Request a Demo
31 Oct 2024

Announcing Infrahub 1.0 for Infrastructure Data Management

infrahub-10-tile

We at OpsMill are excited to announce the general availability of Infrahub 1.0!

With the release of Infrahub version 1.0, we’re bringing our vision for infrastructure management and automation to even more organizations.

Infrahub provides a powerful source of truth (SoT) for infrastructure teams. It’s built around a user-defined and flexible data schema, unified storage engine, with version control and validation of all data from design through deployment. These innovative capabilities make Infrahub a go-to automation solution for organizations with complex infrastructure.

You can also read our initial announcement blog for more information on why and how we built Infrahub.

Infrahub essentials

Infrahub is a major evolutionary step forward in infrastructure automation. It includes the next generation of source of truth and goes far beyond being a simple SoT to address any organization’s infrastructure management challenges in a new way.

Infrahub 1.0 system architecture diagaram

As its foundation, Infrahub provides users with a version-controlled unified storage engine driven by a completely user-defined schema for the data. This allows the engine to offer structured data and files to match the organization’s unique needs. The version control in the unified storage engine enables infrastructure teams to apply the same concepts in their source of truth as they do today in Git. This includes capabilities for branching, merging, and diffing the configuration and data in Infrahub.

Raw data in a source of truth is valuable but needs more to be a complete solution. For example, Infrahub provides robust capabilities to turn this data into artifacts. Artifacts are rendered configuration files that could be used for network equipment, server configuration, or even Terraform and are created programmatically based on the data in Infrahub and the templates provided by a user.

Another way Infrahub can help organizations get value from their data is by building additional objects in the database based on user-provided templates and logic. These Generators create dynamic objects and allow for complex design-driven automation.

In addition, Infrahub exposes Git-like capabilities for peer review natively and is coupled with a highly capable CI pipeline to allow automated validation and tests of proposed changes. Applying a peer review and CI pipeline process to the data in Infrahub enables organizations to protect the data in their source of truth, and therefore their infrastructure, from unwanted changes.

These features are exposed through an intuitive and easy-to-use web interface, a REST API for system control, and deep GraphQL integration for managing the data stored in Infrahub.

. . . . .

New for 1.0

The above-listed basics of Infrahub (unified storage, version control, peer review, artifact generation, and more) have been implemented for our beta users for quite some time. The significant changes in Infrahub 1.0 focus on the polish and capabilities that our large-scale and demanding enterprise users require.

Single sign-on and user permissions

Early in the development of Infrahub, we consciously decided to focus on the groundbreaking and critical features that make Infrahub a uniquely world-class data platform. As a result, we set aside some standard enterprise features, such as single sign-on (SSO), until later, knowing that they would be straightforward to implement in the system.

As we enter a new era with Infrahub 1.0, we’ve focused on rounding out the enterprise-grade features that our customers require. For example, we added SSO integrations for OIDC/Oauth 2.0 and implemented a robust and granular permissions system. These two features combine to give organizations a level of control that allows them to trust their mission-critical data in Infrahub and bring even closer integration with existing enterprise systems and workflows.

SSO

The new OIDC/OAuth2 capabilities, tested and functioning in the field with many identity providers such as Keycloak, Authentik, and Google Auth, allow organizations to manage their users and groups centrally instead of in the Infrahub UI. Subsequent releases of Infrahub will soon include validated support for additional identity providers and other authentication methods (such as LDAP).

This functionality goes hand in hand with the feature we will discuss next: our new user permissions structure.

Granular user permissions (RBAC)

As users store more data in Infrahub and more teams interact with that data, it becomes crucial to protect it from accidental changes. By implementing a granular role-based permission system, Infrahub allows organizations to prevent unauthorized changes to the data behind critical infrastructure automation efforts.

In the permission structure introduced in Infrahub 1.0, users are added to groups, groups are given roles, and permissions are finally allocated to those Roles. Permissions come in two fundamental varieties: global permissions and object permissions.

The diagram below lays out the relationship between each of these entities. A user can belong to one or more groups, a group can have multiple roles assigned to it, and each role can be granted one or more global or object permissions.

Infrahub RBAC permissions structure diagram

Global vs. object permissions

It’s also worth mentioning the difference between global permissions and object permissions.

  • Global permissions are specific permission sets that can give users system-wide rights to perform particular actions, for example:
    • Editing the default branch
    • Editing permissions
    • Allowing the merging of proposed changes
    • Account management
  • Object permissions are tied to individual objects within Infrahub and control what actions users can take on those objects; examples could include:
    • Allow read-only access to all objects
    • Deny the ability to update tags
    • Allow editing on any object type that starts with DataCenter

For either style, permissions are structured to be robust and granular by allowing complete control over the action, decision, and role of a given permission set (plus the object type for object permissions).

Performance improvements

Our design philosophy at OpsMill has always been driven by long experience as network practitioners or admins in Unix-like systems: Make it work, make it right, make it fast.

In Infrahub 1.0, we focused on the last part: Make it fast.

As our early beta testers began to use Infrahub in increasingly large infrastructures (greater than 50,000 nodes), we expected (and found) opportunities for performance improvements. This was especially true when performing version control actions on large data sets. As a result of the intensive testing, we made dramatic improvements to branch change management.

Infrahub 1.0 has improved how Infrahub computes a difference between two branches, re-bases a branch, and handles the merge. For example, in the “diff” generation for a proposed change, we’ve seen a 30% increase in performance over earlier versions. As a result, the proposed change functionality can now reliably handle much larger data sets for comparison.

These performance improvements are only the beginning of our optimization efforts, but they’ve already improved the experience of Infrahub users of all infrastructure sizes.

Updated UI

While the UI in Infrahub before 1.0 served its purpose well, there was room for improvement. A corollary fourth phrase to our design philosophy might be, Now, make it pretty!

We didn’t just change around some colors or styles. We worked closely with our beta testers and a dedicated user experience professional to ensure that interacting with Infrahub 1.0 would be an experience our users enjoyed.

AD 4nXe43TTUPmUHTLdTGAzrJZ17 y5c2 EWimEmhZGh0gWPeG9tMhZD1e7Mjug31gbR951exP
Infrahub 1.0 UI

We also provided capabilities for complete customization of the navigation menu. We continue to emphasize that Infrahub is a powerful, fully customizable system that meets your organization where it needs to be.

. . . . .

Future Roadmap

This is just the beginning of OpsMill’s journey with Infrahub. We aim to bring its power to organizations worldwide and continue to add innovative and disruptive capabilities.

Shortly, we’ll bring even more performance improvements and features to Infrahub, including:

  • Attribute permissions and metadata permissions will allow even more granular control over the actions a user or group can perform in Infrahub
  • Computed attributes will allow even more dynamic control and generation of the data in Infrahub
  • An enhanced task framework will allow users even more visibility and control over the actions happening inside of Infrahub, from the execution of Generators to the syncing of Git repositories

If you want to learn more about Infrahub, please join us on Discord, star Infrahub on GitHub, or request a demo today!

Brett Lykins

October 31, 2024

REQUEST A DEMO

See what Infrahub can do for you

Get a personal tour of Infrahub Enterprise

Learn how we can support your infrastructure automation goals

Ask questions and get advice from our automation experts

By submitting this form, I confirm that I have read and agree to OpsMill’s privacy policy.

Request Demo

Fantastic! 🙌

Check your email for a message from our team.

From there, you can pick a demo time that’s convenient for you and invite any colleagues who you want to attend.

We’re looking forward to hearing about your automation goals and exploring how Infrahub can help you meet them.