Microsoft and Hashicorp announced a multi-year collaboration agreement in August, targeted at improving support for Azure resources in Terraform, Hashicorp's multi-cloud provisioning tool. This was soon followed by a similar announcement by Google, promising improved integrations with the Google Cloud Platform.
Terraform is a mature multi-cloud solution, currently spanning across 69 cloud providers, decoupling provisioning from vendor-specific tooling and lock-in. On-premise, hybrid and multiple clouds are supported through the use of cloud-specific providers, which allow their capabilities to be provisioned using Terraform's, cloud agnostic, Hashicorp Configuration Language (HCL).
Speaking at NDC Oslo in July, in a talk titled Terraform - Colonising Azure, Stefan Magnus Landrø demonstrated the benefits of multi-cloud, by provisioning cross-cloud integration across DigitalOcean, AWS and Azure. Landrø stated that “the unique thing about Terraform is that you can combine resources found with different cloud providers in one big infrastructure.” He presented a combination of VPSs in Digital Ocean and Azure, together with AWS’s Route 53 for DNS. Justifying this use-case, Landrø says:
Weighted health check is a feature you find only with Amazon right now; that's a unique feature of their cloud you don't find that with Google or with the native DNS provider in DigitalOcean or in Azure. So that's kind of cool because then you can pick and choose from the best stuff that you can find with the best cloud provider and plug it into your infrastructure and.. you get the best of all clouds.
Cloud providers are demonstrating a clear interest in lowering their own barriers to integration. Since signing their collaboration agreement, Azure has already integrated Terraform configuration into its web-based Azure Cloud Shell, which enables provisioning through a browser-based shell. Corey Sanders, their director of compute, blogged that it enables "using Terraform from anywhere your phone can go." Azure's principal program manager Hariharan Jayaraman was recently interviewed on MSDN's Channel 9, where he demonstrated the simplicity of using Terraform to define and deploy Azure resources using HCL in Cloud Shell. He explained that while Terraform is built on Azure Resource Manager APIs, it also “offers more by providing a (verifiable deployment) plan.” Jarayaman stated that:
Enterprises are getting confused, they don’t want to train their DevOps engineers in multiple formats. Terraform allows DevOps engineer to use the same format to describe resources in AWS or Azure.
Hashiconf held in September also saw the release of Terraform Module Registry enabling community supplied solutions to common provisioning patterns. The registry provides a "place to publish, version, and share modules. For module consumers, the registry is a central place to discover, use, and collaborate on modules." According to Hashicorp, this makes it "easier for partners and community members to share and collaborate on modules and also to update and version modules to continuously make improvements to infrastructure configurations." Microsoft also announced having already released a number of new modules into the registry.
Avoiding lock-in through a multi-cloud strategy also provides financial and competitive advantages, according to Jason Fyre, BMC’s Vice President of Digital Innovation. He was recently interviewed by Forbes on the release of Discovery for Multi-Cloud, BMC's discovery and visualisation tool for multi-cloud infrastructure. Fyre commented:
(Multi-Cloud) allows (organisations) to model what a workload might cost if they were to run it on Amazon or Azure, or potentially keep it on-site. Sometimes when we do those models, customers find out that the workload might be less expensive to run on-site than the cloud, or vice versa.
In June of this year Nicky Watt, CTO of OpenCredo, gave a talk at HashiDays London, demonstrating a typical journey from a simple Terraform configuration to a more sophisticated enterprise provisioning, whilst warning to avoid a state which she describes as the "Terralith."
Watt describes the Terralith as a "monolithic configuration" which "evolves from a proof of concept," with heavy reliance on "local state and a single configuration file." It is characterised by an "inability to deploy environments separately".
DigitalOcean recently updated their tutorial on Droplet (VPS) provisioning using Terraform's DigitalOcean provider, which illustrates a reduced need for familiarisation with vendor-specific tooling. It takes you through the deployment of a repeatable configuration for two nginx instances fronted by haproxy. For the author this reduced cloud vendor-specific configuration to provider variables and having DigitalOcean trusted ssh and API keys.
Tools such as Terraform reduce the barrier to entry across a range of clouds to a single abstraction. As with all solutions the onus for how this scales is on continuous improvement and evolution of the implementation and surrounding processes.
Watt reminds us:
It's not just about the structure of your code, you also need to think about how you're going to evolve the processes and the sort of orchestration system that manages this.