:01:10,440 --> 00:01:12,600
and in a much more secure way.

33
00:01:12,600 --> 00:01:14,730
Now, when we're talking about Infrastructure as Code

34
00:01:14,730 --> 00:01:16,620
or IaC, it really comes down

35
00:01:16,620 --> 00:01:19,500
to three key areas when you're doing your implementation.

36
00:01:19,500 --> 00:01:22,650
This is scripting security templates and policies.

37
00:01:22,650 --> 00:01:24,480
Now, scripting will let you perform a series

38
00:01:24,480 --> 00:01:26,670
of actions in a particular order or sequence,

39
00:01:26,670 --> 00:01:28,800
and it can even include some basic logic

40
00:01:28,800 --> 00:01:30,330
to ensure the right things are being deployed

41
00:01:30,330 --> 00:01:32,130
based on the current conditions.

42
00:01:32,130 --> 00:01:34,770
Security templates and policies are then going to be deployed,

43
00:01:34,770 --> 00:01:36,900
and these contain a series of configuration files

44
00:01:36,900 --> 00:01:38,550
that are applied to the different devices being

45
00:01:38,550 --> 00:01:40,170
deployed in your environment.

46
00:01:40,170 --> 00:01:42,900
These might include network settings, access control lists,

47
00:01:42,900 --> 00:01:44,760
group policies, or permissions.

48
00:01:44,760 --> 00:01:46,380
Now, automation is great,

49
00:01:46,380 --> 00:01:48,390
but where Infrastructure as Code really excels

50
00:01:48,390 --> 00:01:50,610
is through the use of orchestration.

51
00:01:50,610 --> 00:01:52,620
Orchestration is the process of arranging

52
00:01:52,620 --> 00:01:54,210
or coordinating the installation

53
00:01:54,210 --> 00:01:56,430
and configuration of multiple systems.

54
00:01:56,430 --> 00:01:58,710
In most implementations, it really comes down

55
00:01:58,710 --> 00:02:01,140
to running the same task on a bunch of different servers

56
00:02:01,140 --> 00:02:03,180
or devices all at the same time,

57
00:02:03,180 --> 00:02:06,480
but not always on every single server or device.

58
00:02:06,480 --> 00:02:07,620
This is where machine learning

59
00:02:07,620 --> 00:02:09,330
and logic are going to come into play.

60
00:02:09,330 --> 00:02:10,693
If you're using some robust orchestration

61
00:02:10,693 --> 00:02:12,150
that's been properly configured

62
00:02:12,150 --> 00:02:15,000
and tested, you can lower your overall IT costs,

63
00:02:15,000 --> 00:02:17,670
speed up your deployments and increase your security.

64
00:02:17,670 --> 00:02:20,791
So it really becomes a win-win win for our organizations.

65
00:02:20,791 --> 00:02:24,150
Now, as an aspiring network technician, you might be worried

66
00:02:24,150 --> 00:02:26,250
that infrastructure as a code might put you at a job

67
00:02:26,250 --> 00:02:28,560
someday, but really it's just being used

68
00:02:28,560 --> 00:02:29,760
to automate the most boring

69
00:02:29,760 --> 00:02:31,890
and tedious portions of your job.

70
00:02:31,890 --> 00:02:33,360
It is designed to ease your burden

71
00:02:33,360 --> 00:02:35,578
and allow you to focus on more higher level tasks instead

72
00:02:35,578 --> 00:02:37,890
of just installing a hundred more virtual switches

73
00:02:37,890 --> 00:02:40,110
or routers using some boring checklist.

74
00:02:40,110 --> 00:02:42,360
So don't worry, have no fear.

75
00:02:42,360 --> 00:02:44,220
There is nothing but goodness here when it comes

76
00:02:44,220 --> 00:02:45,720
to Infrastructure as Code.

77
00:02:45,720 --> 00:02:47,720
Also, Infrastructure as Code is the basis

78
00:02:47,720 --> 00:02:49,954
of everything we do in horizontal scaling

79
00:02:49,954 --> 00:02:52,740
or scaling out within our cloud environments

80
00:02:52,740 --> 00:02:54,420
when we need to use elasticity.

81
00:02:54,420 --> 00:02:56,850
So it is really important to embrace it.

82
00:02:56,850 --> 00:02:58,620
Now, one of the things you have to be careful

83
00:02:58,620 --> 00:03:01,410
of though is that when you're using Infrastructure as Code,

84
00:03:01,410 --> 00:03:02,460
people in your organization

85
00:03:02,460 --> 00:03:05,880
who believe they might have some kind of a special project,

86
00:03:05,880 --> 00:03:08,310
I like to call these the special snowflakes.

87
00:03:08,310 --> 00:03:10,680
Remember, with Infrastructure as Code, we are trying

88
00:03:10,680 --> 00:03:13,440
to embrace standardization templates and scripts.

89
00:03:13,440 --> 00:03:14,640
So when you have people

90
00:03:14,640 --> 00:03:16,410
who think they have a special snowflake,

91
00:03:16,410 --> 00:03:17,970
this can lead to trouble.

92
00:03:17,970 --> 00:03:20,075
After all, if they have a special snowflake project,

93
00:03:20,075 --> 00:03:22,050
they believe they have to be able to go

94
00:03:22,050 --> 00:03:23,640
and create their own infrastructure

95
00:03:23,640 --> 00:03:24,960
to support their project

96
00:03:24,960 --> 00:03:26,910
instead of relying on the standard infrastructure

97
00:03:26,910 --> 00:03:29,760
that you provide to everyone else through IaC.

98
00:03:29,760 --> 00:03:32,100
These people don't really care about your standardization

99
00:03:32,100 --> 00:03:33,930
and all of your scripting and all the efficiencies

100
00:03:33,930 --> 00:03:36,240
that you've already gained by embracing infrastructure

101
00:03:36,240 --> 00:03:38,126
as code, using orchestration.

102
00:03:38,126 --> 00:03:41,580
Instead, they want to create something as a one-off system,

103
00:03:41,580 --> 00:03:43,260
and when that happens, you end up

104
00:03:43,260 --> 00:03:44,640
with this special snowflake.

105
00:03:44,640 --> 00:03:46,590
And these special snowflake systems are any system

106
00:03:46,590 --> 00:03:49,410
that is different from the standard configuration template

107
00:03:49,410 --> 00:03:51,420
that's used within your organization's infrastructure

108
00:03:51,420 --> 00:03:53,010
as code architecture.

109
00:03:53,010 --> 00:03:55,290
Now, the problem with this is that it adds risk

110
00:03:55,290 --> 00:03:57,000
to your overall security posture,

111
00:03:57,000 --> 00:03:58,980
and it also adds a lot of configuration problems

112
00:03:58,980 --> 00:04:01,140
and long-term supportability problems for you

113
00:04:01,140 --> 00:04:03,515
because it's a one-off system, the lack of consistency

114
00:04:03,515 --> 00:04:06,540
that you're going to find in a special snowflake system

115
00:04:06,540 --> 00:04:09,120
is going to lead to a lot of issues for you down the road,

116
00:04:09,120 --> 00:04:10,650
especially in terms of security

117
00:04:10,650 --> 00:04:12,030
and your ability to support it

118
00:04:12,030 --> 00:04:13,710
after it's moved into production.

119
00:04:13,710 --> 00:04:15,600
This is because you have a one-off system

120
00:04:15,600 --> 00:04:17,555
and it is by definition unique and it doesn't look

121
00:04:17,555 --> 00:04:20,519
or act like every other system that you support.

122
00:04:20,519 --> 00:04:21,660
Think about it this way.

123
00:04:21,660 --> 00:04:22,710
Pretend you're in a large

124
00:04:22,710 --> 00:04:24,210
environment that's operating in the cloud

125
00:04:24,210 --> 00:04:26,940
and you have thousands upon thousands of virtual machines.

126
00:04:26,940 --> 00:04:28,710
Now, out of all those virtual machines,

127
00:04:28,710 --> 00:04:30,480
we have just one that's different.

128
00:04:30,480 --> 00:04:31,830
When somebody calls up and says something

129
00:04:31,830 --> 00:04:33,030
isn't working properly,

130
00:04:33,030 --> 00:04:34,680
now you have to figure out is it something with

131
00:04:34,680 --> 00:04:36,600
that special machine that's causing the problem,

132
00:04:36,600 --> 00:04:39,390
or is this a bigger problem across your entire cloud?

133
00:04:39,390 --> 00:04:41,113
This is now a really big support issue for you

134
00:04:41,113 --> 00:04:42,930
and your team, and it can lead to a lot

135
00:04:42,930 --> 00:04:45,120
of security headaches in the long run.

136
00:04:45,120 --> 00:04:47,156
For this reason, I always want to eliminate these special

137
00:04:47,156 --> 00:04:50,370
snowflakes because we want everything to be consistent.

138
00:04:50,370 --> 00:04:52,740
By keeping things consistent and using carefully developed

139
00:04:52,740 --> 00:04:55,350
and tested scripts, we can end up using orchestration

140
00:04:55,350 --> 00:04:56,700
extremely efficiently

141
00:04:56,700 --> 00:04:59,370
and securely, which maintains a good solid baseline

142
00:04:59,370 --> 00:05:00,363
for our networks.