Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

ThoughtWorks Technology Radar Roadshow - Sydney

1,833 views

Published on

In the third part of a 4-city Tech Radar roadshow in Sydney, ThoughtWorks TAB members Scott Shaw and Evan Bottcher cover topics from all 4 quadrants of the latest edition of the ThoughtWorks Technology Radar. This presentation covers Reactive Architectures, Security, Spring Boot vs. Nancy, and Docker.

Published in: Technology
  • Be the first to comment

ThoughtWorks Technology Radar Roadshow - Sydney

  1. 1. TECHNOLOGY
 RADAR May 2015 — Our thoughts on the technology and trends that are shaping the future 1
  2. 2. 2
  3. 3. 3 TECHNOLOGYADVISORYBOARD
  4. 4. 4
  5. 5. 5
  6. 6. 6
  7. 7. THEMES FOR THIS ISSUE 7
  8. 8. TECHNIQUES 8
  9. 9. TECHNIQUES 8
  10. 10. 9 ADOPT 1. Consumer-driven contract testing NEW 2. Focus on mean time to recovery 3. Generated infrastructure diagrams NEW 4. Structured logging TRIAL 5. Canary builds 6. Datensparsamkeit 7. Local storage sync 8. NoPSD 9. Offline-first web applications NEW 10. Products over projects NEW 11. Threat Modelling NEW ASSESS 12. Append-only data store 13. Blockchain beyond Bitcoin 14. Enterprise Data Lake 15. Flux NEW 16. “git-based CMS” NEW 17. Phoenix environments NEW 18. Reactive architectures NEW HOLD 19. Long lived branches with Gitflow 20. Microservice envy 21. Programming in your CI/CD tool 22. SAFe™ 23. Security sandwich 24. Separate DevOps team TECHNIQUES
  11. 11. 10 TECHNIQUES Architectures for the digital world (theme: innovations in architecture)
  12. 12. 10 TECHNIQUES 18 15 14 12 REACTIVE ARCHITECTURES FLUX ENTERPRISE DATA LAKE APPEND-ONLY DATA STORE Architectures for the digital world (theme: innovations in architecture)
  13. 13. Attrition Acquisition Retention Activation Referral Ads ARCHITECTURES FOR THE DIGITAL JOURNEY 11 Emails Google
  14. 14. Legacy Systems RIGHT DATA, RIGHT PLACE, RIGHT TIME 12 Legacy SystemsLegacy Systems Web Analytics Operational Metrics Insights
  15. 15. 13 Business Logic (functions) Legacy Systems Archivers File Store (S3) Insights Analytics Reports, Model Parameters Spark, Hadoop Microservices Append- only Database Flux-based Web Application User Actions View Rendering (react.js) Transactions, Web Analytics, Operational Logs Subscribed Events Event Queue (Time Series Database, Apache Kafka, AWS Kinesis, Eventstore, …)
  16. 16. 13 Business Logic (functions) Legacy Systems Archivers File Store (S3) Insights Analytics Reports, Model Parameters Spark, Hadoop Microservices Append- only Database Flux-based Web Application User Actions View Rendering (react.js) Transactions, Web Analytics, Operational Logs Subscribed Events Event Queue (Time Series Database, Apache Kafka, AWS Kinesis, Eventstore, …)
  17. 17. 14 Insights Analytics Reports, Model Parameters Spark, Hadoop Event Queue (Time Series Database, Apache Kafka, AWS Kinesis, Eventstore, …) Transactions, Web Analytics, Operational Logs Subscribed Events Business Logic (functions) Legacy Systems Archivers File Store (S3)Microservices Append- only Database Flux-based Web Application User Actions View Rendering (react.js)
  18. 18. 14 Insights Analytics Reports, Model Parameters Spark, Hadoop Transactions, Web Analytics, Operational Logs Subscribed Events Business Logic (functions) Legacy Systems Archivers File Store (S3)Microservices Append- only Database Flux-based Web Application User Actions View Rendering (react.js)
  19. 19. 15 Event Queue (Time Series Database, Apache Kafka, AWS Kinesis, Eventstore, …) Insights Analytics Reports, Model Parameters Spark, Hadoop Append- only Database Flux-based Web Application User Actions View Rendering (react.js) Transactions, Web Analytics, Operational Logs Subscribed Events Business Logic (functions) Legacy Systems Archivers File Store (S3)Microservices
  20. 20. 15 Transactions, Web Analytics, Operational Logs Subscribed Events Business Logic (functions) Legacy Systems Archivers File Store (S3)Microservices
  21. 21. 16 Insights Analytics Reports, Model Parameters Spark, Hadoop File Store (S3) Event Queue (Time Series Database, Apache Kafka, AWS Kinesis, Eventstore, …) Microservices Append- only Database Flux-based Web Application User Actions View Rendering (react.js) Transactions, Web Analytics, Operational Logs Subscribed Events Business Logic (functions) Legacy Systems Archivers
  22. 22. 16 Insights Analytics Reports, Model Parameters Spark, Hadoop File Store (S3) Event Queue (Time Series Database, Apache Kafka, AWS Kinesis, Eventstore, …)
  23. 23. 16 Insights Analytics Reports, Model Parameters Spark, Hadoop File Store (S3) Event Queue (Time Series Database, Apache Kafka, AWS Kinesis, Eventstore, …) ALL DATA IN MOTION IS IMMUTABLE
  24. 24. 16 Insights Analytics Reports, Model Parameters Spark, Hadoop File Store (S3) Event Queue (Time Series Database, Apache Kafka, AWS Kinesis, Eventstore, …) ALL DATA IN MOTION IS IMMUTABLE FIT-FOR-PURPOSE “STATE” IS COMPUTED BY THE CONSUMER
  25. 25. 16 Insights Analytics Reports, Model Parameters Spark, Hadoop File Store (S3) Event Queue (Time Series Database, Apache Kafka, AWS Kinesis, Eventstore, …) ALL DATA IN MOTION IS IMMUTABLE FIT-FOR-PURPOSE “STATE” IS COMPUTED BY THE CONSUMER MANAGING AND PUBLISHING EVENTS BRINGS COMPLEXITY
  26. 26. 16 Insights Analytics Reports, Model Parameters Spark, Hadoop File Store (S3) Event Queue (Time Series Database, Apache Kafka, AWS Kinesis, Eventstore, …)PUSHES RESPONSIBILITY FOR DATA QUALITY BACK ON THE SOURCE SYSTEMS ALL DATA IN MOTION IS IMMUTABLE FIT-FOR-PURPOSE “STATE” IS COMPUTED BY THE CONSUMER MANAGING AND PUBLISHING EVENTS BRINGS COMPLEXITY
  27. 27. 17 ADOPT 1. Consumer-driven contract testing NEW 2. Focus on mean time to recovery 3. Generated infrastructure diagrams NEW 4. Structured logging TRIAL 5. Canary builds 6. Datensparsamkeit 7. Local storage sync 8. NoPSD 9. Offline-first web applications NEW 10. Products over projects NEW 11. Threat Modelling NEW ASSESS 12. Append-only data store 13. Blockchain beyond Bitcoin 14. Enterprise Data Lake 15. Flux NEW 16. “git-based CMS” NEW 17. Phoenix environments NEW 18. Reactive architectures NEW HOLD 19. Long lived branches with Gitflow 20. Microservice envy 21. Programming in your CI/CD tool 22. SAFe™ 23. Security sandwich 24. Separate DevOps team TECHNIQUES
  28. 28. TOOLS 18
  29. 29. TOOLS 18
  30. 30. 19 TOOLS ADOPT 48. Composer 49. Go CD 50. Mountebank 51. Postman TRIAL 52. Boot2docker 53. Brighter NEW 54. Consul 55. Cursive 56. Gitlab 57. Hamms NEW 58. IndexedDB 59. POLLY NEW 60. Rest-assured NEW 61. Swagger 62. Xamarin 63. ZAP NEW ASSESS 64. Apache Kafka NEW 65. Blackbox 66. Bokeh/Vega NEW 67. Gor NEW 68. NaCL NEW 69. Origami NEW 70. Packet beat 71. pdfmake NEW 72. PlantUML NEW 73. Prometheus NEW 74. Quick NEW 75. Security Monkey NEW HOLD 76. Citrix for development
  31. 31. 20 TOOLS
  32. 32. 20 TOOLS 75 63 65 68 BLACKBOX ZED ATTACK PROXY SECURITY MONKEY NACL
  33. 33. SECURITY AWARENESS AMONG SENIOR DEVELOPERS* 21*Source: http://jemurai.com/developer-survey-1-results-part-2.html 37% think security is
 a small concern 8% think it is a top concern 67% haver never heard of OWASP, OWASP top 10, or CWE top 25 25% of projects reported had security training, pen test or security embedded in development Overwhelmingly, the only security practices in place are manual code and design reviews.
  34. 34. OWASP ZED ATTACK PROXY 22 The Main Features All the essentials for web application testing ■ Intercepting Proxy ■ Active and Passive Scanners ■ Traditional and Ajax Spiders ■ WebSockets support ■ Forced Browsing (using OWASP DirBuster code) ■ Fuzzing (using fuzzdb & OWASP JBroFuzz) ■ Online Add-ons Marketplace Browser configured to use proxy Browser Primary OS Web Proxy Your Computer VM Web Server Browser Web Proxy Web Server http://www.slideshare.net/dgsweigert/using-the http://www.slideshare.net/tabaradetestare/owasp-2013-zapquickintro
  35. 35. ARE YOUR REPOS AND BUILD SERVERS SECURE? 23 http://www.wired.com/2012/09/adobe-digital-cert-hacked/
  36. 36. ARE YOUR REPOS AND BUILD SERVERS SECURE? 23 http://www.wired.com/2012/09/adobe-digital-cert-hacked/
  37. 37. PROTECTING DEV SECRETS WITH BLACKBOX Git Repo Keys Shhhh secret Shhhh Blackbox Repo seen by all Secrets readable by few
  38. 38. 25 TOOLS ADOPT 48. Composer 49. Go CD 50. Mountebank 51. Postman TRIAL 52. Boot2docker 53. Brighter NEW 54. Consul 55. Cursive 56. Gitlab 57. HAMMS NEW 58. IndexedDB 59. POLLY NEW 60. Rest-assured NEW 61. Swagger 62. Xamarin 63. ZAP NEW ASSESS 64. Apache Kafka NEW 65. Blackbox 66. Bokeh/Vega NEW 67. Gor NEW 68. NaCL NEW 69. Origami NEW 70. Packet beat 71. pdfmake NEW 72. PlantUML NEW 73. Prometheus NEW 74. Quick NEW 75. Security Monkey NEW HOLD 76. Citrix for development
  39. 39. LANGUAGES & FRAMEWORKS 26
  40. 40. LANGUAGES & FRAMEWORKS 26
  41. 41. 27 LANGUAGES & FRAMEWORKS ADOPT 77. Nancy TRIAL 78. Dashing 79. Django Rest 80. Ionic Framework 81. Nashorn 82. Om 83. React.js 84. Retrofit 85. Spring Boot ASSESS 86. Ember.js NEW 87. Flight.js 88. Haskell Hadoop library 89. Lotus 90. Reagent 91. Swift HOLD 92. JSF
  42. 42. 28 LANGUAGES & FRAMEWORKS
  43. 43. 28 LANGUAGES & FRAMEWORKS 85 SPRING BOOT NANCY77
  44. 44. A TALE OF TWO WEB FRAMEWORKS 29 Java/Spring C#/.NET Lightweight ✓ ✓ Low-ceremony ✓ ✓ Self-hosted ✓ ✓ Opinionated ✓ ✓ boot
  45. 45. ON THE SURFACE, VERY SIMILAR 30
  46. 46. ON THE SURFACE, VERY SIMILAR 30
  47. 47. BUT WHAT’S UNDER THE COVERS? 31 Spring Boot’s pom.xml 1847 lines in total!
  48. 48. BUT WHAT’S UNDER THE COVERS? 31 Nancy’s Nuget page
  49. 49. BUT WHAT’S UNDER THE COVERS? 31 Nancy’s Nuget page
  50. 50. FRAMEWORKS VS. COMPOSITION 32 Spring Framework Your Spring Boot App Jetty Your App Code Owin Nancy.Owin Nancy Composes Calls higher-order functions
  51. 51. 33 LANGUAGES & FRAMEWORKS ADOPT 77. Nancy TRIAL 78. Dashing 79. Django Rest 80. Ionic Framework 81. Nashorn 82. Om 83. React.js 84. Retrofit 85. Spring Boot ASSESS 86. Ember.js NEW 87. Flight.js 88. Haskell Hadoop library 89. Lotus 90. Reagent 91. Swift HOLD 92. JSF
  52. 52. PLATFORMS 34
  53. 53. PLATFORMS 34
  54. 54. 35 PLATFORMS ADOPT TRIAL 25. Apache Spark NEW 26. Cloudera Impala NEW 27. DigitalOcean 28. TOTP Two-Factor Authentication HOLD 45. Application Servers NEW 46. OSGi 47. SPDY NEW ASSESS 29. Apache Kylin NEW 30. Apache Mesos 31. CoreCLR and CoreFX NEW 32. CoreOS 33. Deis NEW 34. H2O NEW 35. Jackrabbit Oak 36. Linux security modules 37. MariaDB 38. Netflix OSS Full stack 39. OpenAM 40. SDN 41. Spark.io 42. Text it as a service / Rapidpro.io 43. Time-series Databases NEW 44. U2F
  55. 55. 36 PLATFORMS Deployment architectures keep evolving.
  56. 56. 36 PLATFORMS 33 DEIS 30 APACHE MESOS 32 COREOS 45APPLICATION SERVERS Deployment architectures keep evolving.
  57. 57. THE RISE OF DOCKER 37 http://blog.docker.com/2014/11/docker-governance-advisory-board-output-of-first-meeting/ GitHub Starts by Date and Project Config Management GitHub Totals
  58. 58. EXPLOSION OF TOOLS AND PLATFORMS 38 CoreOS Fleet Docker Swarm
  59. 59. DEIS: DOCKER-BASED PAAS — ANYWHERE 39 http://docs.deis.io/en/v0.9.0/gettingstarted/architecture/ Developer Application Consumers Load Balancer Controller Load Balancer Cluster (Test) Containers Scheduler Router Cluster (Dev) Containers Scheduler Router Cluster (Prod) Containers Scheduler Router Monitoring Logging Backing Services Containers Containers Containers Containers Containers Containers Router Router Router
  60. 60. APACHE MESOS 40http://abhishek-tiwari.com/post/building-distributed-systems-with-mesos batch services Workloads Apps Frameworks Kernel DFS Cluster C++ BASH Python Scalding Impala Shark MySQL Kafka JBoss Django Rails MPI Hadoop Spark Storm Marathon Chronos RubyPythonJVMC++ distributed file system distributed resources: CPU, RAM, I/O, FS, rack locality, etc.
  61. 61. WHERE DOES THIS LEAVE APPLICATION SERVERS? 41
  62. 62. 42 PLATFORMS ADOPT TRIAL 25. Apache Spark NEW 26. Cloudera Impala NEW 27. DigitalOcean 28. TOTP Two-Factor Authentication HOLD 45. Application Servers NEW 46. OSGi 47. SPDY NEW ASSESS 29. Apache Kylin NEW 30. Apache Mesos 31. CoreCLR and CoreFX NEW 32. CoreOS 33. Deis NEW 34. H2O NEW 35. Jackrabbit Oak 36. Linux security modules 37. MariaDB 38. Netflix OSS Full stack 39. OpenAM 40. SDN 41. Spark.io 42. Text it as a service / Rapidpro.io 43. Time-series Databases NEW 44. U2F
  63. 63. 43 Scott Shaw @scottwshaw Evan Bottcher @evanbottcher thoughtworks.com/radar

×