IaC (Infrastructure-as-Code) is becoming ubiquitous in the EUC (End User Computing) community and within the datacenter. Automation and declarative infrastructure for on-premises VDI and cloud digital workspaces, such as Microsoft AVD (Azure Virtual Desktop) or AWS WorkSpaces, is now mainstream.
Vendors such as Citrix now advocate the use of technologies such as Terraform and Ansible for deployments. Those products that also cover APM, DevOps monitoring, and end-to-end monitoring have long been integrated into IaC workflows. EUC adopters have access to mature, stable options.
IaC and How it Relates to Monitoring Tools
Infrastructure-as-Code (IaC) is becoming universal for defining and automating the creation and deployment of IT infrastructure. Higher-level languages and scripts are used to define the infrastructure that applications run on. These frameworks include networking, servers, data storage, and so on.
This is all taking place as auto-scaling and auto-deployment becomes standard, as well. As a result, IaC may now define how infrastructure should auto-scale up or down to service the needs of applications.
eG Innovations Stands Apart with IaC Considerations
eG Enterprise is one of very few EUC monitoring products that also covers unified APM (Application Performance Monitoring), infrastructure monitoring, and cloud monitoring. As such, we have constructed our product to work within the new normal of IaC. This allows our tools to overcome challenges traditional monitoring tools will face.
One common customer scenario we encounter in APM use cases is the deployment of SaaS (Software as a Service) Java-based apps deployed within containers on application servers such as Tomcat or WebLogic. Often they are running on public clouds such as Azure and AWS (Amazon Web Service). As demand fluctuates to maintain key metrics such as application response times, frameworks like Kubernetes are leveraged to spin up new infrastructure (e.g., additional servers) to service increased demand.
The performance and availability of the apps and services, though, is the business-critical need. It is essential to monitor infrastructure that may be temporary and automatically deployed (or destroyed). Those deploying EUC will now face the same challenges when moving from static manually deployed systems to IaC methodologies.
Mapping Traditional EUC Admin Task to IaC Workflows
There are often many steps involved in monitoring infrastructure. Traditionally, an EUC system administrator maintaining a static on-premises deployment must perform tasks manually to gain monitoring insights via a console. Such tasks may include:
- Installing agents to harvest metrics (e.g., within a Windows OS) to collect perfmon counters
- Configuring what has to be monitored on a server
- Setting the credentials needed for monitoring
- Making any changes needed in an app stack to support monitoring (e.g., for APM)
- Setting and tuning thresholds, if required, to trigger alerts (e.g., if a server’s CPU usage exceeds 90%)
- Assigning the monitored component to the respective teams with dashboards and via ITSM integrations
- Removing components to be monitored (e.g., when servers are decommissioned)
- Un-assigning the removed component for respective teams
Achieving Full Automation with IaC
When implementing IaC, the ultimate goal is full automation and the removal of manual intervention and effort. Ideally, everything would be set up automatically. That will include full and comprehensive monitoring functionality for the infrastructure.
This means, as a monitoring vendor, we need to include features to enable monitoring within automation frameworks. The administrator or architect designing and deploying IaC will then need to leverage technologies from monitoring vendors. Alternately, the architect may script their own functionality and consider requirements, including:
- No manual installation of agents is necessary – a silent, automated way is needed to install agents.
- Either the IaC code should configure, for example, a server for monitoring, or you must have auto-discovery and configuration enabled.
- Most modern monitoring products are built around AIOps (Artificial Intelligence for Operations) engines. They will automatically baseline usage and set thresholds without the need for manual configuration. This enables automating the implementation of alerts for anomalous behavior and events on dynamically changing infrastructures.
- Auditing and traceable logging functionality within the monitoring product is important in order to know what has been deployed and configured and how.
- How corrective actions can be used to allocate/deallocate resources, such as additional virtual machines, based on different parameters like system resources consumption, TCP connections, utilizations, etc.
Configuring Monitoring for IaC Implementation
If you need to configure monitoring on a server using code, for example, you will need to use either a CLI (Command Line Interface) or API (Application Programming Interface) supplied by the monitoring tool. It is also critical to implement functionality, such as:
- Credentials must be provided as defaults, so a specific configuration is not needed. If a specific config is preferred, you should provide an API/CLI for this.
- Changes to app stacks must be possible through script configurations (e.g., setting env variables in scripts and passing them to the app).
- Assignments – If the monitoring tool does not do this, you will need to do this through code using the CLI/API.
- Removing a component, the CLI/API should provide the functionality to do this.
Key Requirements for Monitoring Tools to Work with IaC
When evaluating monitoring tools to automate these workflows, those implementing IaC need to consider whether monitoring tools and platforms offer certain key requirements:
- The silent install scripts for agents.
- A supported CLI or REST API to enable the IaC code to perform the necessary steps automatically.
- Whether auto-discovery is supported. This will minimize the amount of IaC code that needs to be written. Auto-discovery of this type is also needed for dynamic, auto-scaling environments, and so, may be a requirement regardless of the IaC goals.
- Are automated bulk actions supported to automate component removal or dormant user accounts?
- Public cloud vendors charge their users based on their utilization. IaC may need to consume billing data beyond resource metrics from APIs/CLIs as input data for scaling and allocation decisions.
Agentless Monitoring for IaC
In some scenarios, agentless monitoring may be an option. In that case, you may not have to install an agent for each device. However, you will have to map the device being added to existing agents. The logic to do this (who to contact and when) should then be coded into the IaC scripting.
Security must be a forethought for all of these requirements. As a vendor, we have to implement features with secure communication in mind. This is particularly essential with regard to auto-discovery and agent communication. Always avoid bad practices such as listening on open TCP ports.
Key Questions to Evaluate Monitoring Products for Use in EUC IaC Workflows
Naturally, IaC is far more established and mature in DevOps and APM workflows. This means that those adopting automation for EUC use cases have the advantage of maturity of workflows and tools. It also means that EUC monitoring vendors need to be transparent and cover key questions in APM and DevOps.
Key Questions in APM and DevOps for IaC Compatability
What are the product’s AIOps (Artificial Intelligence for Operations) monitoring capabilities?
Automated definition and deployment is the new reality. It is a reality where IT infrastructure can be expected to constantly change and scale. Modern monitoring platforms and tools invariably include an AIOps engine leveraging machine. These machines learn to process data on scales and timescales beyond that feasible for the manual operator or system administrator.
Are there mature and rich REST APIs (Application Programming Interfaces)?
Clearly, if you have an interest in DevOps and automation, you will expect your monitoring platform to have proven and extensive APIs to integrate. Can the vendor provide examples or advice on how to integrate and deploy their product with products such as Terraform?
Can the product monitor your DevOps and IaC infrastructure?
What key metrics, logs, and errors does the product capture from tools now critical to your infrastructure, such as GitHub, Jenkins, Helm, Bitbucket, and Ansible? (For eG Enterprise, see our technologies page where you can explore our domain-specific modules for all these technologies.)
Is the setting of thresholds and alarm conditions for alerting automated?
A key feature of monitoring products designed for IaC is that they will automatically configure alerting thresholds and alarms for components. Moreover, many will support dynamic thresholds that self-tune to alert on anomalous behaviors, removing the need for manual setup.
Is there a comprehensive centralized audit that covers bulk, API-driven operations and IaC workflows?
The product should have automated audit logs and reporting capabilities. Further, it should record deployment and changes made via IaC workflows and tools. Additionally, manual administration configuration should be reported. Logging should record how, when, and the details of components auto-discovered or added to the monitoring platform. (See: eG Audit Log.)
How good is their cloud and container framework support?
A transition to IaC methodologies and workflows is often associated with the uptake of flexible infrastructure services and frameworks. If the product is deploying IaC on clouds, such as Microsoft Azure, Amazon AWS, or leveraging orchestration and container frameworks such as Kubernetes / OpenShift and Docker, you will need a monitoring product that covers those technologies and services to the same level as their EUC coverage of technologies, such as VMware and Citrix. (See monitoring of Microsoft Azure, Amazon AWS, Kubernetes / OpenShift, and Docker for examples.)
Preparing for the Future with IaC
IaC is, without a doubt, the future. But beyond automating the creation and change of infrastructure, those enabling it must include functionality such as well-architected monitoring into their designs. This will serve to ensure they have a manageable infrastructure. That, in turn, will give insight for troubleshooting. Additionally, it will provide the vision for long-term capacity planning and security, and optimizing usage to costs.
Simplify with eG Enterprise
eG Enterprise offers world-class IT Infrastructure monitoring. If your company is taking the step to adopt IaC, there is no need to leave your system at risk. Our solutions offer user-friendly, uncomplicated dashboards to easily visualize and troubleshoot the problems that arise with operating an enterprise.
Related Further Information
- Read about IaC for Microsoft Azure
- Details of eG Enterprise Support for IaC and automation – APIs, CLI and Power BI Integrations: APIs for IT Monitoring Solutions
- Learn about DevOps tools common in IaC workflows including Jenkins and Ansible in the Top DevOps Tools List
- Scripting and automation within eG Enterprise: Automation & Scripting for Monitoring Systems (eginnovations.com)
- Computer Weekly ran a recent series of articles covering all aspects of IaC, see: Infrastructure-as-Code series: Practical monitoring in an IaC universe – CW Developer Network (computerweekly.com)
- Learn about AIOps engines and the features at the heart of monitoring platforms leveraged within IaC workflows: AIOps Tools – Proactive Monitoring
- Read more about VMware’s commitment to IaC: vRealize Automation & Terraform : Infrastructure as Code & Catalog Broker – Part 2 – VMware Cloud Management and Using Infrastructure as Code to Automate VMware Deployments (hashicorp.com)
- An overview including links to relevant articles explaining What is Infrastructure as Code – IAC