Securing Company Infrastructure with Modern Automation Tools

Abstract

This thesis presents the design and implementation of an automated infrastructure using open-source virtualization and Infrastructure as Code (IaC) tools to streamline deployment and management processes. The proposed environment leverages a Proxmox Virtual Environment (PVE) hypervisor for virtualization, with HashiCorp Packer employed to create standardized VM templates. Terraform is used in conjunction with Ansible to provision and configure these virtual machines automatically, ensuring consistency and reducing manual effort. Docker containers host key services, and the Traefik reverse proxy routes external traffic to these services, enabling efficient access management. Security and identity management are integrated into the infrastructure by incorporating Keycloak for centralized authentication and Vault for secure secret storage. The automated pipeline builds the infrastructure from the ground up ranging from base VM images to fully configured services using definition files and scripts, thereby minimizing configuration errors and improving reproducibility. The thesis details the architecture of this automated system, the IaC workflow for provisioning and configuration, and the deployment of critical services within the environment. Finally, it evaluates the solution’s effectiveness in simplifying infrastructure setup and discusses the benefits, limitations, and potential improvements of the approach.