7 must-have cloud infrastructure automation tools

Learn how organizations can use automated provisioning tools to automate the configuration, deployment and management of their cloud-based infrastructure.

Modern workloads and aggressive delivery schedules force organizations to look for ways to help streamline IT operations and application delivery. Many are turning to tools that automate the processes of resource deployment and configuration, often to use them in conjunction with DevOps methodologies such as infrastructure as code and continuous integration and delivery.

But to choose the right cloud infrastructure automation tool is no small task because these tools can vary significantly. To help organizations with this process, there are seven prominent offerings that each take a different approach to provisioning cloud infrastructure and supporting automation.

AWS CloudFormation

AWS CloudFormation allows systems administrators to model and provision a set of related AWS and third-party resources and manage them throughout their lifecycles. They define templates to describe the desired resources and their dependencies, and CloudFormation uses those templates to provision and configure resources.

Key features

  • CloudFormation automates provisioning and infrastructure updates, with support for rollback triggers and changeset previews.
  • The AWS offering supports asynchronous replication and failover and failback capabilities through the use of multiple regions.
  • AWS data centers and networks are built to protect data, identities and applications, with support for AWS identity and access management (IAM).
  • The AWS offering complies with numerous industry standards, including Service Organization Control, or SOC; Payment Card Industry; Federal Risk and Authorization Management; Department of Defense Cloud Computing Security Requirements; and HIPAA.
  • Admins can manage CloudFormation through the AWS Management Console and deploy infrastructure through template submission.
  • Admins can generate AWS cost and usage reports and use rollback triggers to specify what they should monitor during stack creation.

Pricing. CloudFormation is free when admins use it with resource providers in AWS namespaces, in which case, organizations pay only for the resources they provision. Amazon charges for the use of other resource providers, starting at $0.0009 per handler operation for anything above 1,000 handler operations per month, per account.

Support and training. Amazon offers the AWS Free Tier level to help admins learn about AWS products, including CloudFormation. Amazon also provides documentation, videos and sample templates to help admins better understand how CloudFormation works. In addition, AWS offers three paid support plans: Developer, Business and Enterprise.

Key takeaway. Admins can use the AWS CloudFormation Registry to model and provision third-party applications alongside AWS resources. They can also provision a common set of AWS resources across multiple accounts and regions, with the ability to model their organization's entire cloud architecture in text files. CloudFormation automatically manages dependencies between resources.

Chef Automate

Chef Automate by Chef Software is an on-premises enterprise dashboard and analytics tool for infrastructure automation. It includes three core engines: Chef Infrastructure, Chef InSpec and Chef Habitat. Chef Automate enables cross-team collaboration with the use of a human-readable language and provides an auditable history of infrastructure changes.

Key features

  • Chef Infrastructure provides cloud infrastructure automation, Chef InSpec provides security automation and Chef Habitat provides application automation.
  • Admins can create a single backup of the product data deployed with Chef Automate and then restore the data as needed.
  • Chef Automate includes IAM and can automatically detect and correct security issues.
  • Admins can run agentless compliance scans and use predefined profiles to validate system security.
  • Chef Automate provides a single interface with multiple dashboards for infrastructure automation and observation.
  • Admins can use the event feed and dashboard reports to provide operational visibility and actionable insights.

Pricing. Chef Automate is part of the Chef Effortless Infrastructure Suite and the Chef Enterprise Automation Stack. The Infrastructure Suite starts at $16,500 per year for 100 nodes or targets, and the Automation Stack starts at $35,000 per year for 100 nodes, targets or service instances. Volume discounts are also available.

Support and training. Chef offers a 60-day free trial, as well as three types of training: public instructor-led courses, online tutorials and private training. For support, customers submit tickets via the web interface and Chef prioritizes support by severity.

Key takeaway. Chef Automate provides operational visibility across multiple data centers and cloud providers, with filterable dashboards for viewing configuration and compliance information. The auditing capabilities make it possible to scan servers, VMs, cloud architecture and SaaS offerings, while providing actionable insights based on real-time data. With Progress Software's acquisition of Chef Software, there's industry interest in how this increased R&D investment will help with the development of future Chef products.

Google Cloud Deployment Manager

Google's Cloud Deployment Manager enables organizations to create and manage a set of Google Cloud resources as a single unit, using the YAML declarative language. A YAML configuration file defines each resource that an admin should include in a deployment. A configuration file can also reference templates, which serve as predefined building blocks for creating infrastructure.

Key features

  • Admins can parameterize and use templates repeatedly to automate deployments.
  • Google Cloud Platform (GCP) supports replication and failover capabilities as part of the selected services.
  • GCP provides IAM and builds security through progressive layers with each infrastructure stack.
  • GCP meets compliance standards such as SOC, HIPAA and GDPR and supports additional compliance offerings.
  • Admins can manage Deployment Manager through the Google Cloud Console, which provides a single view of the entire deployment hierarchy.
  • Admins can use Cloud Monitor to discover and monitor their resources and view usage information and analysis reports.

Pricing. GCP customers can use Deployment Manager for free, paying only for the resources they use. However, Google imposes API limits and quotas.

Support and training. Google Cloud offers a limited, one-year free trial to new customers. It also provides several tutorials and how-to guides, as well as courseware and example deployments. Google Cloud offers four support plans: Basic, Development, Production and Premium. Basic is free.

Key takeaway. Google Deployment Manager's declarative approach enables customers to define the configuration they need and leaves it up to Google Cloud to determine how to deliver those resources. This enables customers to deploy multiple resources in parallel, and they can define resource dependencies and control implementation order.

Microsoft Azure Automation

Microsoft Azure Automation provides an automation and configuration service that offers complete control over deployments and operations in Azure, on premises and with other cloud providers such as AWS. Admins can write runbooks to automate Azure tasks or use Hybrid Runbook Worker to manage tasks outside of Azure.

Key features

  • Admins can orchestrate deployments across environments and trigger automations to fulfill requests and ensure continuous delivery.
  • The Azure infrastructure provides replication and failover capabilities, with a guarantee of at least 99.9% availability.
  • The Azure offering includes built-in security controls integrated into the hardware and firmware, as well as real-time global cybersecurity and role-based access control.
  • Microsoft Compliance Manager helps organizations manage their compliance requirements.
  • Admins can manage Azure Automation through the Azure portal and view the status of each runbook job.
  • Admins can monitor update compliance and machine configurations, as well as retrieve an inventory of OS resources.

Pricing. Azure Automation pricing is based on process automation and configuration management. Process automation pricing is per job execution minute and watchers per hour, and configuration management pricing is per managed node. For example, job runtime costs $0.002 per minute after the first 500 minutes per month. Configuration management charges apply only to non-Azure nodes.

Support and training. Microsoft provides a limited one-year free trial for Azure, as well as instructor-led training, quick-start tutorials, how-to guides and other documentation. In addition, Microsoft offers four Azure support plans: Basic, Developer, Standard and Professional Direct. Basic is free to all Azure customers.

Key takeaway. Organizations can use Azure Automation to manage any online service with a viable API. They can also integrate management systems with the use of serverless runbooks and automate and configure infrastructure at scale and across hybrid cloud setups. Azure Automation also provides consistent management across Windows and Linux OSes.

Puppet Enterprise

Puppet Enterprise is on-premises software for infrastructure and workflow management and configuration. It's a commercial version of the original Puppet and includes other components that support comprehensive configuration management.

Key features

  • The Puppet orchestrator can run several job types that control how organizations roll out configuration changes.
  • Puppet Enterprise supports backup and restore operations and uses Git to store all automation content in a controlled repository.
  • Puppet Enterprise provides role-based access controls that it assigns to users and groups, and uses HTTPS and 509 certificates to secure all communications.
  • Puppet Enterprise supports FIPS 140-2 standards and Puppet Comply enables systems to be assessed for compliance against Center for Internet Security benchmarks.
  • Admins can use the Puppet Enterprise web console to manage node requests, assign Puppet classes, view packaging and inventory data, and carry out other tasks.
  • Puppet Enterprise tracks performance and health metrics, monitors the status of the various services, and provides summary reports about key data and activity.

Pricing. Puppet offers flexible pricing options for multiyear purchases, larger volumes and academic institutions. Organizations should contact Puppet for pricing information.

Support and training. Puppet provides the Puppet Learning VM interactive tutorial so organizations can try Puppet Enterprise on up to 10 nodes. Organizations can also deploy Puppet Enterprise on AWS OpsWorks using Amazon's free tier, or they can test a containerized version of Puppet Enterprise in Docker. They can also use any of the 5,000 free, prebuilt Puppet modules. In addition, Puppet offers two support service levels: Standard and Premium.

Key takeaway. Puppet Enterprise offers both model-based and task-based capabilities to more easily scale a multi-cloud infrastructure, while providing support for DevOps methodologies such as infrastructure as code (IaC). It also offers prebuilt patching task automation for Windows and Linux to help standardize the patching process.

Red Hat Ansible Automation Platform

The Red Hat Ansible Automation Platform offers a set of tools for implementing enterprise-wide automation. The offering builds on the original Ansible project by adding features and functionality to achieve automation at scale. It includes the Ansible Tower, Ansible Engine, prepackaged content collections and the Ansible Automation Hub for finding precomposed content.

Key features

  • The offering uses playbooks that provide human-readable instructions for configuring, deploying and orchestrating resources.
  • Backup and restore capabilities are integrated into the Ansible Tower setup playbook.
  • Ansible Automation supports role-based access control, can integrate with Lightweight Directory Access Protocol services and includes built-in predictive analytics to identify security concerns.
  • Ansible Automation includes compliance checking and automation governance to meet compliance and procurement requirements.
  • The offering provides a web interface for centralized management and exposes a REST API that presents all resource as fully discoverable and searchable.
  • Admins can analyze usage, uptime and execution patterns and generate reports on the status of deployments.

Pricing. The Ansible Automation Platform is available in two editions -- Standard and Premium -- which differ in support and features. Red Hat offers discounts for multiyear purchases, larger volumes and academic institutions. Organizations should contact Red Hat or one its partners for a price quote.

Support and training. Red Hat provides a 60-day free trial and offers courses, videos, technical guides, reference architectures and other documentation. Both the Standard and Premium plans offer web and phone support, but the level of support depends on the plan.

Key takeaway. The Ansible Automation Platform offers a services catalog that provides additional automation resources, as well as the Private Automation Hub for collaboration on content within an organization. In addition, the software is now integrated with the Red Hat OpenShift Container platform, and it provides a callback feature that enables nodes to request on-demand configuration.

VMware vRealize Automation

VMware vRealize Automation is part of VMware's vRealize Suite and offers cloud infrastructure automation for private and multi-cloud setups. The offering includes several components: Cloud Assembly for provisioning, Service Broker for content aggregation, Code Stream for application and infrastructure automation, and Orchestrator for workflow management.

Key features

  • VRealize Automation provides consistent orchestration across hybrid and multi-cloud environments, with support for IaC and Kubernetes management.
  • Site Recovery Manager offers array-based replication and VM protections that include failover capabilities.
  • VRealize Automation uses Workspace One Access and Active Directory for identity management and enables admins to apply policies to projects and organizations.
  • The offering provides consistent governance and compliance across multi-cloud infrastructure.
  • Admins can access the primary Automation services from a centralized dashboard, with the ability to drill into the details of each one.
  • The platform's various services automatically generate logs that can be forwarded to vRealize Log Insight for more thorough analysis and report generation.

Pricing. VRealize Automation comes with the Advanced and Enterprise editions of vRealize Suite. Both editions are licensed under the Portable License Unit model, which enables admins to manage workloads across infrastructure. Organizations should contact VMware directly for pricing information.

Support and training. VMware offers free, hands-on labs to enable users to try out the product in a virtual lab environment. It also provides product documentation and several types of courses, including classroom, live online, and self-paced. In addition, VMware offers three support packages: Basic, Production and Premier.

Key takeaway. VRealize Automation provides service provisioning and operation capabilities across a hybrid cloud, and it helps to speed up infrastructure delivery and automate core IT processes. At the same time, developers can easily access traditional and cloud-native application resources, while supporting IaC agility and infrastructure pipelining.

Next Steps

How to create a runbook template for uniform documentation

Dig Deeper on Data center ops, monitoring and management

Cloud Computing
and ESG