Provisioning Infrastructure as Code Through Microsoft Backed Terraform
Quick and reliable public cloud deployments using Terraform
Enables users to describe public cloud environments in code
OK, the secret is out (our CTO Alex gave a talk about it, you can watch it below). One of the reasons Hentsū can deploy environments so quickly and reliably is because of the tools we’ve selected. We’ve been using HashiCorp Terraform to describe, deploy and maintain public cloud environments since the company was founded. So we were glad to see Microsoft recently announced a multi-year partnership with HashiCorp to enhance the Terraform Provider for Azure. This is great news for Terraform users, like Hentsū, who have already benefited from using the Infrastructure as Code method of provisioning.
What Exactly is Terraform?
Terraform enables us to describe public cloud environments in code (HashiCorp Language). Terraform can then compare a public cloud account to the code and create a plan of changes to bring the environment up to date. If the plan is acceptable it can then be applied by Terraform to create, update or delete infrastructure resources such as networks, routing tables, firewall rules and virtual machines. It does this rapidly with as much parallelisation as possible leading to a slick, reliable and iterative way of deploying and maintaining public cloud environments. Deploying additional environments (test, staging, production) becomes a copy & paste exercise, or we create reusable modules. Using a code versioning system, like Git, we can version control a public cloud environment and even rollback to a previous version if, for example, a firewall rule change didn’t have the desired result. Changes can be codified on a separate code branch, and a pull request and approval required to promote changes to the master branch. This makes for a robust change management workflow for business-critical production environments. The code commit history provides an audit trail of who changed what, and the commit notes describe why. Terraform requires administrative credentials to make changes to public cloud environments. Storing these securely is a challenge so we prefer to generate short lived credentials that are usable for maximum 1 hour. Also, as part of a release pipeline, a scheduler like Teamcity or Jenkins can apply approved changes on behalf of IT and development teams.
Hentsū and Terraform
Microsoft backing HashiCorp only confirms that using Terraform to provision resources on cloud platforms is becoming the standard way of deploying infrastructure. Hentsū has first-hand experience using the software to deploy infrastructure successfully for its clients.
How Hentsū can Help
Want to discuss using Terraform software to deploy onto the cloud? Contact us at: firstname.lastname@example.org
Cloud Connectivity: Linking Offices Across Two Continents
Cloud connectivity: connecting transatlantic offices through the public cloud
Forgoes expensive purchasing of capacity on monthly basis
Offers flexibility in scale and highly cost-efficient
Hentsu used Azure backbone network to connect offices across the Atlantic, saving thousands a month for our client
It’s no secret that running a business across continents has its challenges. Now imagine having to connect two office networks, only with an ocean in between. Traditionally, purchasing capacity on submarine cables would have been the only way to connect the two, but thanks to the cloud connectivity with Azure, Hentsū has come up with a more cost-effective and flexible way of conquering the ocean in between.
Cloud Connectivity across an Ocean
As part of some of the public cloud infrastructure work Hentsū provided for one of our clients recently, we connected their London and New York offices without the use of leased transatlantic links. These services, which are usually used to connect networks in different locations, are expensive and often leased on a one or three-year basis. Depending on factors such as bandwidth, a transatlantic link can cost roughly £8000 a month. A big financial commitment for most firms. Instead, Hentsū’s experienced consultants were able to come up with a more cost-efficient solution to spending thousands of pounds a month on connecting offices through cloud connectivity.
How it Works
By exploiting the fact that public cloud providers already have high capacity and highly resilient connections between regional datacentres, Hentsū connected the two offices through the public cloud provider’s own international backbone network. Essentially, Hentsū could reuse the link between the customer’s UK and US public cloud data centres, in order to create a wider area network (WAN) between the New York office and London offices. Once an office is connected to a local public cloud network point of presence, or site-to-site VPNs over internet, clients can reuse the public cloud provider’s backbone network to connect offices. While it’s possible to build a route between offices via the public internet, Hentsū connected the client’s offices through Microsoft Azure’s backbone network, as demonstrated in the below diagram. Azure’s VPN gateway service supports transit routing, and Border Gateway Protocol (BGP) enabled gateways will automatically learn routes to other sites via Azure. Although Microsoft ExpressRoute doesn’t natively support transit routing and will drop packets not destined for a vNet on Azure, it’s possible to build “transit VPNs” to a network appliance on Azure and tunnel traffic across ExpressRoute, known as an overlay network. As demonstrated in the diagram below. The benefits of an ExpressRoute Premium are that it can be metered (pay for what you use) or unmetered (fixed cost of unlimited usage). Not only is this cheaper than buying capacity on a transatlantic link, but it also offers flexibility as to when and where the link is no longer needed. Overall, this is another great example of yet another service the public cloud is able to offer to users.
How Hentsu can help
Want to know more about cloud connectivity and Azure? Come talk to us… You can contact us at: email@example.com