By Clayton Siemens
Senior Azure Architect, Atmosera
As more and more companies move workloads into the cloud, the number of options for automation tools is growing and the tools themselves are increasingly getting better.
This blog takes a dive into four great automation tools for deploying and managing workloads in Microsoft’s Azure platform. Each tool in the list outside of the Azure Native Tools has free and enterprise options. Generally, the enterprise options don’t add functionality but do add support plans.
Automation terms to know
Configuration Management and Orchestration
Generally speaking, automation is broken down into two categories: configuration management and orchestration. At a high level, configuration management tools will look for configuration issues at the resource level and apply the necessary code to remediate the issue. For example, we may have twenty VMs in our Azure environment and we are using automation to keep them all on the same patch version. If the automation finds a VM that is not patched appropriately, it will apply the missing updates.
On the other hand, orchestration tools look for issues at the environment level and will re-provision resources to remediate the issue. So, if a technician inadvertently deletes a VM or SQL database, the orchestration tool will automatically redeploy the missing VM or database after its next scheduled run. The tools we will be looking typically fall into one or the other category as their primary function but can also provide both functions in some cases.
Declarative and Procedural
The method by which automation tools operate also generally falls into two categories: declarative and procedural. Declarative code “declares” the desired result rather than the process by which to achieve that result. If we reuse the previous example environment, the automation code would define the steady state as 20 VMs and if we needed to add 5 more, we would change the code to reflect a count of 25.
In contrast, procedural code defines the process that we want to run to effect a change. So, to move from 20 to 25 VMs, our code would be an explicit statement to add 5 VMs to the environment. Again, the tools we will look at below generally fall into one camp or the other but can operate in both ways in some cases as well.
Ansible is an increasingly popular open source configuration management tool. It can be used for orchestration, but the primary function is configuration management and it is best used in that function. Ansible utilizes the YAML language which is known as a “human readable” language, making it much easier for those without deep software development backgrounds to learn. Ansible operates using playbooks that define the infrastructure to be provisioned in a procedural method. Playbooks can be used to provision individual resources, multiple resources, or even an entire environment. Another great feature of Ansible is the Ansible Tower. This is a web-based UI and dashboard that is run off of a RedHat Azure Marketplace image that allows administrators to perform a large number of tasks without writing code.
Terraform is another open source tool but is exclusively an orchestration tool using declarative code. Like Ansible, Terraform is quickly becoming the tool of choice for many DevOps engineers for its ease of adoption and solid performance. Terraform uses a proprietary language developed by the Terraform developer, Hashicorp (HCL) and can also use JSON. As far as coding languages go, HCL is quite intuitive and easy to learn. A great feature of Terraform is the “Terraform Plan” tool which allows the administrator to run a simulated job to ensure the job performances as expected and gives a detailed breakdown of issues if it finds any.
SaltStack is quickly making a name for itself as one of the best configuration management tools for organizations with compliance requirements. Like Ansible, SaltStack uses the YAML programming language, giving it a low barrier for adoption. Where SaltStack sets itself apart from Ansible or Puppet is the focus on security compliance with a tool called SaltStack SecOps. In essence, the SecOps tool allows administrators to define a security policy for the infrastructure and SaltStack continuously scans the environment for deviations, applies remediations and provides reporting. Another standout feature of SaltStack is the SaltStack Cloud tool. This is a web-based tool that allows management of Azure or other public cloud environments, much like Ansible Tower.
Azure Native Tools – Azure Automation, ARM Templates and Azure DevOps
Microsoft has created a very robust set of automation tools to work in Azure and if you don’t need a multi-cloud solution, they are a great way to go.
Azure Automation can be thought of as a hybrid orchestration and configuration management tool. It allows administrators to create runbooks and run them on schedules to perform management tasks and provides desired state functionality. It can be integrated with Azure Resource Manager (ARM) templates to automatically provision infrastructure and can be used to create webhooks that allow secure interaction with elements of the environment without access to other elements. For example, a webhook to scale up a database can be created and run by a technician that otherwise has no access to the environment.
Azure DevOps and Azure DevOps Pipelines are tools to integrate automation into a CI/CD pipeline which is the final piece of the journey to automation. Using a CI/CD pipeline for automation allows us to tightly control the automation code development and deployment which becomes increasingly necessary as environment complexity increases.
Which cloud automation tool is best for you?
Choosing the right automation tool for your environment can often come down to testing different options and deciding what matches your workflow best. For environments that do not change often, Terraform might fit best. If you have strict compliance requirements like PCI-DSS, SaltStack might work best. Or if you have administrators who don’t have extensive development experience, Ansible might be the best option for you. Conversely, if you have developers that have been working in the Microsoft stack, Azure native tools could be the best option.
We encourage you to experiment with each one of these tools and find the tool or combination of tools that works for your organization. If you would like to speak with an expert about Azure or Azure automation tools, Atmosera’s experienced Solutions Architects and DevOps engineers are here to help you. Contact us today to speak with an Azure expert.