> For the complete documentation index, see [llms.txt](https://resources.yamaindustrials.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://resources.yamaindustrials.com/yama-immutable-systems-security.md). # Immutable Infrastructure Immutable infrastructure is an approach to managing services and software deployments on IT resources wherein components are replaced rather than changed. An application or services is effectively redeployed each time any change occurs. ## Security Features: Immutable Linux Operating System(s) Read-Only systems. Tamper-resistant and hardened against corruption. Atomic upgrades. Live Migration & Snapshots. Critical Application(s) Sandboxing. In a traditional software deployment, an application or service update requires that a component is changed in production, while the complete service or application remains operational. Immutable infrastructure instead relies on instancing, where components are assembled on computing resources to form the service or application. Once the service or application is iterated, its components are set -- thus, the service or application is immutable, unable to change. When a change is made to one or more components of a service or application, a new iteration is assembled, tested, validated and made available for use. Then the old iteration is discontinued to free the computing resources within the environment for other tasks. Immutability restricts the potential for configuration drift, reducing the IT infrastructure's vulnerability to attack. Uptime is improved in unexpected events, because instances are redeployed instead of restored from multiple unique configurations and versions. A deployment iteration typically results in the build of a common image that can be tested and proven. Cloud computing environments provide the automation required to construct and deploy images for immutable operations. Immutable infrastructure benefits include lower IT complexity and failures, improved security and easier troubleshooting than on mutable infrastructure. It eliminates server patching and configuration changes, because each update to the service or application workload initiates a new, tested and up-to-date instance. There is no need to track changes. If the new instance does not meet expectations, it is simple to roll back to the prior known-good instance. Since you’re not working with individual components within the environment, there are far fewer chances for unpredictable behaviors or unintended consequences of code changes. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://resources.yamaindustrials.com/yama-immutable-systems-security.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.