Keeping Your Cloud Infrastructure In Check

Planning ahead will save you headaches in the future

May 19, 2022 - Corey McMillan

The thing about IT Infrastructure is it is always growing. Nothing is ever static in this business, the project scope now is very different than what it will be in a few months, and it's hard to anticipate what it will look like in a year or two from now. That's why it's important to think strategically about any foundations you are building as platforms ready for the future.

I like to use the phrase "grown organically" when I find an IT platform that has been used for several years. That's a polite way of saying it's a mess. I also understand that no one set out to make a mess, they just built the platform for how it was needed and let it grow from there. I see this most often in Virtual Private Cloud environments like AWS or Azure. Initially the scope might have been for one or two servers, but now it has a dozen, with different security groups, networks, and naming conventions.

It gets to the point where people become afraid to touch it because it's all tangled up. Generally speaking, when we find this, we often recommend rebuilding from scratch and moving resources into a newly organized environment. This type of operation can be time consuming and costly.

Network Segmentation

This might sound obvious, but it's critically important when setting up new environments like this to think not just about how it's going to be used now, but how it will be used in the future. That means making sure you have large enough networks (Think /16s), with separate subnets already configured. Even if you don't need it now, go ahead and create public, private, DMZ, prod, dev, or any other networks you could ever need. Generally speaking, they don't cost anything extra and it will help prevent the sprawl. On that same front, plan ahead on your network rules, name them something obvious and try and keep them broad whenever possible. (DMZ to Prod, or web-servers to database).

Use Tags Often

Another useful and nearly universal tool is tags. Almost every platform uses this concept, and you should be utilizing it. Do you want to assign resources by department? Wouldn't it be nice if you could sort all your systems based on what data they process, or whether they need to be PCI compliant? Tags are the answer. Set them up early so they're more likely to be used when new resources get created.

Doing these things now, helps prevent an engineer in the future hastily creating one-off rules or networks to try and get things done on a deadline. However, it's important to recognize that you'll never be able to know everything your systems will be doing in the future, but the more you set up in the beginning the more likely your conventions will stick, and the less likely you'll need to hire someone to clean up the mess that has "grown organically"

About the Author

Corey is an enterprise-ready technologist with years of experience working with multiple managed service providers supporting businesses in regulated industries. He has deep foundations in Cloud, Virtualization, Operating Systems, Networking, and Security as well as IT management and business operations.

Follow him on Linked In

About Us

In our blog you'll find posts about our take on the challenges and solutions involved in modern information technology for small businesses.

Our goal at Criterion Technology is to provide solutions that are the right fit for your business regardless of size. We provide Enterprise quality IT support, consulting, and innovative technology solutions to small, medium, and emerging businesses.

Follow Us

Stay in Touch