Vates VMS

DevOps Tools #1 - Infrastructure as Code: Principles and practice

Infrastructure as Code is more than automation! Learn how Vates VMS lets you manage virtual machines, networks, and storage with version-controlled, repeatable workflows.

Clément Schilling

5 min read
DevOps Tools #1 - Infrastructure as Code: Principles and practice

Infrastructure as Code (IaC) has fundamentally changed how modern infrastructure is designed and operated. What started as a cloud-driven practice is now a standard across public cloud, private cloud and on-prem environments.

At its core, Infrastructure as Code means that infrastructure is defined, provisioned and managed using version-controlled configuration files rather than manual operations.

This shift is not just technical. It changes how teams collaborate, review changes, audit systems and scale environments.

What Infrastructure as Code actually means

Infrastructure as Code is often reduced to “using Terraform instead of clicking in a console”. That description is incomplete.

IaC is built on three foundational principles:

  • Infrastructure is described declaratively or programmatically
  • Configuration is stored in version control
  • Changes are applied through repeatable, automated workflows

Instead of manually provisioning virtual machines, networks or storage, teams define their desired state in configuration files. These files are committed, reviewed and applied using automation tools.

💡
Infrastructure as Code is not just automation
It is the practice of defining infrastructure in version-controlled files and applying changes through controlled, repeatable processes.

Declarative vs imperative approaches

IaC tools generally follow two models.

Declarative tools describe the desired final state. The tool determines how to reach that state.
Terraform documentation is a widely referenced example of this model.

Imperative tools define the sequence of operations required to reach a given state. Traditional scripting approaches typically fall into this category. In many environments, imperative scripting tools such as PowerShell remain essential for operational tasks, automation routines or system-level configuration.

More recent tools such as Pulumi combine declarative state management with general-purpose programming languages, allowing infrastructure definitions to be written in TypeScript, Python or Go.

In practice, most environments combine these approaches. Provisioning is often declarative, while configuration and orchestration may include imperative logic.

Why IaC became the default

Infrastructure as Code became mainstream because it solves structural problems.

Reproducibility

With IaC, environments can be recreated reliably. Development, staging and production can share consistent definitions, reducing configuration drift.

Version control and traceability

Infrastructure definitions are stored in systems such as Git, allowing teams to review changes via pull requests, audit historical modifications and revert safely when needed.

Automation and scalability

Provisioning a single machine or an entire cluster becomes a matter of applying configuration files. Scaling becomes predictable rather than manual.

Collaboration

Infrastructure changes follow the same workflow as application code. Developers and operations teams can collaborate through shared review processes.

IaC beyond the public cloud

Although IaC is often associated with hyperscalers, the underlying needs it addresses exist everywhere.

Private datacenters, hybrid infrastructures and sovereign environments also require reproducibility, auditability and automation. In fact, hybrid infrastructures make IaC even more critical. When workloads span cloud and on-prem systems, consistency across environments becomes essential.

The challenge is ensuring that the same Infrastructure as Code discipline applies to every layer of the stack, including virtualization.

The limits and misconceptions of IaC

Infrastructure as Code is not a universal solution.

State management in declarative systems can introduce complexity. Large environments require disciplined handling of state files and dependencies.

There is also a risk of overengineering. Small infrastructures do not always require elaborate pipelines.

Most importantly, IaC is cultural as much as technical. Without review processes, CI/CD pipelines and operational discipline, IaC degrades into unmanaged configuration files.

💡
Infrastructure as Code is a discipline, not just a tool
Without version control, peer review and automated pipelines, IaC does not deliver its intended benefits.

Where virtualization fits in

Virtualization remains a foundational layer in many infrastructures, particularly in private and hybrid environments. Applying Infrastructure as Code to virtualization means managing:

  • virtual machines
  • networks
  • storage resources
  • templates and images
  • lifecycle operations
💡
Image creation and template standardization can also be automated using tools such as Packer, allowing reproducible virtual machine images to be generated before provisioning.

Historically, some on-prem virtualization platforms did not integrate easily with modern IaC tooling. That gap is closing.

Modern stacks such as Vates VMS expose APIs and integrate with standard tools such as Terraform, OpenTofu and Pulumi. An overview of the DevOps integrations available within Vates VMS is available here:

DevOps tools
Automate and scale infrastructure with IaC: consistent, cost-effective, version-controlled deployments using Pulumi, Terraform, Packer, Ansible, PowerShell, our Go SDK, or deploying Kubernetes clusters with Pyrgos.

This integration relies on well-documented APIs that allow infrastructure to be managed programmatically.

REST API | Xen Orchestra | XO Documentation
We originally developed our existing API to be used between the Web UI xo-web and the server backend, xo-server. That’s why it’s a JSON-RPC API connected via websockets, allowing us to update objects live in the browser. This is perfect for our usage, but a bit complicated for others.
Xen Orchestra Documentation

This allows virtualization resources to be managed within the same Infrastructure as Code workflows as cloud infrastructure.

💡
Virtualization is not excluded from IaC
Virtual machines, networking and storage can be managed using the same Infrastructure as Code principles as cloud resources.

Infrastructure as Code as an operational model

IaC is not just about tools. It is about how infrastructure is treated inside an organization.

When infrastructure definitions are stored in Git, reviewed via pull requests and applied through CI/CD pipelines, operational changes become predictable and auditable.

This reduces dependency on individual administrators and improves resilience at the organizational level.

Infrastructure definitions become part of the engineering workflow rather than isolated operational artifacts. This aligns with broader engineering principles such as those described in the Twelve-Factor App methodology.

The Twelve-Factor App
A methodology for building modern, scalable, maintainable software-as-a-service apps.
Adam Wiggins

Looking ahead

Infrastructure as Code defines how infrastructure is provisioned and maintained. On top of that infrastructure, modern applications increasingly rely on container orchestration.

Kubernetes has become a standard layer in many production environments. Running Kubernetes efficiently requires reliable virtualization, strong integration and proper support at the infrastructure level.

In a following article, we will explore how Kubernetes is supported within Vates VMS: running clusters inside virtual machines, integrating with a Cloud Controller Manager and CSI driver, and simplifying deployment for teams operating hybrid infrastructures.