Episode 085: Building Self-Service Cloud Environments | CloudSkills.fm

In this episode we catch up with Ohad Maislish, CEO & Co-founder of env0, and we discuss challenges and solutions for teams that need to manage their own cloud environments in AWS, Azure and Google.

The env0 is platform is built on top of Terraform, so this is a must-listen episode for anyone who is interested in Infrastructure as Code (IaC).

Resources from this episode:

Don’t forget to subscribe to our mailing list at cloudskills.io/subscribe for weekly updates, exclusive training, and advice on how to amplify your career. You can also text me your questions at 1-480-530-8694.

Full Transcript:

Mike Pfeiffer:
All right, everybody. Welcome back to another episode of CloudSkills.fm. I’ve got a really great episode for you today. We’re talking to Ohad Maislish from env0.com. That’s E-N-V-0.com. They’re running a really interesting platform where … I think this is going to be an awesome conversation. Shall we just jump right into it?

Mike Pfeiffer:
Ohad, how are you doing?

Ohad Maislish:
Pleasure being here, Mike.

Mike Pfeiffer:
It’s great to have you on the show because I was looking at your product. It’s really interesting because it’s giving people essentially self service to different cloud platforms. And it’s basically been a challenge for a lot of the customers I’ve talked to over the last couple of years, because getting sandbox access, that’s always something people are freaked out about, and stuff. So I was pumped when I saw your guys’ product, because it looks like you’re targeting all the major platforms and giving people self service access.

Mike Pfeiffer:
Could you explain the product, you guys’ methodology in coming up with this solution, and the problems you’re trying to solve?

Ohad Maislish:
Yeah. Like what you said, we talk about the frustration mainly with developers, but others, that need cloud infrastructure. I’ve actually seen a few of my friends actually resigning from places of work because they waited too much to be able to do their work. Sometimes, often, you need to test what you’re doing. You need to make sure it’s working well. And if you just have static environments shared with other developers, and you’re able to test your code only after you push that to the main branch and then to the static environment, it means that others are doing the same. So it means you have an unstable place to test your code. And if things are not working well, you have no idea if it’s your fault or others, and you wish you had your own local/isolated cloud environment.

Ohad Maislish:
And with the shift to cloud native, some of the resources cannot run on your laptop. Sometimes it’s too much to run things on your laptop.

Ohad Maislish:
You have to have your own cloud environment. If you need to open a ticket to someone and wait weeks, days, or even hours, it’s too much because you need to do it like 10 times a day for different codes, for different versions. You just want to have your own cloud environment and do your work, not waiting for anyone else. That’s all you want to do.

Mike Pfeiffer:
Yeah. It really is true. It’s frustrating when you’re expected to work on these platforms and you can’t really gain access to it. I’ve seen that a couple of times with a couple of our customers where developers, or even operations people, are being pressured to do these projects, and to your point, they have to go through all this bureaucracy to get access. And sometimes they don’t even get the right access that they need. So this is definitely important work. I’m sure it’s been interesting building the platform because you guys are essentially doing a self service cloud provisioning platform, right? So I’m sure you’ve had some interesting stories along the way of running into challenges and stuff.

Ohad Maislish:
Yeah. Absolutely. We often hear the conflict of organizations to decide on what to compromise. You have two options nowadays, and with env0, you can, for the first time, not compromise on any of those.

Ohad Maislish:
So one compromise, it’s like we just talked earlier, it’s to block your developers. If the developers need something, they need to open tickets and wait, which really slows them down. And as we said, it creates frustration and even people quitting their job.

Ohad Maislish:
The other compromise; “Okay, let’s give them free access. Let’s give them right credentials to the cloud account.” But then they can create problematic things. They can create resources that they’re not supposed to create. They can run it for too long. How often do you hear about developers forgetting to shut down unneeded resources, creating too expensive resources, unsecure sources?

Ohad Maislish:
So you have a visibility, predictability and governance problem. Basically you have a management problem on that self-service. So with env0, for the first time, and thanks, by the way to Infrastructure as Code, mainly Terraform, which makes those processes much easier, for the first time you can provide both. You can provide self-service for the developers, and others, like [inaudible 00:04:30], your sales demos that need cloud infrastructure, easily. And you can have the governance that a reasonable organization needs in order to protect itself from such damage.

Ohad Maislish:
So we provide the combination. A lot relevant to cloud cost by the way, which can easily explode.

Mike Pfeiffer:
It makes a lot of sense because I think what you said was right; the governance concerns is what’s slowing people down right now. They don’t know how to do this at scale for all of their employees. “How do we delegate access in a secure way?” And so I really love what you guys are doing.

Mike Pfeiffer:
So what’s the experience like? You sign into a web portal and then if you’re the developer, your experience is kind of like, “You’ve got some templates so you can launch a thing. Now go sign into the AWS console, the Azure console?” Stuff like that?

Ohad Maislish:
Yeah. Basically the DevOps, what we call the admins, need to give env0 two things; they need to give us read access to your already existing Infrastructure as Code, to your already existing Terraform, and similar cloud formation: Python, Bash. Whatever creates and configures your cloud resources. And you set it in a secure and encrypted kind of way, you save the right credentials to your cloud account in env0.

Ohad Maislish:
Then once the user logs in, they get access. According to the permissions the admins gave those people, they get access to do certain actions. For example, “Let’s create my own product on the dev/staging cloud account.” Okay? So I’m able to click a [inaudible 00:06:07], wait 20 seconds, and get my cloud resources matching for my code.

Ohad Maislish:
The same way, by the way, similar to what I do with CLONE. CLONE gives me my code, so env0 now creates the matching cloud resources. I can update my code with Grid update. I can redeploy the updated cloud resources in order to continue to work on my environment.

Ohad Maislish:
So it’s really self service, easy UI, API, CLI, soon Slack bot, to have your cloud resources for your code.

Mike Pfeiffer:
Makes sense.

Mike Pfeiffer:
So when that model … Does that mean then I can spin up a sandbox, so to speak, and then also sign into the Azure portal, the AWS portal? Or am I going through your platform the entire time?

Ohad Maislish:
So usually, in organizations, they give developers read access to your cloud, if any. So with env0, you get the right access in order to provision the cloud resources. And by the way, you don’t need more than that. Because once you create those travel resources with env0, we export you the outputs and whatever you need in order to work with those created cloud resources; it can be the IPs, the DNS entries, the SSH keys. Whatever you need in order to access your cloud resources and basically be able to work.

Mike Pfeiffer:
Right.

Ohad Maislish:
We also automatically provide you actual overtime costs of your environment. That’s what env0 is doing and nobody else is doing. We automatically tag your resources in your code and in your third party code. We do it cohesively and automatically. So we create those tags that are associated to your environment, to your user automatically. You don’t need to take care of the tags. And then you see your costs over time in your environment. So if you change something, you will see an increase. Like you’ve seen with APM products, like New Relic, if you did something stupid and then the application starts to work slowly, you have correlation to the pragmatic deployment. Like a vertical line.

Ohad Maislish:
So same goes here with costs over time, thanks to env0. So you have visibility on how you affect the cloud in your granularity. Not with the entire mass or for everybody else, and you have no idea if it’s your fault or not. With env0, you have the visibility to your exact area. And on the other end, the admin knows how much money you caused the cloud account for how long you’re running.

Ohad Maislish:
And also super useful, to automatically shut down after some time, to leave [inaudible 00:09:03]. So you have a default one day and maximum one month. So by default, if you’re not mentioning other options, you get those cloud resources for one day. Before that day ends, you get a notification, “Listen, you’re about to get destroyed. Do you want an extension?” And you can extend it up to one month. And those parameters, you can configure it as the admin.

Ohad Maislish:
So you have both self service and the flexibility for the admin to provide whatever the users need while having centralized governance and cost optimization for that process.

Mike Pfeiffer:
Yeah. It’s pretty compelling. I was going to ask you about the policy stuff, and if you could kind of time bomb these things, and it sounds like you can, so that’s really cool.

Ohad Maislish:
We have two mechanisms. We have the time bomb. Like the default time to leave and the maximum time to leave. And we also have automatic scheduling. So you can tell, for example, “I don’t need those resources during nights and weekends. And I want them to automatically start during the mornings or early on Monday.” Okay? So the flexibility to use that combination of those two policies, time to leave and scheduling, provides you the ability to really run what you need and not monitor.

Mike Pfeiffer:
Yeah. That’s an extreme amount of value. Especially the cost, because that’s always the biggest wildcard in terms of uncertainty; “How much is this going to cost me?” And it’s easy, like you said, to your point earlier in the episode, to just leave stuff running. I’ve gone to places in the past where nobody knows why something’s running and it’s costing them thousands of dollars a month. And then you dig deep enough after a while and realize that nobody was using it the whole time.

Ohad Maislish:
I can tell you a personal story, and I’m sure most of our audience have the same kind of personal story. I remember like two years ago, I had a services company and I provided some services for different customers. And then I logged in into, if I remember correctly, it was a Google cloud platform. And I just looked at some things there, and then I’ve noticed a few VMs that I created eight months ago, and they were up and running. And I remember I needed those VMs for 10 minutes. I needed to test something, and that’s it. And those VMs were running for eight months. And I was so embarrassed that I caused that. And that’s just one example that I know about. Maybe now I have cloud resources running somewhere from, I don’t know, eight or 10 years ago. I don’t know why that might happen. Who can tell?

Ohad Maislish:
But the cloud vendors have one simple feature; create resources. But who is in charge that those resources are created in the context that makes sense? So that’s what env0, you know, it bridges the gap between the technical layer and the organization business layer to provision resources in a way that makes sense.

Mike Pfeiffer:
Yeah, you’re right. It’s definitely a rite of passage to leave something running for too long. You have to do that before you’re a true engineer, a true cloud engineer. If you haven’t left something running, you haven’t spent enough time in cloud, right?

Ohad Maislish:
You’re just a manager looking at Excel files.

Mike Pfeiffer:
That’s right. I have a similar story where I was presenting at a conference, and I did a demo and just left a bunch of stuff running and immediately went to the party after the demo, and totally forgot. And two months later, came back and realized that it was still there. But I think it’s a common thing that we all struggle with.

Mike Pfeiffer:
But I have to imagine that your team is extremely talented to be able to build all this stuff around these three big platforms. It seems like the platforms are changing all the time, every week. How do you guys keep up with everything that’s going on?

Ohad Maislish:
First of all, thank you for the compliment, but I try not to take credit when it’s not really credit to take. It’s not thanks to env0. It’s thanks to the great thing that is called Infrastructure as Code frameworks. Mainly Terraform. And thanks to the open source community. That’s where we get the capabilities to support the ongoing changes in the cloud vendors.

Ohad Maislish:
So we are like a management layer on top of Infrastructure as Code frameworks, like what GitHub did to git, we are doing, let’s say, to Terraform and other Infrastructure as Code frameworks. So a lot of work is being done by the community, the open source community, such as the Terraform providers. So if a new feature is released for AWS, the Terraform community, for example, will update a Terraform provider for AWS to include those new capabilities. And with env0, we enjoy that.

Ohad Maislish:
By the way, we also have a freemium tier for certain use cases, as small usage. So you can enjoy managing Infrastructure as Code in small scale for free, thanks to env0.

Ohad Maislish:
So again, thank you for the compliment about the team. I do believe it’s a very strong team. But we are not saying to take the credit about the great work of the open source community.

Mike Pfeiffer:
Yeah. You got a point there. The open source community is stronger than ever, and Terraform is insanely cool. I’ve been amazed with the technology and their ability to keep up with the vendors.

Mike Pfeiffer:
And I’m sure that, outside the Terraform conversation though, there’s got to be some battle scars, right? Some war stories? What’s the weirdest thing or biggest problem you guys have run into with trying to handle things in Google, AWS, Azure? Any interesting battle stories there?

Ohad Maislish:
I think we’ve seen a mixture of frameworks. So you have Terraform, or a cloud formation, or Azure Resource Manager, or Pulumi, which is also important to mention, for the provisioning. And you have the configuration management scripts for mostly the UpClear configuration; Chef and Puppet, and obviously Ansible, are very common there. You see a lot of Python, you see a lot of Bash, you see a lot of cloud CLIs, like G-Cloud or AWS CLI. And you see a lot of API calls to so many systems. You see the integration with Jenkins, with CircleCI, with GitHub Actions. All of those.

Ohad Maislish:
So the combination in order to make things work for your company. So we have a lot of great frameworks and a lot of great, great tools. And what env0 is focusing, it’s about how you manage your cloud environments, how you perform the deployments, again, in a self serviced and governed kind of way to make sure you don’t cross any budgets, any cost limits. And you have the ability to update and destroy those resources whenever you want. The same you do with code.

Mike Pfeiffer:
Interesting. So let’s say somebody is interested in working at your company. Obviously they’re going to need to have some serious Terraform skills. And the listeners of this show are always interested to hear what people are looking for in candidates. If somebody was coming to you, looking for a job, what would you be looking for?

Ohad Maislish:
So we’re looking for two different things. So one technical, for developers that want to do hands on developing. We are looking for mainly infrastructure and backend heavy experience; five, seven years at least. And just love doing DevOps product.

Ohad Maislish:
But maybe more interesting to talk with this audience here, is that we’re also looking for what’s called the DevOps Relations Advocate; some person that knows a lot about infrastructure, that knows a lot about cloud, Infrastructure as Code, configuration management. But wants to tell the story, wants to present in front of people, wants to be active on Twitter and social networks, and just want to share information and get feedback from the community. And I’m happy to say that we just got sponsorship on one of the best DevOps weekly newsletters. So devopsweekly.com. We’re now officially with sponsors, and sending a weekly update of what’s new in env0.

Ohad Maislish:
And it’s important for us to be close to the DevOps community. So we’re looking for someone to manage the env0 relations with the DevOps community, mainly around the Infrastructure as Code community. So if you have somebody in the audience that wants to shift from hands-on to being more an advocate, or if you’re an already experienced DevOps advocate that is looking for the next role, it will be our pleasure to get the details.

Mike Pfeiffer:
Yeah. That’s a really interesting career path. Developer relations has really exploded over the last couple of years. That sounds awesome.

Mike Pfeiffer:
And one thing I’m curious about as well, since you guys are so infrastructure focused, I would assume that, in your development processes, you’re doing lots of infrastructure testing. Are you doing that? And how do you manage all of that Terraform code? Because I’m sure people are thinking out there, you know, it’s easy to go do a “Hello world”, demo, but what does an actual company that’s building a product on top of Terraform, how do they manage that?

Ohad Maislish:
Although I’m not leading the R&D in our company, I do know what’s going on there. And one of the things that I’ve seen that is working super great, that we do a combination of two things.

Ohad Maislish:
First of all, most of our infrastructure is AWS Lambda, serverless, which means minimal/zero cost for the developers. Because you pay for what you use, and below 1 million invocations of the Lambda, you barely use and pay for Lambda. And with that, we automatically create, via Terraform, and cloud formation, and env0, we create an environment per each pull request. So developers, for each pull request, we automatically trigger, by the way using GitHub Actions, we trigger GitHub Actions’ users’ env0 API, in order to create a dedicated environment that it’s like a complete env0 product, but with a different URL.

Ohad Maislish:
The URL of env0 product, it’s app.env0.com. But for each pull request, it’s something else.env0.com, something unique. And that helps us a lot with testing, with early product feedback, with developing in teams, if someone needs to collaborate with others and they need to work on the same branch and the same code. So the per-pull-request environment is very, very strong. And the fact that we are serverless means that it doesn’t cost us a thing, because you can keep those environments running for hours and nothing happens.

Ohad Maislish:
So I strongly recommend using those best practices of per-pull-request environments, cheap/serverless cloud infrastructure for development, and then you have such great efficiency, and it’s really fun to see the developers being able to expose and get early feedback of what they’re doing, [inaudible 00:21:22] and quality for their work.

Mike Pfeiffer:
Yeah. Definitely goes back to what you said at the beginning of being able to iterate quickly without having to wait around for people to give you access to stuff, and things like that.

Ohad Maislish:
I think our engineers have a fetish for being efficient, and they try to optimize everything, everything in the process. And for us, productivity, it’s not a feature. It’s one of the things we strongly believe, it’s one of our values. So I think we have the DNA internally to act the same way.

Mike Pfeiffer:
Right. Well, Ohad, this has been an awesome conversation. As we kind of wrap up this episode, is there any resources you want to point our listeners to, that they should check out after listening today?

Ohad Maislish:
Yeah. So first of all, our website, www.env0.com. E-N-V, digit 0, .com. We have, I think, a super interesting blog. We talk about things in Infrastructure as Code, and best practices with development with Infrastructure as Code, and cloud costs, and stuff like that. We also have a very wide communication of what we’re doing, linked from the website, or docs.env0.com. And worth mentioning that we have self service products. So just log in and try the product. You don’t need to leave your details. No need to schedule a demo. Just try it out yourself and enjoy management on top of Terraform, on top of Infrastructure as Code, and don’t care more about forgetting cloud resources up and running for months.

Mike Pfeiffer:
Yeah. Sounds like an awesome plan. So for everybody listening, check the show notes. We’ll leave links to all the resources mentioned. And. I can’t wait to see what happens with the product. I think it’s insanely cool.

Mike Pfeiffer:
Ohad, thanks so much for being on the show.

Ohad Maislish:
It’s been my pleasure, Mike. Thank you for having me.

Subscribe to the CloudSkills Weekly Newletter

Get exclusive access to special trainings, updates on industry trends, and tips on how to advance your career in the tech industry.