DevOps means many things to many people, but the topic of automation is never far from any DevOps discussion. And when discussions turn to DevOps automation, Chef Software is likely to feature predominately.
Chef is perhaps best known as an infrastructure automation platform, with a straightforward scripting language that famously turns infrastructure into code. This ability to reduce all the vagaries of configuring even quite complicated operational environments to a simple computer program – one that DevOps teams can manage as they would any other code – sets the bar for DevOps automation across the industry.
Automating the configuration of the production infrastructure, however, represents only the Ops part of DevOps. In reality, DevOps reimagines the full lifecycle of the software-driven business, from the customer all the way to the underlying infrastructure, including everything – and everyone – in between.
DevOps professionals (for want of a better term) quickly find that Chef is only one tool in an increasingly complicated DevOps toolchain – a hodgepodge of commercial and open source tools that each tackle one aspect of the full software-driven business lifecycle.
In the spirit of DevOps catchphrase automate all the things, the market now calls for tools that would automate the DevOps toolchain itself – automaters of the automaters, as it were. So, people are asking “what can automate Chef?” as well as “what can Chef automate?”
Just one catch – automation is only a part of the DevOps story. In reality, it is more of a cultural shift, including new ways of organizing teams and new ways of collaborating. Automating the automation software can only take the DevOps effort so far. The real challenge at this level, in fact, is supporting collaboration as well as automation, without slowing down the lifecycle.
It’s no wonder, therefore, that collaboration is at the heart of Chef’s next major release, Chef Delivery. Chef Delivery is Chef’s new workflow automation product – but in reality, it is more of an automation-supported collaborative workflow platform.
True, Chef Delivery provides the capability to automate infrastructure, runtime environments, applications and compliance policies as code, but now it also provides a collaboration environment for the diverse members of the DevOps effort as a unified workflow.
Compliance and Security: the Missing Pieces – Until Now
In order to complete the full Chef Delivery story, Chef had to add compliance automation to the mix. Compliance – in particular, the ability to automate compliance with security policies – is an essential, yet frequently overlooked part of the DevOps lifecycle.
Traditional IT compliance tasks have been slow, manual processes – slowing down the DevOps effort as well as everything else IT supports. This compliance bottleneck is especially severe in heavily regulated industries, often limiting their ability to innovate.
To fill this gap, Chef acquired VulcanoSec, a security compliance automation vendor. Chef then reworked its technology into Chef Compliance, a new product it is announcing concurrently with Chef Delivery.
Chef is also launching the Inspec open source project. Inspec is a compliance runtime framework that includes a domain-specific language for authoring rules and rulesets. Inspec serves as an open source platform for SIs and enterprises to map regulatory standards like PCI to these rule sets.
By adding Chef Compliance to Chef Delivery, Chef is now able to provide customers with a shared pipeline and automated workflow for software development that moves code from a developer’s or operations engineer’s workstation through build, test, and production.
As a result, embedding compliance into the software development workflow turns many regulatory requirements into code that the DevOps team can test, version, and manage as they would any other code. Furthermore, companies can now automate their IT audits, generating reports that meet auditors’ needs in seconds, rather than going through days-long manual auditing processes.
Together, Chef Delivery and Chef Compliance provide a prescriptive process and pipeline for managing complex changes throughout IT. These tools automate the analysis, specification, testing, and certification of infrastructure, enabling enterprises to apply regulatory requirements at any scale.
The Intellyx Take
Out of the box, Chef Compliance works best with such prescriptive rules and policies – rules and policies that tell you specifically what you need to do. For example, a prescriptive policy might be “only these ports should be open on a particular server” or “only authorized employees may check in code.”
As the focus of compliance expands outside the technology-focused confines of IT, however, policies tend to be more descriptive than prescriptive. Most regulatory policies fall into this category. For example, Sarbanes Oxley specifies financial reporting requirements for public companies, but it doesn’t tell such companies the specifics of how to comply with those requirements.
This broader descriptive context for compliance is more of an opportunity than a challenge for Chef Compliance, however – an opportunity for SIs and other consulting firms to translate the broad brushes of the regulatory environment into the rules and policies that Chef Compliance and Inspec can automate.
A fully automated Sarbanes Oxley compliance audit may still be difficult to achieve, but now we have the tools we need in order to make progress toward such a lofty goal. One thing’s for sure: giving CFOs a button they can push that will automatically run such an audit will cement DevOps’s place as must have for every regulated enterprise. With Chef Delivery and Chef Compliance, DevOps efforts are well on the way to implementing this vision.
Intellyx advises companies on their digital transformation initiatives and helps vendors communicate their agility stories. Chef Software is an Intellyx client. Intellyx retains full editorial control over the content of this article.