Infrastructure Provisioning vs. Configuration Management vs. Configuration Orchestration: How IaC Makes Them All Better

There are a lot of similar terms thrown around related to Infrastructure as Code (IaC) and understanding the difference between terms like infrastructure provisioning, configuration management, and configuration orchestration can get confusing. So, to start let’s talk about infrastructure provisioning. 

What is Infrastructure Provisioning? 

Infrastructure provisioning includes all the steps to get IT infrastructure ready for new resources such as devices. Server provisioning, for example, is setting up the server to be used on the network and making sure the network itself is ready to accommodate the server. This includes setting up the physical hardware, installing key applications and system software such as operating systems, and then making this work with the network storage and any required middleware. Network provisioning, service provisioning, user provisioning and cloud provisioning are all examples of this function. 

What is Configuration Management? 

Managing a myriad of machines and devices requires proper configuration management – loading them with the right software and making sure that the software can run. Configuration management is aimed at automating the configuration of individual systems, such as multiple servers, firewalls or routers.  

But how can you manage infrastructure when the number of machines you’re responsible for changes daily? “Configuration Management enables faster and more efficient deployments. It double checks to see if the appropriate configuration is consistently implemented across many environments, lowering the likelihood of mistakes and speeding up the release cycle,” the Developers Per Hour blog explained.  

What is Configuration Orchestration? 

IT has long known that when it comes to the management of complex systems, orchestration is essential. Orchestration helps to represent, model, configure and deliver complex systems. 

Orchestration is commonly represented via a topology model, a model that describes the order-of-operations across a group of machines, each of which can have a distinctly different purpose. Say you need to configure — and of course reconfigure or update configurations as the need arises—your database, cache layer, multiple application servers, web servers and load balancers. The Configuration Orchestration Topology Model will encompass these technology components, define how they interact, show interdependencies and use this model to drive configuration and provisioning.  

Configuration orchestration solutions should include scale, idempotency, flexibility and test-driven automation. Idempotency is a concept key to Infrastructure as Code (IaC). With it, regardless of how often you run an operation, or code in this case, the result is the same. 

Configuration Management vs. Configuration Orchestration 

So, what is the difference between configuration orchestration and configuration management? 

Orchestration manages and coordinates configuration pipelines and applies configurations via automation. Orchestration directs multiple tools and runs processes against multiple targets. 

“In modern IT environments, there is a need to manage configurations across multiple servers, virtual machines, containers, networking devices, and other components. Configuration orchestration helps streamline this process by providing a centralized platform or toolset to define, deploy, and manage configurations consistently and efficiently,” explained the Developers Per Hour blog. 

Configuration management is a step below orchestration, and it configures servers and other devices with the needed settings, credentials, applications, permissions, etc. The management aspect involves automating the configuration process so that not only can multiple devices be configured, but the configuration is tested and proven and only the vetted configurations are applied. It also helps device groups share the same updated configuration, which is critical for security as un-updated and non-patched systems are a major hacker target. 

Configuration orchestration goes beyond these individual systems or categories of devices and coordinates and manages configurations for multiple interdependent systems in a distributed infrastructure. 

What is the Difference Between Infrastructure Provisioning and Configuration Management? 

In IT, provisioning includes creating infrastructure to support new equipment and applications and doing the basic work to help support the work of the equipment and applications with the IT infrastructure. Configuration is the more detailed setup of provisioned IT resources for a particular use, user or set of users. 

How Does Infrastructure as Code (IaC) Fit in? 

IaC is a great help in provisioning and configuration and is the secret sauce that makes configuration orchestration even possible. 

First, IaC automates all three of these functions. Instead of manual configuration, policy creation, implementation and infrastructure management, the code automates all these tasks.   

“Automation not only accelerates IT tasks but also eradicates human errors that lead to numerous breaches and security threats. Indeed, misconfiguration is not just a significant security risk, but it also diminishes system availability,” states the 14 Infrastructure as Code (IaC) Benefits blog.  

Repeatable Proven Processes   

With IaC, the IT, DevOps and DevSecOps teams can develop processes that are proven to be effective and implement them automatically and consistently whenever required. 

Manage IT Tasks at Scale   

IaC is ideal for the hundreds — often thousands — of devices an enterprise might have. “Let’s say you have a Java application that needs to be deployed on a single machine. You don’t need automation for that — you can do it manually,” explains freeCodeCamp. “But what happens when a single machine cannot handle the load and you need to deploy your application on 10 or 50 or 100 more machines? Rather than manually deploying your application on every single machine, you can write code that does it for you.”   

IaC and Configuration   

The only way to master configuration management is to implement a policy as code-based automation solution that keeps environments consistent. 

Progress Chef enables DevSecOps teams to create pipelines that can cross both internal and external boundaries, standardizing environments and processes locally within the data center and up in the cloud. 

As a result, you get a dynamic environment that’s stable no matter how complicated your configurations are. When your application deployment and infrastructure changes move at the same pace, your entire IT organization functions better. 

In fact, environmental configurations are foundational to application and business success. A DevSecOps team that turns configuration into code can apply the same tools and processes you use on your applications to efficiently and successfully prepare environments to run applications. 

Here are a few ways IaC can automate configuration management:   

  • Use policies: Policy as Code brings discipline to your configurations and also helps support fleet-wide compliance.  
  • Test policies: By testing policies before applying them to configuration tasks, you understand that the code works and can become an immutable solution.
  • Use workflows: Workflows are part of your configuration code development and also determine how this code can be applied.   

Rebuild and Reproduce Systems and Configurations   

Proven processes not only apply to new systems and tasks but are used to rebuild or reconfigure existing systems that might have had a problem or need an update.   

The New, IaC way to Provision 

Infrastructure as Code redefines and extends what it means to provision. IaC excels not just at configuration. In fact, by offering continuous configuration, it is also a master at provisioning as well.  

Chef Provisioning lets IT idempotently create and converge machines, images, load balancers and other infrastructure, no matter where they are: cloud, bare metal, virtual machines or containers. This is the next step in configuration management: Infrastructure as Code. 

Chef already does an excellent job describing and automating the software on individual machines in your clustered application. Chef Provisioning harnesses the simplicity and power of Chef to go one step further: to describe and automate the whole cluster with Chef, hardware to network to software. The concept of Infrastructure as Code is that when you write your cluster configuration down as code, suddenly your clusters become testable, repeatable, self-healing, idempotent and, most importantly, easy to understand. 

Chef Provisioning features include the ability to: 

  • Describe your application cluster with a set of `machine` resources 
  • Deploy many copies of your application cluster (test, integration, production, etc.)
  • Spread your cluster across different clouds and machines for redundancy and availability
  • Orchestrate your deployments, making sure (for example) the database primary comes up before any secondaries
  • Speed up your deployments by parallelizing machines with `machine batch` 

IaC and Orchestration 

Orchestration is where IaC really shines. “Configuration orchestration promotes the Infrastructure as Code paradigm, treating infrastructure configurations as software code. By doing this, infrastructure management gains the advantages of software development practices like version control, testing, and code review. It allows for collaboration between development and operations teams, bringing them closer together and fostering a DevOps culture,” the Developers Per Hour blog argued. 

Can Configuration Management and Configuration Orchestration Be Used Together? 

Absolutely! Configuration management and configuration orchestration cannot just be used together, but orchestration relies upon solid configuration management underpinnings. Configuration management is really aimed at individual systems or groups of like systems such as having a common configuration for firewalls.  

Orchestration takes tested, proven and vetted configurations from your configuration management system and uses them to orchestrate configurations across larger swaths of your IT environment, applying them to different yet interdependent systems. 

How to Choose the Right Approach for Your Needs  

Nearly every shop needs provisioning and configuration. New gear must be provisioned so it fits properly in the network and configured so it works properly. Unless your devices are fixed or you add precious few new bits of IT infrastructure, you will need configuration management to make the process more efficient and facilitate safe operations for these items. 

More complex and dynamic shops would benefit from configuration orchestration. 

One Chef customer, Bank Hapoalim, sped application delivery and IT configuration and deployment.  “We wanted to focus on doing standard, repeatable work. We saw that we were doing the same tasks again and again but each time the result was a bit different because the person who was doing the job now was not the person who did the job before,” said Oz Sharon, team manager for the Israeli-based bank. “Consequently, we had a lot of services that were all slightly different from each other. We wanted to reach a point where we could do the same thing repeatedly, without any changes between deployments. We needed to know that our servers were always in compliance with the bank’s standards. The other thing we wanted to do was get rid of the boring things that take a lot of time like creating a special server with software on top of it or hardening servers.” 

Progress Chef applies Infrastructure as Code to perfect provisioning, as well as configuration management and orchestration. Learn more about how Chef can assist your needs.



Doug Barney

Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.