In an exclusive interview with VMblog, Joe Duffy, CEO and co-founder of Pulumi, reveals the company's groundbreaking vision for the future of cloud infrastructure. As Pulumi celebrates its 4th annual PulumiUp conference, Duffy introduces the concept of the "Intelligent Cloud," a revolutionary approach that combines AI, automation, and human expertise to tackle the growing complexities of multi-cloud environments.
The interview dives into Pulumi's latest innovations, including the general availability of Pulumi ESC (Environment, Secrets, and Configuration) and the preview of Insights 2.0. These advancements promise to transform how organizations manage, secure, and optimize their cloud resources. Duffy also sheds light on Pulumi's evolution from an Infrastructure-as-Code leader to a comprehensive platform driving the future of cloud operations.
VMblog: Before we dive into the news you're announcing today, historically Pulumi has
been known as one of the Infrastructure-as-Code (IaC) leaders in the
marketplace. For our readers that are fuzzy on the meaning of Infrastructure as
Code and what Pulumi does, could you explain?
Joe Duffy: Infrastructure as Code, or IaC, is a modern
approach to managing and provisioning cloud infrastructure through code rather
than manual processes. At Pulumi, we've taken this concept a step further by
allowing developers to use familiar programming languages to define and manage
their cloud resources.
Using Pulumi, end users describe their entire
cloud infrastructure - from servers and databases to networking and security
policies - using languages they already know, such as Python, TypeScript, Go,
C#, or Java. Pulumi then automates the full infrastructure lifecycle for them.
What sets Pulumi apart is our ability to
leverage the full power of programming languages. This lets us stand on the
shoulders of giants - tapping into amazing developer experiences, tools, and
ecosystems - and brings software engineering practices to infrastructure
management. This includes version control, testing, refactoring, and
automation, while enabling end users to leverage rich language facilities -
such as loops, functions, and classes - making it easier to scale and maintain
complex cloud environments. Pulumi works across over 170 public, private, and
SaaS cloud providers, enabling true multi-cloud and hybrid cloud strategies.
VMblog: Today at your 4th annual PulumiUp conference, you've made a few important announcements and unveiled a new vision
for AI powered cloud infrastructure. The first is announcing the general
availability of Pulumi ESC? What is Pulumi ESC and how does it benefit users?
Duffy: Pulumi ESC stands for Environment, Secrets,
and Configuration. It is our solution to the growing challenges of secrets and
configuration management in complex cloud environments. We've seen incredible
organic adoption of ESC while in beta, and it is now generally available.
In today's fast-moving cloud landscape,
security needs to be front and center. Yet, many organizations struggle to keep
their most sensitive information secure, especially when scaling and empowering
developers to move fast. This includes cloud credentials, passwords, API keys,
and certificates. ESC was designed to enable teams to move faster without
compromising security. We like to say that ESC enables "the security pit of
success" - security is automatic.
Pulumi ESC was designed around a novel concept
of an "environment" which is a logical container of related secrets and
configuration. You define an environment by grouping its related configuration
and settings keys/values together. This environment is then versioned together
atomically, allowing smooth migration between configurations, in addition to
tagging, full history complete with diffs, and auditing of changes.
Environments are also the unit of access control. Environments benefit from the
same Pulumi Cloud identity features that IaC does, including RBAC, Teams,
SAML/SCIM, and scoped access tokens. Environments are also composable, and can
be organized into projects, centralizing configuration and eliminating sprawl.
ESC enables security best practices
seamlessly. Pulumi ESC supports static secrets with rich encryption and
controls, however, dynamic, short-lived credentials are the default and easier
to use than any other product. Pulumi ESC connects to credential providers via
OpenID Connect (OIDC), allowing it to provide such credentials on demand. This
ensures secure, just-in-time access and reduces the risk associated with
long-lived credentials being compromised.
As organizations grow, secrets stores
have a habit of proliferating. A single team might keep secrets in AWS Secrets
Manager, Azure Key Vault, HashiCorp Vault, 1Password, and perhaps even GitHub.
Pulumi ESC consolidates this scattered landscape. It pulls and synchronizes
secrets and configuration data from all the popular secrets stores-including
those mentioned above. It is then effortless to use these secrets securely
wherever they're needed, including any application, tool, or CI/CD pipeline.
Whether you're using the CLI, API, Kubernetes operator, Pulumi Cloud UI, or
coding with Node.js, Python, or Go SDKs, Pulumi ESC has you covered.
VMblog: Pulumi is also announcing the preview of Insights 2.0 today. What is Pulumi
Insights and what new features and benefits are included in Insights 2.0?
Duffy: Pulumi Insights delivers full visibility
into an organization's cloud assets with intelligent management. Previously
this was limited to infrastructure provisioned by Pulumi IaC, however, with
Insights 2.0 we're taking this to the next level by providing a comprehensive
view of an organization's entire cloud infrastructure, regardless of how it was
provisioned. That means Insights works if you've used Terraform, AWS
CloudFormation, ARM, or even ClickOps.
It begins with an asset inventory. Pulumi
Insights already understands any resources provisioned by Pulumi IaC, but for
the rest, you point Pulumi Insights at your cloud accounts and Kubernetes
clusters, with secure access configured with Pulumi ESC, and Pulumi builds an
inventory of all cloud resources and their configurations, complete with
inferred dependencies. We call this the Pulumi supergraph and as soon as it's
connected, you get rich navigation with pivot-tables, reporting and dashboards,
policy as code thanks to Pulumi CrossGuard, and intelligence because Pulumi
Copilot automatically understands all of it.
The key features and benefits of Insights
2.0 include:
- Complete visibility: It imports and continuously syncs every piece
of cloud infrastructure, even resources not provisioned by Pulumi,
delivering a holistic view of your cloud environments.
- Intelligent
modeling: Insights 2.0 builds a model of infrastructure relationships and
tracks changes over time, providing a deep understanding of how resources
interact and evolve over time.
- Compliance
and security enforcement: All cloud resources are scanned for company
policies and security best practices, powered by Pulumi CrossGuard,
complete with automatic remediations of policy violations.
- Cost
optimization: By understanding cloud usage patterns, Insights 2.0 helps
organizations discover potential cost savings through identification of
cloud waste.
- Enhanced
efficiency and reliability: By providing a complete picture of the cloud
environment, Insights 2.0 drives better decision-making, leading to
improved efficiency and reliability across all cloud assets.
- AI-powered
analytics: Leveraging artificial intelligence, Insights 2.0 can provide
predictive analytics and intelligent recommendations for optimizing cloud
infrastructure.
- Better together with IaC: Report on which IaC tools are managing
which resources - or are completely unmanaged - and bring them under the
control of Pulumi IaC with the click of a button.
Insights 2.0 is a game-changer for
organizations struggling with the complexity of their cloud environments. It
provides the visibility and intelligence needed to make informed decisions,
optimize resources, and ensure compliance across all cloud assets.
VMblog: In
today's PulumiUp conference keynote, you laid out an important vision for
Pulumi called the Intelligent Cloud, which is anchored around AI-powered cloud
infrastructure. Can you expand on what that means?
Duffy: The Intelligent Cloud represents our
vision for the future of cloud operations - a future where AI and automation
work hand-in-hand with human expertise to manage increasingly complex cloud
environments.
At its core, the Intelligent Cloud is
about leveraging the power of AI to automate, secure, and manage all aspects of
cloud infrastructure. This vision is realized through three key components.
Pulumi IaC (Infrastructure as Code)
We're enhancing our existing IaC
capabilities with AI to automate cloud infrastructure management. This means
leveraging generative AI alongside traditional programming languages to create
more intelligent, adaptive, and self-optimizing infrastructure.
Pulumi ESC (Environment, Secrets, and
Configuration)
This component brings AI-powered security
to cloud operations, providing intelligent secrets management that adapts to
the organization's needs and automatically enforces best practices.
Pulumi Insights
With AI at its core, Insights provides
deep analytics and predictive capabilities, helping organizations understand
their cloud usage, optimize costs, and proactively address potential issues.
The Intelligent Cloud is designed to
address the unprecedented challenges that cloud developers and operations teams
face in managing complex, multi-cloud environments. By combining AI with our
expertise in infrastructure as code, we're aiming to:
- Democratize access to the cloud by
making it easier for teams of all skill levels to manage complex
infrastructure.
- Enable more effective
collaboration between developers, infrastructure teams, and security
professionals.
- Provide built-in automation that
adapts to changing conditions and requirements.
- Offer predictive insights that
help organizations stay ahead of potential issues and optimize their cloud
usage.
- Ensure security and compliance are
baked into every aspect of cloud operations.
In essence, the Intelligent Cloud is
about making the cloud work smarter for organizations, allowing them to focus
on innovation and business value rather than getting bogged down in the
complexities of cloud management.
VMblog: You
have some great presenters lined up at the PulumiUp conference today. Can you
list some? Also, if our readers aren't able to attend the virtual conference
today, will these interviews be available on demand at a later date?
Duffy: Absolutely! We're thrilled with the lineup
of speakers at this year's PulumiUP conference. We have industry leaders and
innovators from a wide range of companies sharing their insights on building
and scaling on the cloud through Infrastructure as Code, Platform Engineering,
and AI.
In addition to general industry topics, we'll
also hear many end user stories about how teams have adopted Pulumi, including
BMW whose CodeCraft platform leverages Pulumi to power cloud-connected car
innovation at scale. Other notable speakers include JPMorgan, AWS, Google
Cloud, Docker, and SAP, among others.
We understand that not everyone can
attend the live event, so all the sessions, including keynotes and panels, will
be available on-demand after the conference. Everyone, including anyone who
couldn't make it to the live event, will be able to access all the content
after the conference. To learn more, sign up for the event or Pulumi
newsletter, or check out our website after the event.
We believe the insights shared at
PulumiUP will be valuable for months to come, so we want to ensure that as many
people as possible can benefit from the knowledge and experiences shared by our
speakers. We hope you enjoy the conference and learn something new!
##