Devops & Standards - Why standards matter

•

0 likes•308 views

This document discusses the importance of standards in software development. Some key benefits of standards include shared libraries that promote reusability, consistent security practices, a single deployment toolchain that improves developer productivity, standardized CI/CD processes that optimize costs, and uniform configuration approaches that allow faster deployments and problem resolution. Overall, establishing standards acts as a "shared bus" that facilitates communication across teams and makes the complexity of microservices architectures easier to manage.

Technology

Why standards matter
Angad Singh
@angadsg

DevOps
Architecting (micro)services
Infrastructure Automation
Developer Productivity

DevOps
Debugging all layers
Incident Management
Cost Management

Shared Libraries aka Reusability
E.g.
Redis/MySQL/xyz connection manager
In memory caching
Image transformations

Security
E.g.
Consistent Firewall rules
Standard input sanitization
Centralized Alerting

Developer Productivity
No surprises when navigating the system
e.g.
All services log to /var/log
One deploy toolchain to rule them all

Cost Optimization
Engineering cost > Infrastructure cost
Better Standards = Lesser Engineers

CI/CD
Standard pathway for all services
Unit Tests
Integration Tests

Engineering Onboarding
Start early, start better.
Raise the bar with new hires.

Consistent Naming
Service name = Docker name = Repo name
= monitoring namespace = load balancer name
= CI name

Standard Provisioning
Ansible/Chef etc.
Docker - use and throw.

Standard Configuration
Consul, Zookeeper etc.
Hot reloadable configuration
Deploy faster, fix faster

DevOps as a Shared Bus
Identify patterns across all services
Easier to handle complexity of microservices
Ability to debug at any level

DevOps as a Shared Bus
Small teams with more context and communication
are better than large teams with no communication
Work closely with developers

Enforce Standards
But with logic and common sense.
(and some love, for our developers)

Its all about
Give and Take.
(Take sudo, Give advice)

Devops & Standards - Why standards matter

It's 2016, so practices like Test Driven Development (TDD) have long found their way into organizations. However, the practices and principles to keep those unit tests maintainable haven't really changed. Still, I regularly talk to developers that somehow ended up with an incomprehensible unmaintainable set of unit tests that they once believed in, but are now holding them back. So in this session I like to provide a refresh of those fundamental ideas and talk about why you should practice TDD, revealing intentions, naming conventions, state versus interaction based testing, and how to stay out of the debugger hell with proper mocking and assertion frameworks. And even if you believe you are well versed in the testing realm, join me anyway. Maybe we can learn some tips & tricks from the audience as well. Looking forward to it!

Development environments in the AWS cloud - Vancouver PHP Meetup

vanphp

Asynchronous Messaging with NServiceBusBritt King

How To Migrate a Rails App From a Dedicated Server Into Cloud Environment? - ...

Visuality

Building occasionally connected applications using event sourcing

Dennis Doomen

I've recently got the opportunity to work on a large enterprise-class system that needs to be deployed on multiple occasionally connected oil platforms and boats. Already the system's architecture was based on the Command Query Separation principles, this gave us a completely new challenge. After several months of looking at alternatives, we decided to go the Event Sourcing direction. In this in-depth session, I'd like you to learn the many alternatives we observed, the pros and cons, and the technical details of our final solution in which we use EventStore 3.0 and elements of NCQRS and Lokad.CQRS to synchronize systems over unreliable connections in a very efficient way.

Serverless Reality

Lynn Langit

DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...

Docker, Inc.

Slides from Diptanu Choudhury's talk at DockerCon SF 2015 Talk Description: Netflix has a complex micro-services architecture that is operated in an active-active manner from multiple geographies on top of AWS. Amazon gives us the flexibility to tap into massive amounts of resources, but how we use and manage those is a constantly evolving and ever-growing task. We have developed Titan to make cluster management, application deployments using Docker and process supervision much more robust and efficient in terms of CPU/memory utilization across all of our servers in different geographies. Titan, a combination of Docker and Apache Mesos, is an application infrastructure gives us a highly resilient and dynamic PAAS, that is native to public clouds and runs across multiple geographies. It makes it easy for us to manage applications in our complex infrastructure and gives us the ability to make changes in the IAAS layer without impacting developer productivity or sacrificing insight into our production infrastructure.

Serverless - Increasing software delivery

Ewere Diagboya

For more than decade .NET has been used primarily in enterprise software development. We all remember intranet deployment, IIS, SQL Server, N-tier applications and so on. The toolset (Visual Studio, SQL Management Studio, IIS Management snap-in etc) seemed to be set in stone as well as architecture (controllers, services, repositories). .NET people were isolated from other folks, who were using clusters, containers, clouds, and Linux. However, adoption of clouds during few past years, the release of .NET Core made much more choices available to developers. It turned out that traditional way of building application is not that efficient from many viewpoints, including costs, time, performance or robustness. It happens because the environment has been changed and many assumptions are not still relevant. In this talk, we will discuss what and why has been changed and how to deal with that. What are new requirements for our applications? What are new services available, and how to use them wisely? And finally, how should we design our applications to be cost-effective, competitive and have a lot of fun working with .NET Core.

Introduction to DevSecOps on AWS

Amazon Web Services

DevOpsDaysPhoenix - CI/CD Pipelines for CDN

Akshay Ranganath

How a National Transportation Software Provider Migrated a Mission-Critical T...

Amazon Web Services

In this webinar, Cascadeo will show you how they helped a national transportation software provider build an AWS architecture that enables them to effectively support more than 3,300 complex integration tests against nightly builds of their Interoperable Train Control Messaging (ITCM) application. You’ll also learn about how this software provider can scale on-demand, has improved governance and cost management, and rapidly supports new projects without increasing IT overhead using AWS.

Pattern-Oriented Distributed Software Architectures David Freitas

Integrating-Cloud-Development-Security-And-Operations.pdf

Amazon Web Services

Managing infrastructure as code has become an important process in scaling software organizations. This brings many software development processes and ideas to operations, including version control, automated testing, configuration management and reliable duplication. Programmable infrastructure becomes invaluable as application services grows, in quantity and granularity, in a growing company. Automating the provisioning, configuration and deployment of complex applications requires some design choices on top of AWS services. This presentation discusses how to implement modularity, reliability and security into continuous delivery pipelines ("DevSecOps"). Learn how to automate application delivery using AWS CloudFormation and other tools from Amazon Web Services.

Introduction to DevSecOps on AWS

Amazon Web Services

Rackspace Best Practices for DevOps on AWS

Amazon Web Services

Rackspace Fanatical Support for AWS™, with our army of AWS experts, can help implement the ideal combination of cultural philosophies, practices, and tools which enable an organization to deliver applications and services at high velocity. This speed enables organizations to better serve their customers and compete more effectively in the market by allowing them to evolve and improve products at a faster pace than organizations using traditional software development and infrastructure management processes. Join our upcoming webinar to learn how ScriptDrop leveraged Rackspace to develop a best practices DevOps pipeline utilizing the latest AWS technologies, quickly and efficiently.

12-Factor App

Abdullah Çetin ÇAVDAR

Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...

DigitalOcean

Watch this Tech Talk: https://do.co/video_snormore An engineering-led talk that covers the challenges DigitalOcean encountered with a Droplet-based architecture and why we pivoted to using Kubernetes. Steven Normore, Engineering Manager at DigitalOcean, shares the benefits that a Kubernetes-based architecture provides to customers, and shares guidance on what to keep in mind as you build your business on DigitalOcean. About the Presenter Steven Normore is an Engineering Manager at DigitalOcean. He builds and operates systems for production web applications. He has an education in computer science and mathematics with a focus on combinatorics and distributed systems. New to DigitalOcean? Get US $100 in credit when you sign up: https://do.co/deploytoday To learn more about DigitalOcean: https://www.digitalocean.com/ Follow us on Twitter: https://twitter.com/digitalocean Like us on Facebook: https://www.facebook.com/DigitalOcean Follow us on Instagram: https://www.instagram.com/thedigitalocean/ We're hiring: http://do.co/careers

Faster, more Secure Application Modernization and Replatforming with PKS - Ku...

VMware Tanzu

Accelerating software delivery with AWS

Rob Greenwood

Slides from a recent talk I gave at the DevOps Exchange Manchester, as part of the Digital City Festival 2020. Theme: Empowering developers in the cloud. Development teams are increasingly measured on features delivered, yet considerable time and effort is lost on unplanned (recovery) work. I discuss how and why continuous delivery helps businesses accelerate their software delivery, and how to implement a continuous delivery pipeline using native AWS DevOps tooling.

WITS 2022_ModernizationAndInfrastructureAsCode.pptx

Shikha Srivastava

Cloud solutions have evolved tremendously in recent years, but many customers still shy away from moving their mission-critical workloads to the cloud, due to security and compliance concerns. Join our session to get insights on how Continuous Integration/Continuous Delivery/Security Pipelines and Infrastructure as Code can address these concerns and enable successful Hybrid Cloud Solutions.Key Takeaways:- Understand benefits of Hybrid Cloud- Understand cloud concepts, Dev/Sec/Ops and technologies for CI/CD and Infrastructure as Code- Identify practical scenarios for using Infrastructure as Code for multiple Industries considering Hybrid cloud deployments and solutions.

Introduction to DevSecOps

Amazon Web Services

Today’s cutting edge companies have release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This type of automation will help you catch bugs sooner and accelerate developer productivity. In this session we will share our AWS engineers embed security practices in DevOps, and discuss how you can use AWS services to securely enable DevOps agility in your organization.

Pattern-Oriented Software Architecture: Patterns for Concurrent and Networked...David Freitas

Is Your DevOps Ready for the Cloud?

XebiaLabs

DevOps and cloud seem to be a match made in heaven...however, there are challenges that organizations experience when incorporating cloud technologies into their DevOps practices. XebiaLabs Cloud & DevOps Evangelist, Dan Beauregard, and Director of DevOps Strategy, Vincent Lussenburg, discussed why DevOps is leading many organizations to move to the cloud and how to make this transition as seamless as possible in an enterprise environment.

Strengthen and Scale Security Using DevSecOps - OWASP Indonesia

Mohammed A. Imran

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Large Language Model (LLM) and it’s Geospatial Applications

Rohit Gautam

Similar to Devops & Standards - Why standards matter

The "Holy Grail" of Dev/Ops

Erik Osterman

Containerization Strategy

Balaji Mariyappan

Cloud native integration

Kim Clark

Serhiy Kalinets "Embracing architectural challenges in the modern .NET world"

Fwdays

Introduction to DevSecOps on AWS

Amazon Web Services

DevOpsDaysPhoenix - CI/CD Pipelines for CDN

Akshay Ranganath

How a National Transportation Software Provider Migrated a Mission-Critical T...

Amazon Web Services

Pattern-Oriented Distributed Software Architectures David Freitas

Integrating-Cloud-Development-Security-And-Operations.pdf

Amazon Web Services

Introduction to DevSecOps on AWS

Amazon Web Services

Rackspace Best Practices for DevOps on AWS

Amazon Web Services

12-Factor App

Abdullah Çetin ÇAVDAR

Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...

DigitalOcean

Faster, more Secure Application Modernization and Replatforming with PKS - Ku...

VMware Tanzu

Accelerating software delivery with AWS

Rob Greenwood

WITS 2022_ModernizationAndInfrastructureAsCode.pptx

Shikha Srivastava

Introduction to DevSecOps

Amazon Web Services

Pattern-Oriented Software Architecture: Patterns for Concurrent and Networked...David Freitas

Is Your DevOps Ready for the Cloud?

XebiaLabs

Strengthen and Scale Security Using DevSecOps - OWASP Indonesia

Mohammed A. Imran

Similar to Devops & Standards - Why standards matter (20)

The "Holy Grail" of Dev/Ops

Containerization Strategy

Cloud native integration

Serhiy Kalinets "Embracing architectural challenges in the modern .NET world"

Introduction to DevSecOps on AWS

DevOpsDaysPhoenix - CI/CD Pipelines for CDN

How a National Transportation Software Provider Migrated a Mission-Critical T...

Pattern-Oriented Distributed Software Architectures

Integrating-Cloud-Development-Security-And-Operations.pdf

Introduction to DevSecOps on AWS

Rackspace Best Practices for DevOps on AWS

12-Factor App

Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...

Faster, more Secure Application Modernization and Replatforming with PKS - Ku...

Accelerating software delivery with AWS

WITS 2022_ModernizationAndInfrastructureAsCode.pptx

Introduction to DevSecOps

Pattern-Oriented Software Architecture: Patterns for Concurrent and Networked...

Is Your DevOps Ready for the Cloud?

Strengthen and Scale Security Using DevSecOps - OWASP Indonesia

Recently uploaded

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

James Anderson

Large Language Model (LLM) and it’s Geospatial Applications

Rohit Gautam

UiPath Test Automation using UiPath Test Suite series, part 5

DianaGray10

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

nkrafacyberclub

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

Vladimir Iglovikov, Ph.D.

Presented by Vladimir Iglovikov: - https://www.linkedin.com/in/iglovikov/ - https://x.com/viglovikov - https://www.instagram.com/ternaus/ This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation. Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners. This case study covers various aspects, including: People: The contributors and community that have supported Albumentations. Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions. Challenges: The hurdles in monetizing open-source projects and measuring user engagement. Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration. Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community. Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations. Mental Health: Maintaining balance and not feeling pressured by user demands. Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth. Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects. Explore more about Albumentations and join the community at: GitHub: https://github.com/albumentations-team/albumentations Website: https://albumentations.ai/ LinkedIn: https://www.linkedin.com/company/100504475 Twitter: https://x.com/albumentations

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

Video Streaming: Then, Now, and in the Future

Alpen-Adria-Universität

In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.

A tale of scale & speed: How the US Navy is enabling software delivery from l...

sonjaschweigert1

Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved: - Reduction in onboarding time from 5 weeks to 1 day - Improved developer experience and productivity through actionable findings and reduction of false positives - Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO) Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production. We will cover: - How to remove silos in DevSecOps - How to build efficient development pipeline roles and component templates - How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence) - How to streamline operations with automated policy checks on container images

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Neo4j

20240607 QFM018 Elixir Reading List May 2024

Matthew Sinclair

20240609 QFM020 Irresponsible AI Reading List May 2024

Matthew Sinclair

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Neo4j

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

My slides at Nordic Testing Days 6.6.2024 Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.

National Security Agency - NSA mobile device best practices

Quotidiano Piemontese

Essentials of Automations: The Art of Triggers and Actions in FME

Safe Software

In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation. We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios. Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

Recently uploaded (20)

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

Large Language Model (LLM) and it’s Geospatial Applications

UiPath Test Automation using UiPath Test Suite series, part 5

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

The Art of the Pitch: WordPress Relationships and Sales

PCI PIN Basics Webinar from the Controlcase Team

Introduction to CHERI technology - Cybersecurity

Pushing the limits of ePRTC: 100ns holdover for 100 days

Video Streaming: Then, Now, and in the Future

A tale of scale & speed: How the US Navy is enabling software delivery from l...

Monitoring Java Application Security with JDK Tools and JFR Events

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

20240607 QFM018 Elixir Reading List May 2024

20240609 QFM020 Irresponsible AI Reading List May 2024

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Climate Impact of Software Testing at Nordic Testing Days

National Security Agency - NSA mobile device best practices

Essentials of Automations: The Art of Triggers and Actions in FME

Securing your Kubernetes cluster_ a step-by-step guide to success !

Devops & Standards - Why standards matter

1. Why standards matter Angad Singh @angadsg

3. DevOps Architecting (micro)services Infrastructure Automation Developer Productivity

4. DevOps Debugging all layers Incident Management Cost Management

7. Shared Libraries aka Reusability E.g. Redis/MySQL/xyz connection manager In memory caching Image transformations

8. Security E.g. Consistent Firewall rules Standard input sanitization Centralized Alerting

9. Developer Productivity No surprises when navigating the system e.g. All services log to /var/log One deploy toolchain to rule them all

10. Cost Optimization Engineering cost > Infrastructure cost Better Standards = Lesser Engineers

11. CI/CD Standard pathway for all services Unit Tests Integration Tests

12. Engineering Onboarding Start early, start better. Raise the bar with new hires.

13. Consistent Naming Service name = Docker name = Repo name = monitoring namespace = load balancer name = CI name

14. Standard Provisioning Ansible/Chef etc. Docker - use and throw.

15. Standard Configuration Consul, Zookeeper etc. Hot reloadable configuration Deploy faster, fix faster

16. DevOps as a Shared Bus Identify patterns across all services Easier to handle complexity of microservices Ability to debug at any level

17. DevOps as a Shared Bus Small teams with more context and communication are better than large teams with no communication Work closely with developers

18. Enforce Standards But with logic and common sense. (and some love, for our developers)

19. Its all about Give and Take. (Take sudo, Give advice)

Devops & Standards - Why standards matter

Recommended

Recommended

More Related Content

Similar to Devops & Standards - Why standards matter

Similar to Devops & Standards - Why standards matter (20)

Recently uploaded

Recently uploaded (20)

Devops & Standards - Why standards matter