Cloud Migration System
By providing the ability to launch and scale environments on-demand, cloud platforms have allowed organizations to iterate faster than ever before. Before the benefits of the cloud can be reaped, however, there are some challenges that need to be addressed. To effectively migrate to the cloud, organizations need to understand how to identify and meet their responsibilities in the cloud, how to manage environments across on-premises and cloud platforms, how to modernize their applications to take advantage of cloud resources, and how to maintain visibility into their entire estate as their environments grow.
While significant, these challenges are not insurmountable! Chef allows you to define configurations and requirements as platform-agnostic code, ensuring you have the ability to quickly and consistently deploy your solutions on-prem or in the cloud without having to re-invent your processes for each.
Applying this practice of Continuous Automation ensures that your organization can move workflows to the cloud quickly, efficiently, and safely, so you can continue to innovate at the velocity your customers demand.
Start by Understanding Cloud Responsibilities
One advantage of migrating workloads to the cloud is the ability to offload some operational responsibilities to your cloud vendor. Even so, it can be difficult early on to determine to exactly what extent these tasks no longer need to be managed directly. Thankfully, cloud providers illustrate this with the Shared Responsibility Model, which defines where their responsibilities end, and yours begin.
Even in cloud environment, you’ll still be responsible for ensuring that the instances you create are properly patched, and your applications securely configured. By contrast, physical security to the datacenter and management of infrastructure are the sole responsibility of your provider. Cloud vendors provide a variety of tools for managing everything from network architecture to shared storage, where responsibilities will be shared. You no longer need to provision and maintain complex task-specific hardware, but are still responsible for ensuring you configure your cloud provider’s services securely.
InSpec is a compliance and security automation tool that can help you ensure your responsibilities have been met in your datacenter and in the cloud alike. With InSpec you can define your compliance as code, allowing continuous evaluation of your environments, and providing you with up-to-date insight into everything from system patching to software vulnerabilities to formal regulatory compliance. InSpec has built-in cloud resources that allow you to validate your cloud services with the same rigor as your bare metal systems.
|Data classification & accountability||●||●||●||●|
|Client & end-point protection||●||●||●||● ●|
|Identity & access management||●||●||● ●||● ●|
|Application level controls||●||●||● ●||●|
|Network controls||●||● ●||●||●|
|Host infrastructure||●||● ●||●||●|
|Identity & access management||●||●||●||●|
At a high level, configuring a virtual instance in the cloud is not significantly different from configuring a bare metal or virtual server in a datacenter. Why then do we often maintain completely separate deployment scripts and procedures between our environments? The short answer is that manual processes and traditional scripting languages aren’t flexible enough to easily adapt to different platforms, and as organizations migrate to the cloud, this problem can effectively double their operational overhead with duplicated efforts.
Chef is a configuration management tool that allows you to define your infrastructure as code. Chef code is platform agnostic by design, and can be easily extended to support multiple environments on a single codebase. When Chef runs on your systems, it collects profiling information that can be used to inform its execution. This includes everything from resource availability (e.g. how much memory does my server have?) to cloud-specific data (e.g. Is this instance deployed to Amazon EC2?). Having this data as its disposal allows Chef to take conditional action based on what it discovers. This allows you to apply a consistent configuration across environments and cloud providers, and dynamically address any differences between them.
Modernizing Your Applications
As your organization migrates to the cloud, you have an opportunity to further optimize your deployments by modernizing your applications to take advantage of the services and deployment paradigms cloud platforms offer. This can be a daunting task, as each cloud-native Software as a Service (SaaS) solution and container platform represents new technologies your teams need to learn to be effective. What’s more, some legacy applications can be difficult to modify, and can be difficult to migrate effectively.
Augment Your Migration with Chef Automate
The key factor that drives organizations to adopt cloud platforms is the ability to scale their environments on-demand. As your estate grows, it becomes vitally important that you can maintain visibility into how those environments are evolving over time. Chef Automate provides not only a unified window into every system you manage with Chef, but provides filterable real-time and historical data for configuration changes and compliance scans, ensuring you always know exactly what’s happening in your environments.
Chef, InSpec, and Habitat give you everything you need to automate your infrastructure, compliance, and applications. Chef Automate augments their capabilities by providing:
- Know every change that’s been made to your chef environment, and how many systems were impacted.
- Full, filterable history of every configuration change made by chef, on every system you manage.
- Agentless scans of servers and cloud APIs, providing you the ability to evaluate security and compliance anywhere.
- Weighted Compliance reports and aggregated status views ensure you enter audits with confidence.
- A built-in library of security profiles, including the Center for Internet Security’s (CIS) benchmarks and Department of Defence’s Security Technical Implementation Guides (DISA STIGs), and an asset store for your homegrown profiles.