Nutoma is a platform that automates the management of IT infrastructure and services. Our long-term ambition is spelled within our name: making IT a commodity. We foresee a future where a business can deploy, manage and use IT services without having to worry about the technicalities. Just like a photographer can use a laptop to manage his pictures without having to be a specialist in file systems, memory management or network security.
We are not the first one to build an IT automation tool. In fact, the whole purpose of IT is to automate something, from financial transactions to genome research, and… IT itself. There are many open source tools, enterprise suites, and even web services that attempts to automate the various processes used to manage IT infrastructure and services. Yet, we believe that none of these tools achieve the vision spelled above, and that a new approach is required.
Before detailing further our key differences, it is therefore required to better define what we mean by IT Automation. A complete IT infrastructure typically comprises four kind of resources: facilities (e.g. building, power, cooling, …), networking (e.g. physical links, switches, routers, etc.), storage (e.g. san, nas) and computing units (e.g. physical servers, virtual machines, personal computers, mobile devices). All these resources require some efforts to deploy, configure and manage. Within Nutoma, we focus on the latests, and especially the management of servers.
The resource management layer takes care of managing the physical or virtual machines (whether on a local hypervisor or in the cloud). In the case of virtualization, it takes care of reserving the resources on the platform, managing the machine lifecycle (start/stop/pause) and attaching the machine to external resources (storage, networking).
The provisioning layer takes care of deploying the host operating system, applications and their configurations. It turns a raw resource into an actual server respecting a set of requirements.
The configuration management layer takes care of updating the configuration of a host throughout its lifetime. Configuration includes installing/removing applications or changing a configuration setting on an installed application.
The command and control layer takes care of executing and coordinating ad-hoc scenarios on one or multiple hosts, going beyond the scope of configuration management. Scenarios like application deployment, server migrations, scaling, etc.
Now that we have defined the scope of our tool, we can highlight how we conceptually approach the automation of these processes. We quickly summarize our key concepts below, but encourage you to read the chapter ‘Fundamental Concepts’ to fully understand their implications.
Nutoma is part of a new generation of automation tools that uses a descriptive approach, in place of a script & workflows approach. Instead of executing opaque scripts, the platform can actually understand which resources are required on the target host. This means that the user focus on describing the state in which he wants the system and let the platform figure out the best way to bring (convergence) and maintain (compliance) the system in the given state.
Using the descriptive approach together with the integration of the various processes allows Nutoma to have a centralized database containing the complete description of the required infrastructure. This avoid having to duplicate knowledge between a resource management tool, a provisioning tool, etc. The system state acts as the blueprint of the infrastructure and can be used to redeploy the complete infrastructure whenever needed.
Using a centralized tool like Nutoma instead of SSH to manage a host enable features like fine grained access control, auditing, compliance, etc. This guarantees that the system state is always an up-to-date description of the infrastructure and that nothing slipped through the back door. We also believe that a well designed user interface can enable to do more tasks and faster. Taking all this into account, we believe that users can soon say that SSH is deprecated.
Nutoma is built around a client – server – agent architecture. This architecture is often seen in IT Automation tools, having a centralised place to interact with the user, and coordinate actions on multiple hosts, together with an agent running on the managed hosts. The difference between IT Automation tools often lies in the subtle balance between what is done in the central server and what is delegated to the agents.
Within Nutoma, our design philosophy has been to keep all the decision making and orchestration centralized while delegating to the agents the knowledge of their platform, abstracting resources and operational details.
The Nutoma orchestrator maintains the system state in a database, expose a client API to manipulate the system state, and send commands to machine agents to keep the infrastructure in sync with the state.
While some automation tools rely on protocols like SSH to connect to the managed hosts, we have decided to use an AMQP messaging bus to link the orchestrator to its machines. This provides us with various benefits such as always on connection, realtime notifications and feedback, queuing, auto-discovery of hosts, firewall traversal and more.
The machine agent is lightweight daemon running on the managed host and connecting to the Nutoma orchestrator over a messaging bus. This agent exposes the various resources of the machine, organized into collections (files, packages, services, users, …) with a RESTFul approach. These resources can therefore be manipulated to change their state on the host, while new resources can be easily added.
The managed resources are described in JSON messages, in a platform agnostic way. This means that they are abstracted from the underlying operational differences between platforms. For example, if you want to add a package on a host, just add a package resource to the package collection, specifying the package name in the JSON payload. The agent will figure out how the package should be installed (e.g. picking between yum, apt, zypper,… depending on the platform).
The orchestrator can manipulate the resources on the managed host through the agent API by adding or updating resources within collections exposed by the agent. When processing these requests, the agent takes all required operational actions to bring the resource in compliance with its description, but it also stores the resource description in a local storage and monitor the actual resources for compliance with their initial description.
The client API exposed by the orchestrator is REST based with a JSON messages. It is well documented and can be used to integrate Nutoma with third party products and to build different clients supporting specific user needs (e.g. a self-service IT portal). It can also be used to orchestrate complex scenarios (either directly invoking the API or using a helper library).