Frequently Asked Questions

Fugue Basics

Let’s begin by answering a few of the core “what” questions to explain the nature of Fugue.

What’s Fugue?

Fugue is regulatory compliance and corporate policy automation software for enterprise cloud operations and DevSecOps teams. It builds, operates, and terminates cloud infrastructure and services and automates the continuous enforcement of declared infrastructure configurations. Fugue completes the DevOps workflow by automating cloud lifecycle management via enforced and versionable infrastructure as code. Fugue is a single source of truth and trust for the cloud.

What’s Ludwig?

Ludwig is a simple language designed specifically for coding cloud infrastructure. Fugue compositions are written in Ludwig and used by Fugue's Conductor to automatically build, update, and continuously maintain declared infrastructure. Ludwig features a type system for fast feedback, code validation, and meaningful errors. It also supports commenting for collaboration and documentation generation. Shareable modules allow you to break up and collapse complexity into simple abstractions.

Is Cloud Computing Experience a Prerequisite to Using Fugue?

You do not need cloud computing experience to use Fugue, although you do need to understand your application’s architecture and how your application works. You should know which cloud infrastructure services it will need, such as computing or storage. You declare your cloud infrastructure using simple syntax, and Fugue assumes the complexity of building, operating, and maintaining it.

Why Do I Need Fugue?

Fugue removes the complexity and undifferentiated burden of configuring and maintaining cloud infrastructure, allowing you and your team to focus on creating value with your applications. If you want to stop wasting time managing configuration details, maintaining infrastructure, and chasing bugs in production, consider using Fugue to run your cloud workloads.

Who Should Use Fugue?

Because Fugue is automation software for enterprise cloud operations, anyone deploying workloads in the cloud can benefit from it. Large enterprises face complex challenges managing workloads at scale in the cloud, and they can benefit from the efficiency, control, security, and agility that Fugue provides. Those running smaller workloads in the cloud can benefit from the “set it and forget it” advantages of Fugue, allowing scarce resources to be devoted to value-creating applications rather than costly infrastructure maintenance.

What Are Some High-Level Use Cases for Fugue?

Fugue fully automates the creation, operations, and maintenance of cloud infrastructure for a wide variety of workloads, whether they result from legacy applications migrated from the data center or cloud-native applications. Some of the operational use cases for Fugue include:

  • Combining Fugue with a continuous integration toolchain (such as Jenkins, CircleCI, or Travis) to automate cloud infrastructure lifecycle management
  • Using Fugue’s dry run (“no-op”) option to preview changes to your infrastructure
  • Implementing an enforceable change control process using your code repository tool (such as Git or Github) combined with Fugue’s automated update and enforcement features to provide you with a single source of truth and trust for your cloud
  • Building and managing the underlying infrastructure to support containerized applications that use tools like Docker and Mesos
  • Spinning up and tearing down replicable and consistent environments with ease

How Does Fugue Save Me Money in the Long Run?

Fugue greatly reduces the need for deep cloud expertise in adopting and expanding cloud use. Fugue eliminates costly infrastructure operations and maintenance burdens, allowing you and your team to focus on creating value with your applications, not managing infrastructure configuration details and debugging in production.

How Does Fugue Work?

Fugue runs on a virtual machine (EC2 instance) inside your Amazon Web Services account and uses cloud APIs to build, update, and enforce your infrastructure.

Is Fugue a SaaS/PaaS?

Fugue is a software product, not Software as a Service (SaaS) or Platform as a Service (PaaS). You run the Fugue software inside your own cloud account. Fugue does not “call home” to any third party or to Fugue, Inc. We’ve taken this approach to meet the requirements of our more complex and security-conscious customers.

We put a lot of effort into making Fugue easy to adopt and run. With Fugue, you get the simplicity of a PaaS without the limitations that can affect your application architecture and often prohibit you from customizing your infrastructure.

How Does Fugue Build & Deploy Infrastructure?

Fugue’s Conductor creates running processes made up of the various resources you declare in a Fugue composition in order to build and deploy your infrastructure using cloud APIs.

How Does Fugue Enforce Infrastructure?

Fugue continuously inspects your running cloud infrastructure and compares it to the declarations in your composition. Whenever Fugue identifies a difference between what you’ve declared and what’s running, it returns your infrastructure to the way it should be. To see when such events have occurred, check the Fugue broker logs, as shown in the Fugue User Guide’s Logging chapter.

How Does Fugue Do All of This “Continuously & Automatically?”

Fugue uses a system clock action to ensure that the enforcement of infrastructure described above is continuous and automatic. A job is dispatched every thirty seconds from the Fugue Conductor’s scheduler component based off process state. The scheduler runs the main event loop for every process the Conductor is operating.

Does Fugue “Call Home?”

No, Fugue does not “call home.” The Fugue CLI is installed on a client machine you control, such as your laptop or an EC2 instance within your AWS account, and the Fugue Conductor runs on another EC2 instance within your AWS account. There are no open ports on protocols on the Fugue Conductor. The Fugue Conductor and Fugue CLI communicate with each other using the AWS API, but neither component sends information back to Fugue, Inc. or anyone else.

How Does Fugue Handle Security?

Fugue is designed from the ground up to be a secure system. The Fugue security model values risk avoidance over risk reduction, and procedures for defense-in-depth are followed. The exact security posture of a running Fugue instance depends on some choices you can make as a user.

A best practice is that you do not enable any inbound TCP connections to the Fugue Conductor. Not even SSH. All communication required with it can be done via asynchronous messages, object storage, or similar mechanisms. These resources are all protected by privileged AWS API calls, and the Fugue CLI will handle all of this communication for you. Troubleshooting or other exceptional circumstances may require exceptions to this rule, but they should be just that–exceptions.