Automating infrastructure in a highly secure environment
A new way of managing infrastructure
Bank Hapoalim is Israel’s largest bank and was named by The Banker magazine as Bank of the Year in Israel for 2015. The bank’s Unix and Linux team has been using Chef for only about five months and they have made enormous progress automating their infrastructure in a highly secure environment. The team uses Chef for configuration management and, less conventionally, they are also using their Chef server as a package and proxy package repository. The Chef server deploys and installs the application packages on production servers.
The bank has heterogeneous infrastructure that includes various flavors of Linux and Unix as well as Windows. Currently, the team is using Chef to manage hundreds of Linux nodes, with plans to start managing hundreds more Windows nodes and, of course, new Linux/Unix servers as they are added.
The decision to automate with Chef was driven by concerns that will sound familiar to many who are responsible for an organization’s infrastructure. Oz Sharon, the team’s manager explains, “We wanted to focus on doing standard, repeatable work. We saw that we were doing the same tasks again and again but each time the result was a bit different because the person who was doing the job now was not the person who did the job before. Consequently, we had a lot of services that were all slightly different from each other. We wanted to reach a point where we could do the same thing repeatedly, without any changes between deployments. We needed to know that our servers were always in compliance with the bank’s standards. The other thing we wanted to do was get rid of the boring things that take a lot of time like creating a special server with software on top of it or hardening servers.”
In the short time that they have been using Chef, the team has already seen significant improvements in deployment time. For example, creating a stack that includes bootstrapping a Linux server, hardening it, and installing the application server along with other software used to take days. It now takes minutes.
Not only have they significantly reduced the number of human errors but they can manage their infrastructure consistently across several DMZs. Chef has given them better control across the organization, even in areas that aren’t obvious. For example, the bank has operators who handle calls and problems from internal customers at night and, with Chef, the team has been able to standardize their menus.
Pavel Jeloudovski, Senior Systems Administrator
What do we plan to do with Chef? The answer is simple—everything. We are going to have a cutoff at the end of the year where nothing goes into production unless it's coded. Our goal is to code everything, check it in test, check it in pre-production, and do it all with Chef.
When asked to sum up their experiences with Chef, Pavel, Oz and Naftali all agree that Chef is central to how the bank will handle infrastructure and software deployment going forward.
Naftali says, “Obviously, it’s great to be able to automate things that take up a lot of time, and Chef enables us to focus on other skill sets and to work on other important areas where we need to devote our attention. Also, it’s a new, great technology for us. We’re jumping all over it. I’ve basically integrated all my projects into it already and I’m already finding great benefits. It’s the future. If your eyes are open to that, you should pick it up.”