Session on evaluation of DevSecOps. This tutorial is made the very basic process of the DevOps cycle for the beginner level. So sometimes we won’t use very deep technical terms to understand.
3. SDLC
Software Development
Life Cycle is the application
of standard business
practices to building
software applications. It's
typically divided into six to
eight steps: Planning,
Requirements, Design,
Build, Document, Test,
Deploy, Maintain.
5. Student Management System
Roles
1. Students
2. Teacher
3. Admin
Admin + Teachers
1. Dashboard: In this section, admin can see all detail in brief like Total Classes, Total Students, Total Class Notices and Total Public Notices.
2. Class: In this section, admin can manage class (Add/Update/Delete).
3. Students: In this section, admin can manage the students (Add/Update/Delete).
4. Notices: In this section, the admin can manage notices (Add/Update/Delete).
5. Public Notices: In this section, the admin can manage public notices.
6. Pages: In this section admin, can manage about us and contact us page of administration
7. Search: In this section admin, can search students by their student id.
8. Reports: In this section admin, can view how much students has been register in particular period.
9. Admin can also update his profile, change the password and recover the password.
Students:
1. Dashboard: It is welcome page for students.
2. View: In this section, user can view notices which are announced by administrator. Can view marks to the exam result.
3. Student can also view his profile, change the password and recover the password..
7. Student Management System – Technical Specification
• User Interface(UI): HTML, AJAX,JQUERY,JAVASCRIPT
• Database: MySQL
• Programming Language: PHP
• PHP Framwork: Laravel
• Sever: 8 Core Linux Server
Bla bla bla…
8. Project Team Members
Project Manager
Business Developer SQA Security Cloud
DBA Network
1 1 1 1 1 1 1
Prepared
Documentatio
n & Analysis
Computer
Source Code Database
Software
Quality
Test
Selenium
Software
Security
Test
SonarQube
Network
Configuration
Deployment
(cPanel/Cloud)
Repository
Local Computer Build
Test Server
Virtual Machine Build > Publish
Deploy. Server
Virtual Machine
9. Waterfall
Methodology
Waterfall Model methodology which is also known as
Liner Sequential Life Cycle Model. Waterfall Model
followed in the sequential order, and so project
development team only moves to next phase of
development or testing if the previous step completed
successfully.
10. Advantages of Waterfall Model
• It is one the easiest model to manage. Because of its
nature, each phase has specific deliverables and a review
process.
• It works well for smaller size projects where requirements
are easily understandable.
• Faster delivery of the project
• Process and results are well documented.
• Easily adaptable method for shifting teams
• This project management methodology is beneficial to
manage dependencies.
There are large number of project is being implemented by Waterfall Model
11. What’s Happen?
• If Client change some requirements in the mid of the development?
• If application can find a bug/vulnerable issue after staging?
• If Client would like to add another modules like Student Advisor Role?
• Something like that….
Waterfall Model methodology is unable to solve these types of
problems!
12. Limitations of Waterfall Model
• It is not an ideal model for a large size project
• If the requirement is not clear at the beginning, it is a less
effective method.
• Very difficult to move back to makes changes in the
previous phases.
• The testing process starts once development is over.
Hence, it has high chances of bugs to be found later in
development where they are expensive to fix.
13. Agaile
Agile is an iterative
approach to project
management and
software development
that helps teams deliver
value to their
customers faster and
with fewer headaches.
14. Advantages of the Agile Model
• It is focused client process. So, it makes sure that the
client is continuously involved during every stage.
• Agile teams are extremely motivated and self-organized
so it likely to provide a better result from the
development projects.
• Agile software development method assures that quality
of the development is maintained
• The process is completely based on the incremental
progress. Therefore, the client and team know exactly
what is complete and what is not. This reduces risk in the
development process.
15. Previous Problem? SOLVED!
• Client changes requirements can easily integrable.
• Application bug/vulnerable issue can be solvable.
• Adding another modules is possible
• Something like that….
Agile methodology is able to solve this types of problems!
16. Let’s imagine
• Many of School is interested to use your “School Management
System”
• Your application business has been expanded
Application-1
Database - 1
School-1
Application-2
Database - 2
School-2
Application-3
Database - 3
School-3
Application-N
Database - N
School-N
17. SaaS Model
• “School Management System” need to implemented your business is
as SasS Model.
What is SaaS Model?
18. Software as a Service (SaaS) Model
DB-1
DB-2
DB-3
Source Code
Application-1
Application-2
Application-3
19. Project Team Members (Prev.)
Project Manager
Business Developer SQA Security Cloud
DBA Network
1 1 1 1 1 1 1
Prepared
Documentatio
n & Analysis
Computer
Source Code Database
Software
Quality
Test
Selenium
Software
Security
Test
SonarQube
Network
Configuration
Deployment
(cPanel/Cloud)
Repository
Local Computer
20. Project Team Members (Now)
Project Manager
Business Developer SQA Security Cloud
DBA Network
3 5 2 2 3 2 3
Prepared
Documentatio
n & Analysis
Computer
Source Code Database
Software
Quality
Test
Selenium
Software
Security
Test
SonarQube
Network
Configuration
Deployment
(cPanel/Cloud)
Repository
Local Computer
How to source
code can be
manage for large
development
team
?
21. Why Version Control system is
Important?
As we know that a software product is developed in collaboration
by a group of developers they might be located at different
locations and each one of them contributes to some specific kind
of functionality/features. So in order to contribute to the product,
they made modifications to the source code(either by adding or
removing). A version control system is a kind of software that
helps the developer team to efficiently communicate and
manage(track) all the changes that have been made to the
source code along with the information like who made and what
changes have been made
Version Control System keeps track on changes made on a
particular software and take a snapshot of every
modification.
22. Version Control Systems
Version control, also known as source control, is the practice of
tracking and managing changes to software code. Version control
systems are software tools that help software teams manage
changes to source code over time. As development environments
have accelerated, version control systems help software teams
work faster and smarter.
23. Project Team Members (Now)
Project Manager
Business Developer SQA Security Cloud
DBA Network
3 5 2 2 3 2 3
Prepared
Documentatio
n & Analysis
Computer
Source Code Database
Software
Quality
Test
Selenium
Software
Security
Test
SonarQube
Network
Configuration
Deployment
(cPanel/Cloud)
Repository
Local Computer
Source Code
Repository?
24. Source Code Repository(SCM)
A code repository is an archive of the code itself that is being
worked on. Beyond the code itself, you can keep things such as
documentation, notes, web pages, and other items in your
repository. A code repository is required for any successful
software development project.
25. Github
GitHub, Inc. is a provider of
Internet hosting for software
development and version
control using Git. It offers the
distributed version control
and source code management
(SCM) functionality of Git,
plus its own features. It
provides access control and
several collaboration features
such as bug tracking, feature
requests, task management,
continuous integration, and
wikis for every project.
26. Project Team Members (Recap.)
Project Manager
Business Developer SQA Security Cloud
DBA Network
3 5 2 2 3 2 3
Prepared
Documentatio
n & Analysis
Computer
Source Code
Database
Software
Quality
Test
Selenium
Software
Security
Test
SonarQube
Network
Configuration
Deployment
(cPanel/Cloud)
Repository
GitLab
Version Control
Git
27. Development Cycle
Source Code
Software Developer(Local)
Git
PUSH/PULL
Repository (GitLab)
Source Code
[Branches]
Build
Manual
Database
Source Code
Database
Test Server (VM)
Check
Testing
Software
Quality
Testing
(Selenium)
Software
Security
Testing
(SonarQube)
feed
back
28. In Real Development Project
• Each sprint, it can be implemented more than hundred Features,
Change Request, Bug, Tasks, Defect-testing and vulnerable related
issue.
• So, each day it can be more than thousand source code commit
request can be made.
• It is really difficult to make manual build after each source code
commit. Isn’t it?
To Solve this problem, We would like to
introduced CI/CD pipeline automates
29. Automatics CI/CD Pipeline
A CI/CD process automates your software delivery process. Automated
pipelines remove manual errors and provide standardized feedback loops.
Some of the CI/CD tools
Continuous Integration (CI)
Continuous Delivery/ Deployment(CD)
30. Development Cycle
Source Code
Software Developer
Git
PUSH/PULL
Repository
Source Code
[Branches]
Build
CI/CD
Database
Source Code
Database
Test Server (VM)
Check
Testing
Software
Quality
Testing
(Selenium)
Software
Security
Testing
(SonarQube)
feed
back
31. Till Now We have completed… Half of the DevOps
That is only Dev – Part from DevOps
Dev = Development
32. Let’s move on – Ops (Operations) part from DevOps
Move on Ops – Part from DevOps
Ops = Operations
33. Development Cycle (Progress so far…)
Source Code
Software Developer
Git
PUSH/PULL
Repository
Source Code
[Branches]
CI/CD
Database
Source Code
Database
Test Server (VM)
Check
Testing
Software
Quality
Testing
(Selenium)
Software
Security
Testing
(SonarQube)
feed
back
34. Take a close Look…Development Cycle!
Source
Code
Software Developer-1
Git [Git Branch: dev1]
Commit (Branch: Dev1)
Repository (GitLab)
Source Code
CI/CD
Database
Source Code
Database
Test Server (VM)
Check
Testing
Selenium SonarQube
feed
back
Source
Code
Software Developer-2
Git [Git Branch: dev2]
Database
Source
Code
Software Developer-3
Git [Git Branch: dev3]
Database
Dev1
Dev2
Dev3
TestBranch LiveBranch
35. Development Cycle (Con’t)
Repository (GitLab)
Source Code
Dev1
Dev2
Dev3
TestBranch
LiveBranch
Server Machine
Database
Database Server (VM[RAM: 12 GB])
Live Application Server (VM[RAM: 12 GB])
Test Application Server (VM[RAM: 12 GB])
Resources Server (VM [RAM: 12 GB])
Source Code
Media/File/Folder
Source Code
Build + Deploy
Build + Deploy
HDD: 18TB 7200 RPM SATA
CPU: Intel Xeon, Core: 32, Clock: 2.70-4.00GHz, Cache: 48MB
RAM: 64GB DDR4
What is VM?
CI/CD
36. What is VM(Virtual Machine)?
A Virtual Machine (VM) is a compute
resource that uses software instead of a physical
computer to run programs and deploy apps.
Each virtual machine runs its own CPU, memory,
network interface, and storage, created on a physical
hardware system (located off- or on-premises).
Virtual machines run on top of the hypervisor software,
which imitates the physical infrastructure and divides the
resources into multiple virtual machines. The hypervisor is
also referred to as the host machine or a virtual machine
monitor.
VMs tend to be bulky and be many gigabytes in size because
each VM contains its own guest operating system, kernel,
binaries, libraries, and its application.
37. Let’s introduced Containerization instead of VM
• Containers create isolated environments in a physical server by virtualizing
the host operating system and running packaged applications on top of it.
• Instead of virtualizing the hardware like virtual machines, containers
virtualize the OS. It’s built on top of a host OS kernel and usually shares its
libraries and binaries.
• Because it shares most of its necessities, containers only pack the
application and its dependencies. They’re much lighter than VMs and only
megabytes in size.
39. Container
A Container is a piece of software that packages code and all of its
dependencies.
Containerization is the process of packaging software code along with all of its
essential components.
41. Docker
Docker is a containerization platform for packaging your application along with all of its
dependencies.
Docker is a free and open platform for developing, deploying, and running software.
Advantages of Docker: Some of the benefits Docker delivers at various stages of the software
development lifecycle (SDLC) are as below,
1.Build
2.Test
3.Deploy
4.Maintain
42. Development Cycle (Container)
Server Machine
Live Applicaton Docker 3
Live Applicaton Docker
Test Application Docker
User Service Docker
HDD: 18TB 7200 RPM SATA
CPU: Intel Xeon, Core: 32, Clock: 2.70-4.00GHz, Cache:
48MB
RAM: 64GB DDR4
File Manager Docker
Auth Service Docker
Database Docker
Live Applicaton Docker 2
Geolocation Service Docker
API Service Docker
Database Docker 2
Repository (GitLab)
Dev1
Dev2
Dev3
TestBranch
LiveBranch 1
CI/CD
How to manage
large number of
docker?
43. Development Cycle (Con’t)
Server Machine
Live Applicaton Docker 3
Live Applicaton Docker
Test Application Docker
User Service Docker
HDD: 18TB 7200 RPM SATA
CPU: Intel Xeon, Core: 32, Clock: 2.70-4.00GHz, Cache:
48MB
RAM: 64GB DDR4
File Manager Docker
Auth Service Docker
Database Docker
Live Applicaton Docker 2
Geolocation Service Docker
API Service Docker
Database Docker 2
Repository (GitLab)
Dev1
Dev2
Dev3
TestBranch
LiveBranch 1
Container
Orchestration
CI/CD
44. Container Orchestration
Container Orchestration automates the deployment, management, scaling and
networking of containers. It is useful for the enterprises to deploy and manage
multiple containers and hosts.
Purposes of using Container Orchestration:
A container orchestrator automatically deploys and manages containerized apps.
1. It responds dynamically to changes in the environment.
2. It ensures all deployed container instances get updated if a new version of a
service is released.
I. Dynamically respond to changes
II. Deploy the same application across different environments.
45. Container Orchestration Tools
Container orchestration tools provide a framework for managing containers and
microservices architecture at scale. They simplify container management and
provide a framework for managing multiple containers as one entity. Some popular
tools used for container lifecycle management are:
47. Configuration Management
Configuration Management: It is a system engineering method that ensures
a product’s characteristics remain consistent during its life cycle. It may cover
non-IT assets and work products used to develop services. It provides a
configuration model of the services, assets and infrastructure by recording the
relationship between-
Service assets
configuration items
Controlled environments
Operational use
Any change in configuration can dramatically impact to (1) Performance (2)
Security (3) Functionality
48. Advantages of configuration management
Increase the efficiency with a well-defined configuration process that improves visibility
Optimize cost by having detailed knowledge of all the IT elements.
Track requirements form specification to testing
Identify and control software versions.
Enhances system and process reliability by detection effects
Manage the information about the configuration item
Provides faster restoration of your service if a process failure occurs
Facilitate the conduct of functional configuration audits
50. Continuous Monitoring
Continuous Monitoring is the ability to detect risk, compliance, and security
issues in an operational environment. It acts as an auditing tool, where it can
navigate through old monitoring data to analyse and improve the performance
of the system.
The roles of Continuous Monitoring are:
Assists in the design of a reliable system
Displays application behaviour during peak business hours
Reduces cost by acquiring precise knowledge of software asset duplication
Reduces the chance of an application going down
Notifies you if there is a problem with your application service
Retrieves and analyses historical data
56. DevOps
DevOps is a set of practice that
aims to provide superior quality
software quickly by integrating the
processes between the
development and the operation
teams.
57. DevSecOps
DevSecOps (short for development,
security, and operations) is a
development practice that integrates
security initiatives at every stage of the
software development lifecycle to
deliver robust and secure applications.
58. More Resources
http://techntuts.com/story/DevOps-Tutorial
DevOps Tutorial Outline:-
1.DevOps-1: Introduction to DevOps
2.DevOps-2: Learn about Linux
3.DevOps-3: Version Control System [Git]
4.DevOps-4: Source Code Management (SCM) [Github]
5.DevOps-5: CI/CD [Jenkins]
6.DevOps-6: Software and Automation Testing Framework [Selenium]
7.DevOps-7: Configuration Management [Ansible]
8.DevOps-8: Containerization [Docker]
9.DevOps-9: Continuous Monitoring [Nagios]
10.DevOps-10: Continuous Orchestration [Kubernetes]