DAIR Webinars: In Brief

Choosing Your Automation Tools – Webinar Transcription 

This post has been adapted from the DAIR Webinar, Choosing your Automation Tools, presented by Peter Heath of CENGN Academy. Click to here watch it. 

When considering Infrastructure as Code (IaC), what are the questions to consider? 

  • What is Infrastructure as Code (IaC)?  
  • How does it relate to cloud computing?  
  • What are some of the goals of an IaC approach?  
  • Which tasks can you automate and what are some of the popular automation tools that are on the market? 

What is Infrastructure as Code?  

At its core, Infrastructure as Code is the management of IT infrastructure by writing and executing code files. You use machine readable definition files to generate service components like virtual machines, networks, load balancers, etc. Think of it this way—anything that you can virtualize in a modern data centre, you can use IaC tools to create and configure those types of service components. Since you’re working with code files, you can use the same versioning and source control tools you use on any other source code within your organization.  

At its core, Infrastructure as Code is the management of IT infrastructure by writing and executing code files. You use machine readable definition files to generate service components like virtual machines, networks, load balancers, etc. Think of it this way—anything that you can virtualize in a modern data centre, you can use IaC tools to create and configure those types of service components. Since you’re working with code files, you can use the same versioning and source control tools you use on any other source code within your organization.  

How does IaC relate to cloud computing? 

IaC was key to the development of cloud computing. Virtual machines made it possible to run multiple separate servers on one single hardware box. IaC took this a step further, with tools enabling rapid deployment of those virtual machines or other resources based on the user’s needs. This provided users with excellent elasticity of their infrastructure. Instead of working with a local operations team to get resources in local infrastructure, a developer can start a virtual machine, use it, and delete it, all within minutes – sometimes even seconds. This level of flexibility is one of the main reasons for the massive growth we’ve seen in cloud computing today.  

Now, cloud providers certainly have their own tools, but recognizing that users value flexibility, they’ve also implemented existing IaC tools into their workflows. This means cloud providers have focused on creating systems that are predominantly API driven. API-centred cloud services allow providers to use their own tools to monitor their internal infrastructure while giving users flexibility in their choice of tools for provisioning and configuring. These resources can be created using API-centric tools, or directly through the cloud provider’s interface.

What are the goals of an IaC approach? 

Users can have various goals when considering an IaC approach, however, in this blog post we’ll be looking at these four: 

Combining Change with Stability 

IaC enables you to have an agile, responsive, and stable infrastructure that meets the needs of both developers and operators alike.  

It Makes Change Routine 

IaC grants you the ability to apply and monitor changes quickly, easily, and reliably. Since you’re working with code files, treating infrastructure like code decreases the time needed to scale and to respond to failures. This allows operators to mitigate future outages. 

Better Source Control 

Since code files are just code files, you can use the same source control and versioning tools for infrastructure code files that you use for application code files. You also have an audit trail of the changes that have been done on your infrastructure allowing you to have a clear understanding of how your infrastructure has and continues to evolve. And if for any reason something goes wrong, you can track back through this audit trail to find a stable spot that you can revert to. 


Implementing these IaC tools alleviates some of the repetitive tasks that are so taxing on IT operations resources. Furthermore, it allows IT operations teams to focus on mission critical tasks as well as their own self-development.  

What can be Automated? 

When considering an IaC approach, you must ask – which kinds of tasks can be automated? Let’s look at some of the most important tasks below. 


  • Provisioning means the setup of these different virtual resources, whether virtual machines, networks, storage, or containers. Operators can create reusable templates to set up these environments repeatedly, quickly, and reliably. 


  • Configuration is often the next step. You have a virtual machine, but you need to install and configure some kind of application on this virtual machine. Applications can be very complex with unique dependencies, ports, inputs, and permissions. Configuration management tools enable easy management of your applications regardless of their complexity, and they also give you the opportunity to check real-time application state changes while reporting on host state changes.  

Application Deployment 

  • With application deployment, it’s important to have automated testing during your application development lifecycle. IaC tools enable you to test both the application and the environment to ensure consistency on both levels and avoid breaking changes. 


  • The rise in microservice architecture has led to very complex applications spanning multiple hosts. Automated orchestration tools are therefore absolutely required to monitor and automate the application life cycle across these distributed systems. 

Of these four tasks, provisioning and configuration are the key types of tasks that you’re going to automate, but both application deployment and orchestration can benefit from some degree of automation.  

Popular IaC Tools 

 Provisioning tool that can also handle some basic configuration. 
 Configuration tool that can also handle some basic provisioning. 
 A key container runtime solution. 
 Container orchestration tool for managing and orchestrating massive deployments of containers. 
 Configuration tool  
 Configuration tool  
Configuration tool  
 Provisioning tool that’s customized to work with VMware, virtualbox, AWS, and some kinds of those cloud providers and virtualization machinery. 

Tool Considerations 

We’ve discussed what IaC is, and what it can do for you, the next question is – which tools should you be considering? There are many ways to think about that question, but for the purpose of this blog post let’s focus on the three following considerations: 


Provision vs Configure – What kind of task are you trying to accomplish?  

As we’ve previously discussed, two key categories of tasks that you might automate are provisioning and configuration. While there is some overlap between these two domains, for our purposes, let’s think of them as separate. 

Some tools are excellent for provisioning. Essentially, provisioning is the creation and removal of resources – they can create virtual machines, create storage, do some high-level modifications, and then tear them down.  

Configuration management tools are used to install and manage software on these existing resources. This could include things like rolling out software upgrades, firewall rules, rolling back of application versions and the like. They can execute commands against multiple machines simultaneously, a preferable option to having an operator sitting at a terminal working on each machine in a sequential fashion.  

You may find in your use case that you need to do some provisioning and some configuration. In this case, it’s best practice to select one tool for provisioning and another tool for configuration. Always use the tool that best fits that situation rather than using a tool to do things for which they are not designed. 


Push vs Pull – What communication method is used by the tool? 

Both methods, as shown below, are representing a client-server environment. In the push method, the controlling server pushes configurations out to a destination system. Using the push method, you use fewer computational resources and less networking resources because those resources are only consumed when the operator requests a change through the server and then pushes that out to the client nodes. 

In the pull method, the node, or configured client machine, requests updates or changes from the server. The node periodically checks what’s given as a configured or preferred state saved in the central server. It then compares it to its own current state (on the node) and if there’s a difference, it will pull a correction or an update from the server. You can immediately see that this is a higher level of automation, but it also requires greater use of resources like CPU and network, and it also increases the complexity of the system. 


Procedural vs. Declarative – What type of scripting language does your tool use? 

The two major classes are procedural and declarative automation languages. Procedural languages are written to go step by step through a script without regard to the current state of the infrastructure. Essentially, every line is a “do this” “do this” “do this” statement. Declarative languages focus on writing what the desired end state should be, then the tool takes care of the implementation. You state that “this” is my end goal, whereas in a procedural script, every line is “do this”. Below are a couple example templates: one using Ansible and one using Terraform. In both cases we’re going to create two instances on AWS, referencing the image to be used, as well as the instance type.  

Now you’ll notice that in a very simple case like this, there’s a lot of similarity in what we see. There’s a count, there’s an image given, and an instance type. If you start with blank infrastructure and run this Ansible script, it will create two virtual machines. From blank infrastructure, if you run this Terraform script, it will also create two virtual machines. With that in mind, let’s consider this scenario. You could take copies of both scripts and just change the count from two to five; now you have similar scripts, but they’re designed to generate five virtual machines. Let’s suppose that we have run the two virtual machine script from blank infrastructure, and then run the five virtual machine script after that.  

The Question  

If we do that with Ansible, how many virtual machines do we end up with? And if we do that with Terraform, how many virtual machines do we end up with? 

The Answer 

With Ansible, you end up with 7 VMs, while with Terraform you end up with 5.  

The Wrap Up 

Automation is a critical method to improving efficiency and will free up your technical staff to work on improving your products and services. If you plan correctly and answer the key questions outlined above, an Infrastructure as Code approach can facilitate that automation and have a massive positive impact on your business! 

For more information check out the demo

To learn more about the DAIR Cloud Program and how you can use it for your business, visit us at https://www.canarie.ca/cloud/

More on CENGN Academy:

CENGN is a not-for-profit organization with the vision to advance global technology innovation for the prosperity of all Canadians. Beyond offering commercialization services, the organization specializes in talent development, delivering cloud technology courses and certifications to Canadian professionals and students through their training program, CENGN Academy.  

CENGN Academy is a pan-Canadian training program and a key driver in bridging the skill gaps identified by the most advanced companies in cloud computing and networking technologies. By arming experienced professionals, new graduates and students with the most relevant skills in one of the most faced paced, growing industries in the world, CENGN Academy is working to advance the global competitiveness of the Canadian ICT workforce. 

To learn more about the CENGN Academy, and other courses presented by Peter Heath and his team, please visit https://www.cengn.ca/services/cengn-academy/