Are you currently experiencing an attack?

Are you currently experiencing an attack?

What is Immutable Infrastructure?

Summary

As the name implies, “Immutable Infrastructure” (II) refers to infrastructure that does not change.

Keep reading: Related Content

More Topics

Summary

As the name implies, “Immutable Infrastructure” (II) refers to infrastructure that does not change.

What is Immutable Infrastructure?

As the name implies, “Immutable Infrastructure” (II) refers to infrastructure that does not change. When an organization uses II, its approach is to provision  infrastructure components (e.g., servers, Docker containers, and so on), and never touch them again. 

II means that components are never updated. If an update is needed, the existing component is destroyed and replaced by a new one.

This is very different than a traditional approach, which is based on individually-configured servers that are maintained, patched, and updated over time. As time passes, configuration drift will occur, and these resources will become “snowflake servers.” As the name implies, a snowflake server is unique and unlike any other server. It usually becomes fragile as well, judging by the reluctance of admins to change anything on it (for fear of breaking something). 

The uniqueness of snowflake servers makes it very difficult to reproduce them, so they tend to be nurtured and maintained (often with a growing amount of anxiety among the admins). As time passes, cruft accumulates, and drift and decay occur. This can lead to security vulnerabilities and other problems.

II solves this problem by doing away with snowflake servers. No infrastructure component is allowed to drift and become a unique single point of failure. Instead, all components are standard and interchangeable. When a component has become obsolete, or has outlived its original purpose, it is destroyed. And if a new component is needed, it is deployed.

This has many benefits, especially an increased robustness of the infrastructure. Infrastructure components tend to be more stable, since each one is always in a fresh “out of the box” configuration. And system administration becomes much easier; instead of manually configuring, maintaining, and patching servers, engineers just destroy and replace them as needed. 

For an organization to use Immutable Infrastructure, it must also use Infrastructure as Code (IaC). IaC means that infrastructure resources are defined by, and managed from, source code. Immutable infrastructure then dictates how that management is done.

These practices have many benefits beyond the ones described already. If the organization has moved to the cloud, infrastructure provisioning and deletion can be automated and programmatically controlled. This is an important requirement for CI/CD, as well as DevOps and DevSecOps. When an organization embraces all of these, its speed of software development and delivery, and the quality of the code produced, can drastically increase. 

Increased security is also a major benefit:

  • When the infrastructure is maintained programmatically, direct server access is usually not needed. Access methods such as SSH or Remote Desktop can be turned off, which reduces the attack surface. 
  • The number of people with administrative permissions and privileges can be reduced. (If a script is doing all the resource provisioning, then only the script needs a sufficient level of permissions to do so.)
  • If an attacker did somehow manage to compromise a resource, the problem will be short-lived. Even if a backdoor were installed, it would be wiped out when the resource is destroyed and replaced.

Performance and availability can also be enhanced by IaC and II. Because all infrastructure components are standardized, they are interchangeable, and can be created and destroyed as needed. Thus, when workloads increase, resources can be autoscaled upwards. When workloads decrease, resources can be scaled back. The system can maintain itself and ensure that it always has sufficient capacity to remain fully responsive to its users.

Get your price quote

Fill out your email below, and we will send you a price quote tailored to your needs

This website uses cookies to ensure you get the best experience on our website.