- Why Use Centralized Configuration Management for Cloud?
- Enhancing configuration management
- Case Study: Delta by MSC
- Conclusions: the benefits of a Centralized Configuration Management
In cloud-native environments, independent services are distributed across many virtual machines, containers, and countries. Here’s how MSC applied a Centralized Configuration Management to tackle this complexity in Delta, a .NET headless solution to optimize container re-use for intermodal freight transport.
Why Use Centralized Configuration Management for Cloud?
Configuration management can be a bit messy at the best of times. Trying to keep track of parameters and secrets across several environments is, itself, a difficult task. When you add continuous deployment across cloud architecture into the mix, it quickly gets hard to keep track of everything, let alone make sure all of your config data is known and understood.
Fortunately, centralized configuration management offers a solution to keeping your organisation in lockstep with itself while still allowing for capacity to scale as needed. However, before you can understand the benefits of centralized configuration management, you need to understand the problems that it solves.
Poor Data Visibility
Configuration data sprawl is a significant cause of poor data visibility and can be unavoidable as your organisation starts to scale up and incorporate cloud architecture. Every environment and tool you incorporate will come with its own set of parameters and secrets, and not having a globally available single record can make things over complicated very quickly.
centralized configuration management allows for a much better understanding of how your various systems work together, making it much easier to optimise your operation and ensure that security breaches don’t happen. You will be able to track all changes to your configuration, regardless of what they’re relevant to.
Keeping your applications available is a constant challenge, and one that can be expensive when you are not up to that challenge. With a centralized platform, you can more easily prevent misconfigurations, rather than react to the results of those misconfigurations. This will enable you to stop downtime from occurring in the first place, as well as empower you to react more quickly and effectively when downtime does occur.
Of course, uptime isn’t the be-all and end-all of success for your organisation, but there’s no question that it’s a significant part of that success, especially when dealing with growth and audience satisfaction.
In the world of cloud architecture and cloud-native applications, online services, and apps, new features are often the main way to gain an edge over the competition. Developing those new features is only part of the battle, however; you then have to roll them out to your customers.
The key to a speedy rollout is cohesion; your teams need to work in complete synchronisation so that delays in development can be avoided. Keeping everything in lockstep also allows for more efficient and productive workflows, something that can be hard to maintain when dealing with multiple complex environments, each with its own configuration. centralized configuration solutions reduce that complexity, and make it easier to track down misconfigurations that would otherwise have interfered with deployment.
Being able to roll things out quickly is obviously important, but that velocity shouldn’t come at the expense of security. If your secrets management is inadequate, it could leave your APIs exposed, especially as those APIs become increasingly large, complex, and numerous.
Being able to clearly address preventable threats is one of the most effective ways to maintain security, and, with centralized configuration, one of the easiest. By funnelling important tasks across your different configuration management systems through one centralized system, you make it easier to enforce access control, track security certificate expirations, and more.
As the value of data continues to climb, and the cost of data breaches—both in monetary value and in bad PR—increases, and as more applications become cloud-native, it’s more important than ever to ensure your systems are secure. Using centralized configuration management doesn’t guarantee that security, but it does make it significantly easier to attain.
Savings in Cost and Time
All of the above—reducing the chance of data breaches, improving efficiency, and enabling faster feature rollouts—translates to an overall saving in costs and time. Additionally, having everything working through one cohesive system will allow your organisation to deal with problems more quickly, and remove some of the chaos that cloud architecture can introduce.
There are also many less-quantifiable ways in which your time and money can be saved, such as the happiness of your team. Though hard to measure, it’s no secret that a happier team is generally a harder working team, and working on systems that are cohesive and easy to manage results in happier teams.
Enhancing configuration management
There are many methodologies and tools that go into effective configuration management, largely guided by the twelve-factor app methodology. Understanding the concepts and use-cases is essential for understanding why these methods and tools are necessary, and why the twelve-factor app methodology has proved so successful for cloud-native applications.
Automation and GitOps
Automation has proven to be one of the most effective ways to increase efficiency and reduce costs in many walks of life, and configuration management is no exception. Using software to perform configuration management tasks automatically not only increases the speed at which those tasks can be executed, but also reduces the cost of performing them. Here’s where Build-Release-Run (factor N5 of the 12-factor app) comes into play, as it requires CI + CD pipelines to deploy from the repository to the server/host. Once the CI pipeline is successful, the CD pipeline will automatically run and attach the configurations of the backing services, and after that step is complete, it will proceed to start the application.
On the other hand, GitOps is an operational framework that can be used to automate the process of provisioning infrastructure. With GitOps, configuration files are stored as code that will then be used to generate the same infrastructure environment each time it is deployed.
Zero Trust Security Model
As the name implies, a zero-trust security model is centred on the belief that nothing should be automatically trusted, regardless of whether it is inside or outside of the organisation. By requiring verification on anything and everything, you dramatically reduce the chances of a security breach.
The importance of encryption is long-established in any network-based service or protocol, and that importance remains when working with cloud architecture. Encryption makes it orders of magnitude more difficult for malicious parties to get anything useful from intercepted data, something that is incredibly important when sending sensitive information across a public network like the internet.
The management of configurations is increasingly a difficult task, but a fundamental aspect of the twelve-factor app methodology. As organisations grow to encompass multiple disparate systems, keeping configurations organised becomes exponentially difficult. Adequate configuration management can be the difference between an efficient, agile infrastructure and an unmanageable one. One example of this—as per the twelve-factor app methodology’s call for dev/prod parity, which aims to keep development, staging, and production as similar as possible in the creation of new environments.
Azure App Configuration
Azure App Configuration provides a service that can be used to manage application settings and feature flags. Designed to make it simple to manage configurations across different components—including those that are cloud-native—Azure App Configuration lets you keep all of your settings in one place, easy to access, modify, and generally manage.
Azure Key Vault
One of the problems with centralising your applications is that of security. It can be all too easy to find yourself with a “single point of failure” problem if not careful. Azure Key Vault serves as a solution to this problem by allowing you to keep securely store secrets, as well as manage keys and certificates.
Case Study: Delta by MSC
What is Delta?
Delta integrates Azure App Configuration and Azure Key Vault using a headless .NET environment, allowing for the optimisation of container re-use for intermodal freight transport. It handles the collection of location information from other MSC services. This information is then used to plan routes thanks to the integration with a leader location technology platform and to optimise the reuse of the containers through a tailored algorithm. The benefits—other than more efficient use of your transportation methods and container space—include reduced fuel consumption.
Optimising the Usage of Containers
Freight containers are a big and heavy item to transport in and of themselves, so it makes sense that they would be one of the most important areas of intermodal freight transportation to optimise. Making more efficient use of your containers can lead to enormous cost savings. Having a complete picture of where everything is in real-time makes it considerably easier to plan advanced routings.
Reducing the fuel consumption of your transportation network leads to a lower carbon footprint. At a time when the environmental impact of supply chains is increasingly under the microscope, increasing the sustainability of your freight transport is a must.
Freight transport involves a lot of sensitive information, and accessing that information in cloud-native applications carries a great deal of risk.Integration with Azure Key Vault ensures that information stays secure.
Conclusions: the benefits of a Centralized Configuration Management
There are many advantages to switching to a cloud-native environment, but there are many challenges, also. Keeping track of configurations across many disparate systems is one of the more significant challenges, but with centralized configuration management and adherence to the twelve-factor app methodology, that challenge becomes more than manageable. And, in doing so, allows your teams to work more efficiently and cohesively, and your organisation to be more agile.