Introduction to Provisioning

On Sunday afternoon, I had the pleasure of sitting in another of Geoff Halprin's training courses: the new "Introduction to Provisioning" tutorial. Provisioning seems like something we all already know how to do -- something Geoff will readily admit to. His stated goal is to get system administrators to think more deeply about the things they already know, and deep he went in this course. By his own admission, a fair amount of time was spent down rabbit holes. This, of course, doesn't imply that the content was unhelpful.

Provisioning is a part of the infrastructure lifecycle (plan, build, transition, operate, retire) with three parts: standards, pre-provisioning, and provisioning. Standards drive automation. Automation requires clear, concise, consistent, and unambiguous rules. Without automation, there is no predictability, and that leads to downtime. The goal is to reduce inputs to attributes specified in a build request, so that a decision tree can be followed.

Anything that cannot be generated unambiguously, synchronously, and reliably is a good candidate for pre-provisioning. Resources with a manual fulfillment process should be buffered and pre-provisioned. Standard resource pools such as hostnames, IP addresses, and storage LUNs can also be pre-provisioned.

By standardizing and pre-provisioning resource pools, the act of provisioning becomes a simple exercise in allocation. The resources are allocated, the actual build occurs, and the relevant records (for example, the CMDB) are updated. Getting the right environment, however, sometimes requires post-provisioning configuration of basic services. Some of these go to all hosts, for example: DNS configuration and authentication settings. Next come host customizations, kept to a minimum, to enable the particular purpose of a machine. Standard options (such as databases and web servers) and the final applications come last, each using as much of the configuration management tools as the lower layers as possible.

One of the many resources that gets provisioned is the network, and Geoff laid out several different network types that each host needs to have. The first type is the in-band management traffic, which includes normal flows like syslog, SNMP, EPO, and other management services. Out-of-band management traffic is of the highest priority and must always get through, includingSSH, RDP, and SNMP-trap. Distribution of large data sets or replicated traffic, such as that generated by SCCM or EPO, should occur on a distribution traffic network. Configuring the network to separate each type onto a separate VLAN and using QoS to ensure the out-of-band traffic has highest priority is critical.

The lynchpin to the provisioning process is automation; automation ensures reduced variance, reduced effort, reduced manual steps, and drives consistency into the fleet. However, licensing can make this difficult, especially with regards to virtual machine products. Some products have to be licensed as if they have access to the full power of the server farm. Others require usage-tracking software in order to support "sub-capacity" licensing. Another complicating factor is the ever-present cloud. The most common cloud model is a hybrid approach, which allows the existing datacenter to stretch into an external cloud provider. Cloud standards are still in their infancy, so provisioning tools and processes will have to adapt as the standards gel.