Making Progress With Infrastructure As Code


It has been almost two years since infrastructure software maker Progress Software spent $220 million to buy Chef, the open source automation tech vendor Chef that was helping to fuel the “infrastructure as code” trend. The deal enables Progress to push deeper into the DevOps and DevSecOps space with a company that over a dozen years had raised more than $100 million, collected more than 700 customers, and created a business model where more than 95 percent of its revenue was recurring.

In a cloud-centric and increasingly services-based IT environment, all of that made Chef an attractive acquisition target. And as we noted earlier this year, when Perforce acquired Puppet Labs, such deals highlight the long-held attitude of hyperscalers, cloud builders, and other service providers that everything in the datacenter should be software-defined so IT configuration and management can be automated to drive down costs and drive up efficiencies.

The purchase of Chef by Progress Software came as others also saw the need to add automation and infrastructure-as-code to their evolving software stacks to adapt to the cloud, DevOps and the “shift-left” trend push to move testing and security to the earlier stages of software development. IBM in 2018 bought Red Hat for $34 billion, three years after Red Hat had acquired Ansible for $100 million. VMware bought SaltStack around the same time of the Progress-Chef deal and in May Perforce Software closed its acquisition of Puppet Labs.

HashiCorp also is still out there on its own in this rapidly changing space, building out its portfolio and going public.

All of this indicates the trend toward infrastructure-as-code continues to gain momentum, according to Prashanth Nanjundappa, vice president of product management at Progress Chef. It’s taken off, and Progress – with Chef – is steeped in one of the two key facets of infrastructure-as-code, Nanjundappa tells The Next Platform. The first is provisioning, which is done by others – HashiCorp and its Terraform technology, for example, or the cloud providers, including Amazon Web Services with CloudFormation service, Microsoft Azure with ARM (Azure Resource Manager) and Google Cloud (Resource Manager).

With Chef, Progress’ focus is on the second narrative, configuration management, which is becoming even more important with enterprises’ adoption of containers and the Kubernetes orchestration platform increasingly mingling with the virtual machines that organizations have had in place for years.

“If I go back maybe ten years ago, that’s where Chef and Puppet started,” he says, adding that enterprises are adding containers to the mix rather than replacing VMs with them. “At that point, containerization – containers, Kubernetes – these were very, very nascent. Those things – containers and serverless – tend to form an immutable architecture. Things change, but you don’t go and meddle with what is deployed.”

Over the past several years, organizations have embraced successive levels of abstraction, starting off with VMs as their core computing units. Now containers – more lightweight and easier to manage – are muscling their way into the architecture, particularly among more established enterprises, Nanjundappa says. Among the growing numbers of cloud-first companies, containers and serverless architectures tend to be the starting point.

“Although we see of a very clear trend of organizations adopting containers and serverless architectures, there is still a huge amount of global spend happening on virtual machines,” he says. “It’s not going to go away any time soon. But also, Kubernetes and containers aren’t a silver bullet. There are so many areas which cannot diverse, so even for organizations not having to have a cloud locked in, or there are certain use cases, especially on the edge and lightweight deployment instances, then Kubernetes and containers are extremely heavy. For these reasons I think VMs are going to stay around.”

Chef customers like Salesforce, Facebook, Slack, and Uber still use virtualization technology, and their use is growing. While cloud-first companies that are born using containers and Kubernetes may not need much configuration management, there is still a huge pool of customers with histories of using VMs while also adopting containers. To them, configuration management is key.

“Then there are instances that come out on that, which is compliance, security, and those are the reasons which become important for organizations like Progress, with Chef and Chef configuration management and continuous compliance, and we can focus our investment and make sure that we grow the company by addressing our customer needs and similar customers’ needs who are in that segment.”

Progress is looking to build out the capabilities of the Chef automation framework in the cloud world. The company in May launched Chef Cloud Security, giving DevSecOps teams a single policy-as-code platform that includes security controls for both multicloud and on-premises IT environments as well as compliance policies.

Nanjundappa says among the key capabilities is enabling organizations to codify their policies around security and compliance, which is becoming more important in a distributed IT model that reaches from the datacenter out to the cloud and edge. The Chef security platform is helping “organizations in implementing this policy much farther in the development cycle, helping them identifying the risks early on. This is kind of the shift-left phenomena. You have continuous compliance and also you get alerted whenever a new entity comes in the system which does not have the policy. That’s one of our differentiators.”

Progress chief executive officer Yogesh Gupta, on a call with analysts about the company’s second quarter financial numbers, noted the release of Chef Cloud Security, saying that “this product builds on our commitment to deliver a unified and scalable platform that enables our clients to accelerate the delivery of secure and compliant application releases in any kind of environment.”

At the same time, the vendor made other enhancements to Chef, including the Progress Chef InSpec security and compliance mechanism. There is new data source and host support to make it easier for enterprises to use the same DevOps practices to manage new assets, expanding benchmark profile coverage for AWS, Azure and Google Cloud with service and resource templates, and automated creation of code, test and documentation artifacts.

There also is policy-as-code for security and compliance as part of the Chef Enterprise Automation Stack, enabling DevOps workloads to combined infrastructure configuration processing and compliance audits and to ensure high availability. Progress has been working on the policy-as-code aspect for the last two years, Nanjundappa says.

“That has given us a clear understanding of some of the challenges mid-sized to large companies face, especially when cloud adoption is growing,” he says. “If you’re big, if you look back five or six years ago, it was hard. To get on any software you had to purchase, you had to go through a CIO, you had to go through vendor management process and all those things to get a software license to do a developer and then for them to use it there was auditing and other things. But cloud has changed that phenomenally. What has happened is almost every developer has their own access to AWS. They go to this AWS console, Azure console, and then they pick products which they want to use. From a CIO perspective, they have given the OK for AWS or Azure, but there are so many services under that, they have no freaking clue what is needed. This has created chaos in large organizations, including organizations like Progress. Progress does acquisitions. We integrate companies in our portfolio and also teams here are using multiple services. A CISO goes crazy when they look at the amount of potential problems and then they find this policy. These are the software components that they will be using and for this thing, you have to have a policy.”

In its earlier years, Progress helped build its capabilities through a steady series of acquisitions between 2002 and 2014. After a five-year break, the company in 2019 bought IT management software maker Ipswitch before buying Chef a year later. Last year, Progress bought Kemp, a load balancing company.

In his talk with analysts, Gupta said the acquisitions are key to expanding what Progress can do across all environments.

“We have acquired products like Chef, which are truly relevant in this modern cloud DevOps space, because of deployment and configuration management and secure infrastructure scalability,” he said. “When you look at what we have acquired with Ipswitch and Kemp around observability and high availability, and delivering performance and making sure that the infrastructure continues to perform well, resilience to failures, and those kind of things, those offerings are much more relevant today. But then again, all those offerings are also applicable not just on-prem but to cloud.”