As the need to deploy cloud infrastructure grows, resource management becomes more complex. The ability to maintain the original design in check to avoid architectural drift across several live environments, while keeping open the possibility to add or remove resources as requirements evolve is a challenge faced by every DevOps team.

Luckily, there are tools that help in these efforts providing different approaches like infrastructure as code (IaC) and desired state configuration.

At the XenApp and XenDesktop Service, we started using and contributing to HashiCorp’s Terraform almost a year ago. Terraform is a tool that enables the deployment and management of cloud infrastructure by using simple configuration files. These configuration files can be checked into source control, and taken through proper change management procedures to ensure that the state of the cloud resources is up-to-date with the designed template.

Imagine that you have an application that uses Azure Blob storage, and need to create several environments (Production, Staging and Test) with multiple resources. Each environment should contain of 3 Azure Resources: A resource group, a storage account and a storage container.

If we were to use conventional methods for this requirement like native Azure Resource Management templates or even custom scripts, the process could be prone to human error as proper orchestration is required, and creating and maintaining multiple environments would be a time consuming task.

On the other hand, by using Terraform the process of creating and maintaining the environments is simplified:

  • First, we set up three variable files containing each environment specific information. These variable files are not stored in source control and are kept in a secure location as they can contain sensitive data.
  • Then we set up the Terraform configuration templates files, defining the Azure resources to be created. The same templates will be used for all environments.
  • Finally, after running the Terraform tool we get three identical Azure environments and the corresponding Terraform state files to manage these resources. Every time new configuration is added or removed from the template Terraform will make sure that the resources are deployed and that they match what is specified in the configuration file, keeping the environments adhered to the template.

By using this approach in our cloud services, we have been able reduce deployment and configuration time from several weeks to only days, while keeping homogeneity across the environments. This consistency provides the insurance that we will not encounter any bugs related to environmental variables, optimizing test and release time. Also the task of creating new development environments is as simple as creating a new variable file and applying the configuration.

Our Terraform configuration is checked into GIT, where it follows a workflow that includes branches, pull requests and code reviews, this process ensures that the configurations are correct before they are applied to the real infrastructure. We have also written wrappers around Terraform to simplify its utilization for our specific use case; managing multiple variable files and retrieving them from secure storage in real time, making sure that sensitive information is kept safe and separated from the infrastructure code. The same secure treatment is given to the Terraform state files.


Every time we run Terraform’s plan command the tool verifies that all resources are in a good state, and any missing resources or manual changes are highlighted to be normalized using the base template. Because of this Terraform can also be used as a method of extreme disaster recovery; if some component or even an entire region is compromised, the environment can be recovered by changing the location variable and rerunning the Terraform configuration.

Currently our largest Terraform deployment consist of 154 Azure resources ranging from Virtual Machines, Scale Sets, Load Balancers and Netscaler Gateways, replicated in 4 different deployments, all in a highly available and scalable configuration.

We plan to continue leveraging this tool and to keep contributing to the Terraform community, as we make use of it in our daily processes. We will keep you posted on any new developments.