Skip to main content

Entigo Platform and Infralib Introduction

Entigo Platform is an infrastructure management solution designed for security-conscious organizations who run containerized applications on public clouds but don't have the resources of a large enterprise to build and maintain infrastructure tooling in-house. It enables you to set up a production-ready infrastructure platform fast and keep the maintenance workload under control.

While cloud providers need to build services that meet the requirements of organizations of all sizes, their offering is essentially a collection of components. It is up to the user to assemble a usable infrastructure platform that is fit for their organization from these components. Entigo Platform provides an opinionated configuration on top of public cloud services for containerized workloads in security-conscious organizations. Entigo Platform is rooted in open source and favors open-source components, mostly from the Cloud Native Computing Foundation, as building blocks. This makes the platform as cloud-agnostic as reasonable, without sacrificing differentiated value provided by each cloud vendor.

Drawing 1 - high level overview of Entigo Platform

Entigo Platform is composed of two parts:

  • Workspaces are where your applications and data live. These are dedicated AWS accounts, Azure subscriptions or GCP projects on your cloud infrastructure. Workspaces are managed by Entigo Infralib, an open-source project for infrastructure lifecycle management.
  • Control Plane is a central solution that provides shared services to multiple workspaces, enabling cross-workspace resource efficiency, transparency and governance.

What is Infralib

Infralib is an open-source platform distribution — think of a Linux distribution or Homebrew for cloud infrastructure. It enables cloud infrastructure provisioning and lifecycle management for the open-source applications that make up your infrastructure platform. Just as a Linux distribution comes with an installer, a package manager, and a pre-tested set of application packages ready to work together, Infralib consists of an Infralib agent that fills the package manager and installer role, and Infralib modules — a curated set of pre-integrated and tested cloud-native infrastructure applications.

In addition to package management, Infralib simplifies configuration management. Instead of manually wiring configuration output from one component as input to another, the Infralib agent connects modules automatically. When you enable one module, others that depend on it are configured to work with it out of the box — similar to how dependency injection works in programming frameworks like Spring Framework. For example:

  • If you enable AWS KMS for disk encryption, it is automatically used by Kubernetes to encrypt all Persistent Volumes — no manual configuration necessary.
  • When you provision your VPC with Infralib, subnet data is automatically injected into EKS module configuration — no need to manually specify which subnets are used for worker nodes.

Why Infralib matters for daily operations

Infralib provides value at both initial setup and daily maintenance:

  • Fast initial setup — there is no need to manually write infrastructure code and configure components to work together. We have seen IaC codebases reduced by 88% compared to environments that don't use Infralib.
  • Continuous security updates — keeping infrastructure CVEs under control requires constant attention. On average, we release 4 updates per week — each developed and tested before release. Without Infralib, your team would need to develop, test, and roll out each of these updates internally — a significant ongoing time investment. With Infralib, you receive tested updates and only need to apply them to your workspaces, freeing your team to focus on product work.
  • Evolving capabilities — since Infralib is constantly evolving, you benefit from new features and capabilities without having to invest in infrastructure development yourself.

Control Plane vs Data Plane separation

Entigo Platform builds on the control-plane and data-plane separation concept. Data-plane consists of services that are in operational use by your applications and impact service availability to your end users. Control-plane components enable centralized changes to service configuration, but when unavailable, the services themselves continue to work — there is no downtime for your end users. Individual workspaces can still be managed directly through Infralib.

Workspaces are your data planes. They are managed with open-source Infralib and run on your cloud infrastructure — 100% under your control. The control plane is a central managed service that makes it easier to orchestrate multi-workspace environments, but it is not mandatory. Many customers use only Infralib and manage each workspace as an individual stand-alone unit.

Entigo Platform for holistic coverage

Entigo Platform resolves the transparency and central coordination challenge. How to reduce workload associated with maintaining many workspaces, how to share services that are not cost effective to deploy to each workspace, how to understand cloud costs across the organization and report compliance with regulatory requirements.

  • Infrastructure orchestration — centrally deploy, manage and govern workspaces on your cloud and multi-cloud infrastructure.
  • Observability — central metrics, logs, tracing and visualization services for all teams. Make use of curated and pre-built dashboards and reports, or define your own. No need to build, implement and maintain complex observability infrastructure.
  • Vulnerability management — in addition to build-time vulnerability scanning, Entigo Platform makes it easy to monitor and discover newly disclosed CVEs in applications already running in your infrastructure. You can declare exceptions and mark CVEs as non-applicable to keep the report clean.
  • Policy and governance — benchmark and report on compliance with regulatory technical requirements and organizational rules. A single view across your entire infrastructure.
  • FinOps — make cloud costs visible to every product team. Teams can drill down and analyse the costs to find optimization opportunities and make cost-effective architecture decisions. Cost distribution reports make it effortless to allocate costs to the right cost center in your financial management system. Both teams and finance work off the same data.

Although there are tools available from different vendors for each of these challenges, they are typically targeted at large enterprise organizations — with enterprise price tags and time-consuming integration projects. Entigo Platform addresses the common requirements that security-conscious and regulated organizations face and provides a pre-integrated set of capabilities. You get the cross-concern view without having to invest in different tools and lengthy integration and implementation projects.

Enterprise tooling without vendor lock-in

Entigo Platform is designed so that your infrastructure remains yours. Workspaces run on your cloud accounts using standard open-source components. The control plane adds operational convenience — observability, cost management, vulnerability tracking, governance — but your workloads have no runtime dependency on it.

If you decide to stop using Entigo Platform:

  • Your workspaces keep running. They are on your cloud infrastructure and continue to operate without interruption.
  • You can continue using Infralib. As an open-source project, Infralib remains available to manage your workspaces. You retain the infrastructure code and can continue to apply updates from the open-source release.
  • You lose access to the control plane. Observability, FinOps, vulnerability management and governance dashboards are part of the managed service and are no longer available.
  • You lose vendor support. While updates continue to be published to the open-source Infralib release, customer-specific use cases may be dropped from test suites. In case of issues, you would need to maintain deep technical expertise in-house to operate and troubleshoot the infrastructure independently.

In short — you get the benefits of enterprise-grade managed tooling while retaining full ownership of your infrastructure and the freedom to walk away.