Self-service provisioning 101
Imagine this scenario. Back in the mists of time—say, a couple of years ago—a software developer needed to set up a test environment for an enterprise IT project. She approached the task with a deep sigh, knowing it would take a while. First, the developer filed a ticket with the IT department, listing the resources she'd need, such as a virtual machine with a certain operating system and system tools installed. Then, she met with IT to justify the resources; waited for the capacity to free up from some other project; waited for someone in IT to implement her configuration; and had a troubleshooting meeting with IT because they did it wrong (or she gave them a wrong spec). Finally, days or even weeks later, the developer had an environment ready for testing.
You might recognize that process all too well, because you've experienced it yourself. A developer simply needs a set of technical resources, yet somehow that leads into a frustratingly long and laborious negotiation process with lots of yak shaving.
Fortunately, it no longer works that way—or at least it doesn't have to.
One practical benefit of cloud computing and DevOps is the emergence of self-service provisioning (sometimes called automated provisioning), whereby tech-savvy users (such as developers) set up or launch a service or application without the active participation of dedicated IT personnel. The requested services are provided in an accurate configuration and on an accelerated timeline. They are bound by IT's policies but without IT's manual involvement.
"The prime advantage of automated provisioning in the cloud is quite simply the automation, predictability, and speed of preparing a resource for an internal or external customer," says Vic (J.R.) Winkler in his book, Securing the Cloud. This way of exposing and allocating cloud computing resources makes life easier for the developer, enables faster results for application owners, maintains compliance and security protocols, and gives more predictable automation to IT staff. And it probably means less hissing and spitting in interdepartmental meetings when the developer discovers that Todd in IT set up the server with the wrong configuration…again.
As a result, that same developer today can order the resources for her test environment using a portal that looks like an e-commerce site or directly through an API. And it is set up in minutes. Correctly. The first time.
Self-service provisioning lets everyone focus on serving customers instead of wrestling with a bespoke business process. "That's really the end goal," says Brian Besand, a product marketing manager at Hewlett Packard Enterprise. "Not just to spend less time provisioning infrastructure, but to reinvest that efficiency, and to bring better products and services to market faster."
Some IT administrators may worry that self-service provisioning gives users the ability to do whatever they want, with whatever data they want, at any expense. That never ends well.
However, in its efforts to keep the organization safe and ensure it stays up and running, IT already defines the "who has access to what" policies. Self-service provisioning is simply a shift into defining those policies ahead of time. The mental shift necessary is to move into a model of predefining "yes" and "no."
A good self-provisioning infrastructure gives IT more control and predictability. "It uses role-based management, increases visibility across resources, integrates with existing identity management systems, and gives administrators greater control over who is doing what where," Besand says. Self-service provisioning lets administrators limit who has access to a certain type of data, identify which teams can spin up resources in its data center on the other side of the world, and keep an eye on expenditures.
Besand argues that shadow IT is a much riskier proposition than self-service provisioning. Shadow IT happens when developers go off the reservation to provide their own resources from the public Internet or in-house systems. "Development teams can quickly run into issues with cost, compliance, and data security that could be better handled in-house," he adds.
Self-service provisioning can help IT admins avoid data breaches or noncompliance issues, because the provisioning solution—whether homegrown or a customized utility—can keep users from accessing systems they shouldn't or taking data somewhere that isn't permitted. And, ideally, the in-house system should be good enough that users aren't motivated to look at shadow IT options.
Start small and iterate
As with other shifts in business processes—even, and especially, good ones—it's sensible to start with a small project before deploying widely. "Make mistakes when they're small, and make them fast," says Besand. "Bring a startup and agile mentality into the workplace."
It's important to assess where you are right now (What systems are you using? What are the limitations?) and where you want to be (What systems do you want to use? In what manner? Who should have access to what?).
There are plenty of resources to help you get started with self-service provisioning, including a site with design patterns to guide you in designing cloud authentication processes or resource workload management, and expert advice about setting customization limits and managing approval flows.
Besand advises any enterprise IT department to work with a trusted advisor. "We're not just talking about a new piece of software," he says. "We're talking about a new work style and a new way of looking at your IT resources holistically, and as something that meets the broadest number of users in the fastest way possible."
As with workflow shifts elsewhere in an organization, this does need to be a partnership. "There's no spirit guide to magically tell you the answer," Besand says. "Your IT department already knows what is successful, what is not, what challenges they face, etc. Outsiders can help to connect the dots and get you to where you want to go."
Make sure your implementer can help you choose the right tools (not only the single vendor whose partner program for which the vendor signed up) and knows those tools inside and out. A company that specializes in DevOps processes can work with you to set up the right permissions and workflows, says Besand, and it can help to transform your business so it can use self-service provisioning as efficiently as possible.
Adopting self-service provisioning: lessons for leaders
- Self-service provisioning isn't about relinquishing control. It's about putting the controls upfront, built into the processes.
- The features of self-service provisioning minimize friction among colleagues. Developers don't need to wait for resources. Ops can automate common processes and reinvest that energy into more profitable (or at least fun) endeavors.
- Start small. Adopting self-service provisioning does mean doing things a different way. Don't be afraid to bring in someone to help out.
This article/content was written by the individual writer identified and does not necessarily reflect the view of Hewlett Packard Enterprise Company.