The document discusses Spring Cloud Pipelines and how it can be used to automate deployment pipelines for applications. It describes how Spring Cloud Pipelines provides an opinionated template for deployment pipelines that supports various automation servers out of the box. It also discusses how Spring Cloud Pipelines enforces best practices for continuous delivery, such as failing fast with tests, using infrastructure as code, and deploying applications to a PaaS.
Continuous Deployment of your Application - SpringOne Tour - BostonVMware Tanzu
This document discusses Spring Cloud Pipelines and how it can be used to standardize deployment pipelines across projects. It introduces Spring Cloud Pipelines and how it provides an opinionated template for deployment pipelines that is based on best practices from different projects. It uses an "Infrastructure as Code" approach and supports automation servers like Concourse, Jenkins, and others. The document then discusses some of the key features and benefits of Spring Cloud Pipelines, including how it handles deploying to different environments, testing, and rolling back if needed. It provides examples of how Spring Cloud Pipelines implements pipelines for Concourse and Jenkins. Overall, the document promotes Spring Cloud Pipelines as a way to avoid creating deployment pipelines from scratch for each new
FaaS or not to FaaS. Visible and invisible benefits of the Serverless paradig...Vadym Kazulkin
When we talk about prices, we often only talk about Lambda costs. In our applications, however, we rarely use only Lambda. Usually we have other building blocks like API Gateway, data sources like SNS, SQS or Kinesis. We also store our data either in S3 or in serverless databases like DynamoDB or recently in Aurora Serverless. All of these AWS services have their own pricing models to look out for. In this talk, we will draw a complete picture of the total cost of ownership in serverless applications and present a decision-making list for determining if and whether to rely on serverless paradigm in your project. In doing so, we look at the cost aspects as well as other aspects such as understanding application lifecycle, software architecture, platform limitations, organizational knowledge and plattform and tooling maturity. We will also discuss current challenges adopting serverless such as lack of high latency ephemeral storage, unsufficient network performance and missing security features.
Patterns and practices for building enterprise-scale HTML5 appsPhil Leggetter
Developing large apps is difficult. Ensuring that code is consistent, maintainable, testable and has an architecture that enables change is essential. As is ensuring that multiple developers – across multiple teams – can efficiently contribute to the same application. When it comes to large server-focused apps, solutions to some of these challenges have been tried and tested. But, how do you achieve this when building HTML5 single-page apps?
In this session, Phil will cover the experiences his team have had when building HTML5 apps consisting of more than 250k lines of JavaScript (plus HTML templates, CSS, image, config etc) that are contributed to by multiple teams across multiple companies. He will highlight signs to watch out for as your HTML5 SPA grows, and a set of patterns and practices that help you avoid problems. He will also explain the simple yet powerful application architecture that their HTML5 apps have that is core to ensuring they scale.
Finally, Phil will demonstrate how tooling can be used to support these patterns and practices, and enable a productive developer workflow where the first line of code is feature code, features can be developed and tested in isolation, code conflicts are avoided by grouping assets by feature, and features are composed into apps.
FaaS or not to FaaS. Visible and invisible benefits of the Serverless paradig...Vadym Kazulkin
When we talk about prices, we often only talk about Lambda costs. In our applications, however, we rarely use only Lambda. Usually we have other building blocks like API Gateway, data sources like SNS, SQS or Kinesis. We also store our data either in S3 or in serverless databases like DynamoDB or recently in Aurora Serverless. All of these AWS services have their own pricing models to look out for. In this talk, we will draw a complete picture of the total cost of ownership in serverless applications and present a decision-making list for determining if and whether to rely on serverless paradigm in your project. In doing so, we look at the cost aspects as well as other aspects such as understanding application lifecycle, software architecture, platform limitations, organizational knowledge and plattform and tooling maturity. We will also discuss current challenges adopting serverless such as lack of high latency ephemeral storage, unsufficient network performance and missing security features.
Testing for Logic App Solutions | Integration MondayBizTalk360
In this Integration Monday session, Mike discussed the challenges and approaches for some of the common testing scenarios when delivering integration solutions with Microsoft Azure.
PowerShell Scripting and AI-infused AutomationMitul Rana
Join us for a demo-rich live show that looks at the evolution of PowerShell as the automation scripting tool across Linux and Windows platforms.
Check out the latest additions to CloudShell including the ability for Visual Studio Code to run PowerShell inside of CloudShell. See how you can leverage the Cloud with PowerShell to protect secrets and harness Azure Machine Learning to advance your management scenarios. We will try to include multiple demos on below mentioned topics as time permits :
:- PowerShell Core
:- PowerShell Cross Platform Remoting
:- Cloud Shell
:- SHIPS
:- Cloud, Hybrid, DevOps and PowerShell
:- PowerShell extension for Visual Studio Code
:- OpenSSH
:- Azure Cloud Shell
:- Azure Machine Learning some advance management scenario
FaaS or not to FaaS. Visible and invisible benefits of the Serverless paradig...Vadym Kazulkin
When we talk about prices, we often only talk about Lambda costs. In our applications, however, we rarely use only Lambda. Usually we have other building blocks like API Gateway, data sources like SNS, SQS or Kinesis. We also store our data either in S3 or in serverless databases like DynamoDB or recently in Aurora Serverless. All of these AWS services have their own pricing models to look out for. In this talk, we will draw a complete picture of the total cost of ownership in serverless applications and present a decision-making list for determining if and whether to rely on serverless paradigm in your project. In doing so, we look at the cost aspects as well as other aspects such as understanding application lifecycle, software architecture, platform limitations, organizational knowledge and plattform and tooling maturity. We will also discuss current challenges adopting serverless such as lack of high latency ephemeral storage, unsufficient network performance and missing security features.
Continuous Deployment of your Application - SpringOne Tour - BostonVMware Tanzu
This document discusses Spring Cloud Pipelines and how it can be used to standardize deployment pipelines across projects. It introduces Spring Cloud Pipelines and how it provides an opinionated template for deployment pipelines that is based on best practices from different projects. It uses an "Infrastructure as Code" approach and supports automation servers like Concourse, Jenkins, and others. The document then discusses some of the key features and benefits of Spring Cloud Pipelines, including how it handles deploying to different environments, testing, and rolling back if needed. It provides examples of how Spring Cloud Pipelines implements pipelines for Concourse and Jenkins. Overall, the document promotes Spring Cloud Pipelines as a way to avoid creating deployment pipelines from scratch for each new
FaaS or not to FaaS. Visible and invisible benefits of the Serverless paradig...Vadym Kazulkin
When we talk about prices, we often only talk about Lambda costs. In our applications, however, we rarely use only Lambda. Usually we have other building blocks like API Gateway, data sources like SNS, SQS or Kinesis. We also store our data either in S3 or in serverless databases like DynamoDB or recently in Aurora Serverless. All of these AWS services have their own pricing models to look out for. In this talk, we will draw a complete picture of the total cost of ownership in serverless applications and present a decision-making list for determining if and whether to rely on serverless paradigm in your project. In doing so, we look at the cost aspects as well as other aspects such as understanding application lifecycle, software architecture, platform limitations, organizational knowledge and plattform and tooling maturity. We will also discuss current challenges adopting serverless such as lack of high latency ephemeral storage, unsufficient network performance and missing security features.
Patterns and practices for building enterprise-scale HTML5 appsPhil Leggetter
Developing large apps is difficult. Ensuring that code is consistent, maintainable, testable and has an architecture that enables change is essential. As is ensuring that multiple developers – across multiple teams – can efficiently contribute to the same application. When it comes to large server-focused apps, solutions to some of these challenges have been tried and tested. But, how do you achieve this when building HTML5 single-page apps?
In this session, Phil will cover the experiences his team have had when building HTML5 apps consisting of more than 250k lines of JavaScript (plus HTML templates, CSS, image, config etc) that are contributed to by multiple teams across multiple companies. He will highlight signs to watch out for as your HTML5 SPA grows, and a set of patterns and practices that help you avoid problems. He will also explain the simple yet powerful application architecture that their HTML5 apps have that is core to ensuring they scale.
Finally, Phil will demonstrate how tooling can be used to support these patterns and practices, and enable a productive developer workflow where the first line of code is feature code, features can be developed and tested in isolation, code conflicts are avoided by grouping assets by feature, and features are composed into apps.
FaaS or not to FaaS. Visible and invisible benefits of the Serverless paradig...Vadym Kazulkin
When we talk about prices, we often only talk about Lambda costs. In our applications, however, we rarely use only Lambda. Usually we have other building blocks like API Gateway, data sources like SNS, SQS or Kinesis. We also store our data either in S3 or in serverless databases like DynamoDB or recently in Aurora Serverless. All of these AWS services have their own pricing models to look out for. In this talk, we will draw a complete picture of the total cost of ownership in serverless applications and present a decision-making list for determining if and whether to rely on serverless paradigm in your project. In doing so, we look at the cost aspects as well as other aspects such as understanding application lifecycle, software architecture, platform limitations, organizational knowledge and plattform and tooling maturity. We will also discuss current challenges adopting serverless such as lack of high latency ephemeral storage, unsufficient network performance and missing security features.
Testing for Logic App Solutions | Integration MondayBizTalk360
In this Integration Monday session, Mike discussed the challenges and approaches for some of the common testing scenarios when delivering integration solutions with Microsoft Azure.
PowerShell Scripting and AI-infused AutomationMitul Rana
Join us for a demo-rich live show that looks at the evolution of PowerShell as the automation scripting tool across Linux and Windows platforms.
Check out the latest additions to CloudShell including the ability for Visual Studio Code to run PowerShell inside of CloudShell. See how you can leverage the Cloud with PowerShell to protect secrets and harness Azure Machine Learning to advance your management scenarios. We will try to include multiple demos on below mentioned topics as time permits :
:- PowerShell Core
:- PowerShell Cross Platform Remoting
:- Cloud Shell
:- SHIPS
:- Cloud, Hybrid, DevOps and PowerShell
:- PowerShell extension for Visual Studio Code
:- OpenSSH
:- Azure Cloud Shell
:- Azure Machine Learning some advance management scenario
FaaS or not to FaaS. Visible and invisible benefits of the Serverless paradig...Vadym Kazulkin
When we talk about prices, we often only talk about Lambda costs. In our applications, however, we rarely use only Lambda. Usually we have other building blocks like API Gateway, data sources like SNS, SQS or Kinesis. We also store our data either in S3 or in serverless databases like DynamoDB or recently in Aurora Serverless. All of these AWS services have their own pricing models to look out for. In this talk, we will draw a complete picture of the total cost of ownership in serverless applications and present a decision-making list for determining if and whether to rely on serverless paradigm in your project. In doing so, we look at the cost aspects as well as other aspects such as understanding application lifecycle, software architecture, platform limitations, organizational knowledge and plattform and tooling maturity. We will also discuss current challenges adopting serverless such as lack of high latency ephemeral storage, unsufficient network performance and missing security features.
Use Jenkins For Continuous Load Testing And Mobile Test AutomationClever Moe
The document discusses using Jenkins for continuous load testing and mobile test automation. It describes how Jenkins can be used to automate testing across sprints in an agile methodology. Specifically, it outlines how to leverage Jenkins to run functional tests continuously and repurpose those tests for performance and load testing. This helps ensure applications are thoroughly tested before each release.
Scaling Without Expanding: a DevOps StoryAtlassian
The build engineering team at Atlassian uses Bamboo, Bitbucket Server, and HipChat to maintain full control over the entire software and infrastructure life cycles – from a customer raising an incident all the way through to deploying a fix.
We're not a product team, but we've applied agile development practices to improve how we deploy infrastructure. Puppet and Bamboo help us automate everything, while Terraform and AWS let us treat our infrastructure as code, allowing for reviewed changes and easy scaling.
In this talk I'll show you how the build engineering team has managed to stay the same size over the last few years while supporting both a 10x growth in the number of builds run in Atlassian and 2x growth in the number of developers in the company. You'll walk out understanding how you and your team can do the same.
Products covered:
JIRA Software, JIRA Service Desk, Confluence, HipChat, Bitbucket, Bamboo
DevOps is a set of practices intended to reduce the time between committing a change to a system and deploying it to production while ensuring high quality. It focuses on bridging the gap between developers and operations teams. Key DevOps principles include systems thinking, amplifying feedback loops, and a culture of experimentation. DevOps aims to achieve continuous delivery through practices like automated deployments, infrastructure as code, and deployment strategies like blue-green deployments and rolling upgrades.
This document discusses continuous delivery fundamentals and how serverless platforms can help realize them. It covers topics like automated software releases through pipelines, building quality into products from the start, and how serverless handles infrastructure concerns so developers can focus on code. Examples are provided of using AWS Lambda, API Gateway, S3, Route53, CloudFormation, CodePipeline and other services to implement continuous delivery of serverless applications.
This document discusses how Dan Cuellar accidentally created the wildly popular open source mobile testing framework Appium. It describes how Appium works and its philosophy of being inclusive, free, and open source. It provides code examples for setting up tests on iOS and Android. It also outlines how Cuellar grew the project from 0 to over 100,000 users through conferences, forums, and being very inclusive. It discusses challenges like conflict, loss of control, and rewriting the codebase, and looks towards the future of Appium.
Measure and Increase Developer Productivity with Help of Serverless at Server...Vadym Kazulkin
The goal of Serverless is to focus on writing the code that delivers business value and offload everything else to your trusted partners (like Cloud providers or SaaS vendors). You want to iterate quickly and today’s code quickly becomes tomorrow’s technical debt. In this talk we will show why Serverless adoption increases the developer productivity and how to measure it. We will also go through AWS Serverless architectures where you only glue together different Serverless managed services relying solely on configuration, minimizing the amount of the code written.
Accelerating Add-on Development From Concept to LaunchAtlassian
The document is a presentation about accelerating add-on development from concept to launch. It discusses working efficiently through using the right tools like React and automation. It also covers getting a head start by leveraging tools like create-react-app and ES6. Finally, it discusses succeeding through validation by listening to customers, observing them, and acting on feedback to build the right products.
TestCorner #22 - How DevOps helps QA daily worksHTC
The document discusses how DevOps helps the QA daily work at a company. It outlines the team structure and responsibilities, including global sites and integration. It describes QA pain points like short release cycles and large test rounds. To solve these, the company adopted test automation using RobotFramework, Appium, and BrowserStack. This automation freed up QA resources and testing time while allowing them to handle more test items. Future plans include automatically submitting issues and filling test results.
Udvid din test portefølje med coded ui test og cloud load testPeter Lindberg
The document discusses expanding a test portfolio with Coded UI tests and cloud-based load testing in Visual Studio. It covers automating tests with Microsoft Test Manager, creating automated UI tests using Coded UI, and performing load testing on applications hosted in the cloud using Visual Studio Online. Conducting load testing early and customizing tests to measure key performance metrics can help ensure applications meet expectations before public release.
DevOps Pipelines and Metrics Driven Feedback LoopsAndreas Grabner
The goal behind devops is Faster Lead Times
What this really means for Software Delivery -> my Kodak/Smart Phone Analogy
How and Which Metrics to use along the Delivery Pipeline to make better decisions along the way.
In this talk, you will hear the best practices from analysts at Gartner, engineers at Heroku, and experiences at VSP distilled down into a top ten list of characteristics that applications ought to have to achieve high availability, scalability and flexibility. Target audience includes developers of APIs and web-based applications, the analysts and architects that design them and the infrastructure teams that support them.
DevOps Days Toronto: From 6 Months Waterfall to 1 hour Code DeploysAndreas Grabner
Slides used for https://www.devopsdays.org/events/2017-toronto/program/andreas-grabner/
In 2011 we delivered 2 major releases of our on premise enterprise software. Market, technology and customer requirements forced us to change that in order to remain competitive.
Now – in 2017 - we are deploying and providing feature releases every 2 weeks for both our on premise and SaaS-based offering. We deploy 170 SaaS production changes per day and have a DevOps pipeline that allows us to deploy a code change within 1h if necessary.
To increase quality, we built and provide a DevOps pipeline that currently executes 31000 Unit & Integration Tests per Hour as well as 60h UI Tests per Build. Our application teams are responsible end-to-end for their features and use production monitoring to validate their deployments which allows them to find 93% of bugs in production before it impacts our end users.
In this session I explain how this transformation worked from both “Top Down” as well as “Bottom Up” in our organization. A key component was the 4 people strong DevOps Team who developed and “sell” their DevOps Pipeline to the globally distributed application teams. I will give insights into how our pipeline enables application teams to design, code, test and run a new feature for our user base.
I will also talk about the “dark moments” as change is never without friction. Both internally as well as with our customers who also had to get used to more rapid changes.
deliver:agile - Enable your Agile Team with Continuous Delivery PipelinesEsteban Garcia
Continuous Delivery session from deliver:Agile
As your Agile team looks to shorten the cycle time from idea to production, it is important to give them the tools that will enable continuous feedback, collaboration with stakeholders, and most importantly, a way to get the product in front of the customer and enable a feedback loop.
This session will teach you how to create an effective release pipeline that incorporates Continuous Integration, automated testing, cloud deployment with Infrastructure as Code, Instrumentation, load testing, and more.
We will go from zero to Production in less than an hour and you will go back to work on Monday ready to deploy!
Learning Outcomes:
Continuous Integration
Continuous Deployment
Automation
Release Management with Visual Studio Team Services and Office Dev PnPPetter Skodvin-Hvammen
Learn about the capabilities of Visual Studio Online Services:
– how you can setup continuous builds whenever a change is committed to the source repository
– how to setup scheduled builds and deploys
– how to target deployments for your dev, test, uat and prod environments
– how to manage release security and use approval workflows
Also learn how you can use Office Dev PnP PowerShell to support rapid and automated deployments and about other alternatives out there
DevOps Patterns Distilled: Implementing The Needed Practices In Practical StepsCA Technologies
Learn from Gene Kim, one of the “DevOps Cookbook” authors, how to help accelerate DevOps adoption, increase the success of DevOps initiatives and lower the activation energy required for DevOps transformations to start and finish.
For more information on DevOps solutions from CA Technologies, please visit: http://bit.ly/1wbjjqX
CloudTest Lite is the newest member of SOASTA’s growing line of CloudTest editions. It is an enterprise-class offering that enables rapid test creation and real-time resolution for performance testing early and often throughout the development lifecycle. Delivering internal testing behind the firewall on a single server, customers can execute performance tests of up to 100 concurrent virtual users in development, QA, staging or production. With CloudTest Lite, customers can:
- Test Web and mobile applications, including applications using the latest technologies from HTML5 to REST Web services
- Quickly build tests with visual test creation tools
- Integrate application, system, and network monitoring data
- Analyze results in real-time through an interactive, integrated dashboard
- Easily upgrade to a more scalable CloudTest edition to meet expanding testing requirements
The document discusses the workflow for building mobile apps using Ionic, including prototyping apps without coding using Ionic Creator, iterating on the codebase using live reloading, and deploying apps. It provides demonstrations of Ionic Creator for prototyping app structure and menus, live reloading for debugging, and techniques for optimizing apps such as using Sass and compressing files. The document recommends Ionic for building mobile apps without needing native code skills but notes some limitations may require native code knowledge.
The document discusses DevOps and Microsoft's Visual Studio Team Services (VSTS) and Team Foundation Server (TFS). It provides an overview of DevOps and the features of VSTS/TFS, including version control options like TFVC and Git. The document outlines the development lifecycle from building, testing, and distributing code to monitoring applications in production. It also references specific VSTS/TFS features like release management, testing, and API documentation tools.
Continuous Deployment of your Application - SpringOne Tour DallasVMware Tanzu
The document discusses Spring Cloud Pipelines, which provides an opinionated template for continuous delivery pipelines. It describes Spring Cloud Pipelines' support for different automation servers like Concourse and Jenkins, as well as languages like Maven and Gradle. It also covers Spring Cloud Pipelines' default configuration options around environments, testing types, and cloud-native applications.
The document discusses continuous deployment for machine learning projects using Bodywork. Bodywork enables CI/CD for ML projects by allowing teams to define workflows in a Git repository that can deploy models, pipelines, and services to Kubernetes. It tackles common deployment challenges for ML like managing container images and infrastructure, and allows teams to focus on their code. The talk includes demos of sample ML projects deployed with Bodywork, like serving a model with a REST API and a train-and-serve pipeline.
Use Jenkins For Continuous Load Testing And Mobile Test AutomationClever Moe
The document discusses using Jenkins for continuous load testing and mobile test automation. It describes how Jenkins can be used to automate testing across sprints in an agile methodology. Specifically, it outlines how to leverage Jenkins to run functional tests continuously and repurpose those tests for performance and load testing. This helps ensure applications are thoroughly tested before each release.
Scaling Without Expanding: a DevOps StoryAtlassian
The build engineering team at Atlassian uses Bamboo, Bitbucket Server, and HipChat to maintain full control over the entire software and infrastructure life cycles – from a customer raising an incident all the way through to deploying a fix.
We're not a product team, but we've applied agile development practices to improve how we deploy infrastructure. Puppet and Bamboo help us automate everything, while Terraform and AWS let us treat our infrastructure as code, allowing for reviewed changes and easy scaling.
In this talk I'll show you how the build engineering team has managed to stay the same size over the last few years while supporting both a 10x growth in the number of builds run in Atlassian and 2x growth in the number of developers in the company. You'll walk out understanding how you and your team can do the same.
Products covered:
JIRA Software, JIRA Service Desk, Confluence, HipChat, Bitbucket, Bamboo
DevOps is a set of practices intended to reduce the time between committing a change to a system and deploying it to production while ensuring high quality. It focuses on bridging the gap between developers and operations teams. Key DevOps principles include systems thinking, amplifying feedback loops, and a culture of experimentation. DevOps aims to achieve continuous delivery through practices like automated deployments, infrastructure as code, and deployment strategies like blue-green deployments and rolling upgrades.
This document discusses continuous delivery fundamentals and how serverless platforms can help realize them. It covers topics like automated software releases through pipelines, building quality into products from the start, and how serverless handles infrastructure concerns so developers can focus on code. Examples are provided of using AWS Lambda, API Gateway, S3, Route53, CloudFormation, CodePipeline and other services to implement continuous delivery of serverless applications.
This document discusses how Dan Cuellar accidentally created the wildly popular open source mobile testing framework Appium. It describes how Appium works and its philosophy of being inclusive, free, and open source. It provides code examples for setting up tests on iOS and Android. It also outlines how Cuellar grew the project from 0 to over 100,000 users through conferences, forums, and being very inclusive. It discusses challenges like conflict, loss of control, and rewriting the codebase, and looks towards the future of Appium.
Measure and Increase Developer Productivity with Help of Serverless at Server...Vadym Kazulkin
The goal of Serverless is to focus on writing the code that delivers business value and offload everything else to your trusted partners (like Cloud providers or SaaS vendors). You want to iterate quickly and today’s code quickly becomes tomorrow’s technical debt. In this talk we will show why Serverless adoption increases the developer productivity and how to measure it. We will also go through AWS Serverless architectures where you only glue together different Serverless managed services relying solely on configuration, minimizing the amount of the code written.
Accelerating Add-on Development From Concept to LaunchAtlassian
The document is a presentation about accelerating add-on development from concept to launch. It discusses working efficiently through using the right tools like React and automation. It also covers getting a head start by leveraging tools like create-react-app and ES6. Finally, it discusses succeeding through validation by listening to customers, observing them, and acting on feedback to build the right products.
TestCorner #22 - How DevOps helps QA daily worksHTC
The document discusses how DevOps helps the QA daily work at a company. It outlines the team structure and responsibilities, including global sites and integration. It describes QA pain points like short release cycles and large test rounds. To solve these, the company adopted test automation using RobotFramework, Appium, and BrowserStack. This automation freed up QA resources and testing time while allowing them to handle more test items. Future plans include automatically submitting issues and filling test results.
Udvid din test portefølje med coded ui test og cloud load testPeter Lindberg
The document discusses expanding a test portfolio with Coded UI tests and cloud-based load testing in Visual Studio. It covers automating tests with Microsoft Test Manager, creating automated UI tests using Coded UI, and performing load testing on applications hosted in the cloud using Visual Studio Online. Conducting load testing early and customizing tests to measure key performance metrics can help ensure applications meet expectations before public release.
DevOps Pipelines and Metrics Driven Feedback LoopsAndreas Grabner
The goal behind devops is Faster Lead Times
What this really means for Software Delivery -> my Kodak/Smart Phone Analogy
How and Which Metrics to use along the Delivery Pipeline to make better decisions along the way.
In this talk, you will hear the best practices from analysts at Gartner, engineers at Heroku, and experiences at VSP distilled down into a top ten list of characteristics that applications ought to have to achieve high availability, scalability and flexibility. Target audience includes developers of APIs and web-based applications, the analysts and architects that design them and the infrastructure teams that support them.
DevOps Days Toronto: From 6 Months Waterfall to 1 hour Code DeploysAndreas Grabner
Slides used for https://www.devopsdays.org/events/2017-toronto/program/andreas-grabner/
In 2011 we delivered 2 major releases of our on premise enterprise software. Market, technology and customer requirements forced us to change that in order to remain competitive.
Now – in 2017 - we are deploying and providing feature releases every 2 weeks for both our on premise and SaaS-based offering. We deploy 170 SaaS production changes per day and have a DevOps pipeline that allows us to deploy a code change within 1h if necessary.
To increase quality, we built and provide a DevOps pipeline that currently executes 31000 Unit & Integration Tests per Hour as well as 60h UI Tests per Build. Our application teams are responsible end-to-end for their features and use production monitoring to validate their deployments which allows them to find 93% of bugs in production before it impacts our end users.
In this session I explain how this transformation worked from both “Top Down” as well as “Bottom Up” in our organization. A key component was the 4 people strong DevOps Team who developed and “sell” their DevOps Pipeline to the globally distributed application teams. I will give insights into how our pipeline enables application teams to design, code, test and run a new feature for our user base.
I will also talk about the “dark moments” as change is never without friction. Both internally as well as with our customers who also had to get used to more rapid changes.
deliver:agile - Enable your Agile Team with Continuous Delivery PipelinesEsteban Garcia
Continuous Delivery session from deliver:Agile
As your Agile team looks to shorten the cycle time from idea to production, it is important to give them the tools that will enable continuous feedback, collaboration with stakeholders, and most importantly, a way to get the product in front of the customer and enable a feedback loop.
This session will teach you how to create an effective release pipeline that incorporates Continuous Integration, automated testing, cloud deployment with Infrastructure as Code, Instrumentation, load testing, and more.
We will go from zero to Production in less than an hour and you will go back to work on Monday ready to deploy!
Learning Outcomes:
Continuous Integration
Continuous Deployment
Automation
Release Management with Visual Studio Team Services and Office Dev PnPPetter Skodvin-Hvammen
Learn about the capabilities of Visual Studio Online Services:
– how you can setup continuous builds whenever a change is committed to the source repository
– how to setup scheduled builds and deploys
– how to target deployments for your dev, test, uat and prod environments
– how to manage release security and use approval workflows
Also learn how you can use Office Dev PnP PowerShell to support rapid and automated deployments and about other alternatives out there
DevOps Patterns Distilled: Implementing The Needed Practices In Practical StepsCA Technologies
Learn from Gene Kim, one of the “DevOps Cookbook” authors, how to help accelerate DevOps adoption, increase the success of DevOps initiatives and lower the activation energy required for DevOps transformations to start and finish.
For more information on DevOps solutions from CA Technologies, please visit: http://bit.ly/1wbjjqX
CloudTest Lite is the newest member of SOASTA’s growing line of CloudTest editions. It is an enterprise-class offering that enables rapid test creation and real-time resolution for performance testing early and often throughout the development lifecycle. Delivering internal testing behind the firewall on a single server, customers can execute performance tests of up to 100 concurrent virtual users in development, QA, staging or production. With CloudTest Lite, customers can:
- Test Web and mobile applications, including applications using the latest technologies from HTML5 to REST Web services
- Quickly build tests with visual test creation tools
- Integrate application, system, and network monitoring data
- Analyze results in real-time through an interactive, integrated dashboard
- Easily upgrade to a more scalable CloudTest edition to meet expanding testing requirements
The document discusses the workflow for building mobile apps using Ionic, including prototyping apps without coding using Ionic Creator, iterating on the codebase using live reloading, and deploying apps. It provides demonstrations of Ionic Creator for prototyping app structure and menus, live reloading for debugging, and techniques for optimizing apps such as using Sass and compressing files. The document recommends Ionic for building mobile apps without needing native code skills but notes some limitations may require native code knowledge.
The document discusses DevOps and Microsoft's Visual Studio Team Services (VSTS) and Team Foundation Server (TFS). It provides an overview of DevOps and the features of VSTS/TFS, including version control options like TFVC and Git. The document outlines the development lifecycle from building, testing, and distributing code to monitoring applications in production. It also references specific VSTS/TFS features like release management, testing, and API documentation tools.
Continuous Deployment of your Application - SpringOne Tour DallasVMware Tanzu
The document discusses Spring Cloud Pipelines, which provides an opinionated template for continuous delivery pipelines. It describes Spring Cloud Pipelines' support for different automation servers like Concourse and Jenkins, as well as languages like Maven and Gradle. It also covers Spring Cloud Pipelines' default configuration options around environments, testing types, and cloud-native applications.
The document discusses continuous deployment for machine learning projects using Bodywork. Bodywork enables CI/CD for ML projects by allowing teams to define workflows in a Git repository that can deploy models, pipelines, and services to Kubernetes. It tackles common deployment challenges for ML like managing container images and infrastructure, and allows teams to focus on their code. The talk includes demos of sample ML projects deployed with Bodywork, like serving a model with a REST API and a train-and-serve pipeline.
Spring Cloud Pipelines provides an opinionated template for continuous deployment pipelines. It aims to fail builds and deployments fast through practices like contract and integration testing. The pipelines support automation servers like Jenkins and Concourse. Standardizing on tools like Cloud Foundry allows deploying applications using the same processes on different platforms. The pipelines are customizable to suit individual needs.
Setting Up CircleCI Workflows for Your Salesforce AppsDaniel Stange
This document discusses setting up CircleCI workflows for Salesforce apps. It covers prerequisites for CircleCI and Salesforce DX, why continuous integration (CI) is useful, basics of CI concepts and workflows, designing a sample CI workflow using CircleCI and SFDX that includes testing, code quality checks, and deployment. It demonstrates configuring and running the workflow in CircleCI and adding a quality gate using static code analysis with Apex PMD. Next steps discussed include breaking projects into smaller packages and parallelizing tests.
This document discusses the benefits of continuous deployment and standardized deployment pipelines. It advocates for automating deployments to reduce errors and provide faster feedback. Integrating contract and integration tests into build pipelines allows failures to be detected early. Using approaches like Cloud Foundry and standardized tools allows deployments to different environments to be consistent. Contract tests catch integration issues during builds rather than later stages. Rollbacks should focus on rolling back the application rather than the database to simplify the process. Frequent, automated deployments and early testing are presented as best practices for deployment pipelines.
Continuous Deployment of your Application @JUGtoberfestMarcin Grzejszczak
Spring Cloud Pipelines provides an opinionated template for continuous deployment pipelines that is based on best practices. It aims to solve the problem of having to create deployment pipelines from scratch for each new project. The pipelines support various automation servers like Concourse and Jenkins, and include steps for building, testing, and deploying applications. They promote practices like failing fast, standardized deployments, and testing rollbacks to enable techniques like zero-downtime deployments.
Measure and Increase Developer Productivity with Help of Serverless at AWS Co...Vadym Kazulkin
The goal of Serverless is to focus on writing the code that delivers business value and offload everything else to your trusted partners (like Cloud providers or SaaS vendors). You want to iterate quickly and today’s code quickly becomes tomorrow’s technical debt. In this talk we will show why Serverless adoption increases the developer productivity and how to measure it. We will also go through AWS Serverless architectures where you only glue together different Serverless managed services relying solely on configuration, minimizing the amount of the code written.
Working on a Skyscraper in the Early Years of the XX CenturyMiguel Ferreira
Apache CloudStack (ACS) is one of the best-of-breed in the current IaaS landscape. However, despite its high functional quality, its technical quality (the one you observe when you look "under the hood") is bellow industry average. Miguel Ferreira was initiated in ACS development in the early days of 2014 and presents, in this talk, his perspective, as a newcomer, on how it felt to him like he was working on a skyscraper in the early days of the XX century, without safety-net, nor rope. Together with his former colleague Dennis Bijlsma (SIG), they dived into the code of ACS to find evidence to support a change in the way ACS is maintained, that combines the best of modern software engineering practices and cutting-edge innovation. Miguel proposes that the ACS community take charge of keeping to the highest standards in software technical quality, while continuing to foster creativity.
SpringOne Platform 2017
Marcin Grzejszczak, Pivotal; Cora Iberkleid, Pivotal
"“I have stopped counting how many times I’ve done this from scratch” - was one of the responses to the tweet about starting the project called Spring Cloud Pipelines. Every company sets up a pipeline to take code from your source control, through unit testing and integration testing, to production from scratch. Every company creates some sort of automation to deploy its applications to servers. Enough is enough - time to automate that and focus on delivering business value.
In this presentation we’ll go through the contents of the Spring Cloud Pipelines project. We’ll start a new project for which we’ll have a deployment pipeline set up in no time. We’ll deploy to Cloud Foundry and check if our application is backwards compatible so that we can roll it back on production."
Enabling your DevOps culture with AWS-webinarAaron Walker
In this presentation shows you how the benefits of AWS technologies can be combined with a new approach to Development and Operations.
It’s all about delivering new features and functionality faster, without compromising reliability, stability and performance.
* Understand the challenges faced by traditional Development and Operations teams
* Apply Continuous Integration/Delivery processes and tools to enable change
* Appreciate how various AWS technologies can be used to facilitate DevOps
SharePoint Saturday Ottawa 2014 - Microsoft Azure : Central component of your...PimpMySharePoint
The Cloud can help you and your organization to maximize your investments and to simplify your business processes for all your SharePoint activities. Microsoft Azure can offer you a lot of services that can allow you to transform your infrastructures, your development paradigm and your IT teams to start thinking in terms of DevOps. In this session, our goal will be to show you how to use the Azure platform in an enterprise where SharePoint is used as an application platform. Subjects covered will be :
- Microsoft Azure as IaaS
- Microsoft Azure as CDN
- Microsoft Azure as hub for all your ALM with Visual Studio Online
- Microsoft Azure as an application layer for all your SharePoint Apps
- Microsoft Azure as a complex integration environment
- Microsoft Azure as a deployment framework
The cloud and Microsoft Azure to help the SharePoint platform, it's possible! By Sebastien Levert and Julien Stroheker - Twitter: @sebastienlevert and @Ju_Stroh
Minimum Viable Architecture - Good Enough is Good EnoughRandy Shoup
This document discusses the concept of minimal viable architecture and how architecture should evolve over time as a system grows. It recommends starting with simple prototypes and monolithic architectures, then transitioning to scalable architectures like microservices as needs increase. Key points are to solve current problems simply, use standard tools, iterate quickly, and focus on quality from the beginning rather than over-engineering prematurely. Architecture should progress from starting to scaling to optimizing phases as the system matures.
Continuous Deployment of your Application @SpringOneciberkleid
Spring Cloud Pipelines is an opinionated framework that automates the creation of structured continuous deployment pipelines.
In this presentation we’ll go through the contents of the Spring Cloud Pipelines project. We’ll start a new project for which we’ll have a deployment pipeline set up in no time. We’ll deploy to Cloud Foundry and check if our application is backwards compatible so that we can roll it back on production.
Measure and increase developer productivity with help of Severless by Kazulki...Vadym Kazulkin
The goal of Serverless is to focus on writing the code that delivers business value and offload everything else to your trusted partners (like Cloud providers or SaaS vendors). You want to iterate quickly and today’s code quickly becomes tomorrow’s technical debt. In this talk we will show why Serverless adoption increases the developer productivity and how to measure it. We will also go through AWS Serverless architectures where you only glue together different Serverless managed services relying solely on configuration, minimizing the amount of the code written.
Serverless integrations using Azure Logic Apps (intro)Callon Campbell
Azure Logic Apps are built around the idea of events, triggers and workflows. When you think about building microservices, there are a lot of moving parts to manage. Azure Logic Apps lets you stitch them all together much more easily and provides you with a central place to build and manage all of your event-driven services.
My personal story from azure it pro to azure dev opsnj-azure
This document provides an agenda and summary for a presentation on how an Azure IT Pro embraced DevOps practices. The presentation discusses how the presenter started as an Azure IT Pro managing infrastructure, then learned DevOps practices like using Azure Resource Manager templates, infrastructure as code, and continuous deployment. It provides demos of authoring ARM templates in Visual Studio and "DevOps-ing" a web app. The presentation aims to help other Azure IT Pros adopt DevOps practices to deploy infrastructure and applications faster and more reliably.
For More Info Please visit the below URL:
ECS CICD DevOps: shorturl.at/ovwQZ
Presentations: shorturl.at/hyGX2
Copilot: shorturl.at/oARX2
https://www.youtube.com/channel/UCcuMPYJ4Osax4528rgqQWrw
SharePoint Fest Chicago - Introduction to AngularJS with the Microsoft GraphSébastien Levert
Every developer hears about AngularJS and all the magic it does for you applications. In order to kickstart you AngularJS journey, this session is an introduction to the AngularJS concepts applied to any Office 365 development. Different workloads will be targeted (Mail, Calendar, Files) and the Office 365 API will be our main datasource. We will also cover SharePoint Online specific data access (Office 365 API, REST, CSOM and Search) to meet your current development needs.
The 3 key takeaways of this session are :
You will understand the basics of the AngularJS framework
You will learn how to communicate withthe Office 365 through AngularJS
You will be able to apply those new skills in your next project
Similar to SpringOne Tour Denver - Continuous Delivery of your Application (20)
What AI Means For Your Product Strategy And What To Do About ItVMware Tanzu
The document summarizes Matthew Quinn's presentation on "What AI Means For Your Product Strategy And What To Do About It" at Denver Startup Week 2023. The presentation discusses how generative AI could impact product strategies by potentially solving problems companies have ignored or allowing competitors to create new solutions. Quinn advises product teams to evaluate their strategies and roadmaps, ensure they understand user needs, and consider how AI may change the problems being addressed. He provides examples of how AI could influence product development for apps in home organization and solar sales. Quinn concludes by urging attendees not to ignore AI's potential impacts and to have hard conversations about emerging threats and opportunities.
Make the Right Thing the Obvious Thing at Cardinal Health 2023VMware Tanzu
This document discusses the evolution of internal developer platforms and defines what they are. It provides a timeline of how technologies like infrastructure as a service, public clouds, containers and Kubernetes have shaped developer platforms. The key aspects of an internal developer platform are described as providing application-centric abstractions, service level agreements, automated processes from code to production, consolidated monitoring and feedback. The document advocates that internal platforms should make the right choices obvious and easy for developers. It also introduces Backstage as an open source solution for building internal developer portals.
Enhancing DevEx and Simplifying Operations at ScaleVMware Tanzu
Cardinal Health introduced Tanzu Application Service in 2016 and set up foundations for cloud native applications in AWS and later migrated to GCP in 2018. TAS has provided Cardinal Health with benefits like faster development of applications, zero downtime for critical applications, hosting over 5,000 application instances, quicker patching for security vulnerabilities, and savings through reduced lead times and staffing needs.
Dan Vega discussed upcoming changes and improvements in Spring including Spring Boot 3, which will have support for JDK 17, Jakarta EE 9/10, ahead-of-time compilation, improved observability with Micrometer, and Project Loom's virtual threads. Spring Boot 3.1 additions were also highlighted such as Docker Compose integration and Spring Authorization Server 1.0. Spring Boot 3.2 will focus on embracing virtual threads from Project Loom to improve scalability of web applications.
Platforms, Platform Engineering, & Platform as a ProductVMware Tanzu
This document discusses building platforms as products and reducing developer toil. It notes that platform engineering now encompasses PaaS and developer tools. A quote from Mercedes-Benz emphasizes building platforms for developers, not for the company itself. The document contrasts reactive, ticket-driven approaches with automated, self-service platforms and products. It discusses moving from considering platforms as a cost center to experts that drive business results. Finally, it provides questions to identify sources of developer toil, such as issues with workstation setup, running software locally, integration testing, committing changes, and release processes.
This document provides an overview of building cloud-ready applications in .NET. It defines what makes an application cloud-ready, discusses common issues with legacy applications, and recommends design patterns and practices to address these issues, including loose coupling, high cohesion, messaging, service discovery, API gateways, and resiliency policies. It includes code examples and links to additional resources.
Dan Vega discussed new features and capabilities in Spring Boot 3 and beyond, including support for JDK 17, Jakarta EE 9, ahead-of-time compilation, observability with Micrometer, Docker Compose integration, and initial support for Project Loom's virtual threads in Spring Boot 3.2 to improve scalability. He provided an overview of each new feature and explained how they can help Spring applications.
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfVMware Tanzu
Spring Cloud Gateway is a gateway that provides routing, security, monitoring, and resiliency capabilities for microservices. It acts as an API gateway and sits in front of microservices, routing requests to the appropriate microservice. The gateway uses predicates and filters to route requests and modify requests and responses. It is lightweight and built on reactive principles to enable it to scale to thousands of routes.
This document appears to be from a VMware Tanzu Developer Connect presentation. It discusses Tanzu Application Platform (TAP), which provides a developer experience on Kubernetes across multiple clouds. TAP aims to unlock developer productivity, build rapid paths to production, and coordinate the work of development, security and operations teams. It offers features like pre-configured templates, integrated developer tools, centralized visibility and workload status, role-based access control, automated pipelines and built-in security. The presentation provides examples of how these capabilities improve experiences for developers, operations teams and security teams.
The document provides information about a Tanzu Developer Connect Workshop on Tanzu Application Platform. The agenda includes welcome and introductions on Tanzu Application Platform, followed by interactive hands-on workshops on the developer experience and operator experience. It will conclude with a quiz, prizes and giveaways. The document discusses challenges with developing on Kubernetes and how Tanzu Application Platform aims to improve the developer experience with features like pre-configured templates, developer tools integration, rapid iteration and centralized management.
The Tanzu Developer Connect is a hands-on workshop that dives deep into TAP. Attendees receive a hands on experience. This is a great program to leverage accounts with current TAP opportunities.
The Tanzu Developer Connect is a hands-on workshop that dives deep into TAP. Attendees receive a hands on experience. This is a great program to leverage accounts with current TAP opportunities.
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023VMware Tanzu
This document discusses simplifying and scaling enterprise Spring applications in the cloud. It provides an overview of Azure Spring Apps, which is a fully managed platform for running Spring applications on Azure. Azure Spring Apps handles infrastructure management and application lifecycle management, allowing developers to focus on code. It is jointly built, operated, and supported by Microsoft and VMware. The document demonstrates how to create an Azure Spring Apps service, create an application, and deploy code to the application using three simple commands. It also discusses features of Azure Spring Apps Enterprise, which includes additional capabilities from VMware Tanzu components.
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootVMware Tanzu
The document discusses 15 factors for building cloud native applications with Kubernetes based on the 12 factor app methodology. It covers factors such as treating code as immutable, externalizing configuration, building stateless and disposable processes, implementing authentication and authorization securely, and monitoring applications like space probes. The presentation aims to provide an overview of the 15 factors and demonstrate how to build cloud native applications using Kubernetes based on these principles.
SpringOne Tour: The Influential Software EngineerVMware Tanzu
The document discusses the importance of culture in software projects and how to influence culture. It notes that software projects involve people and personalities, not just technology. It emphasizes that culture informs everything a company does and is very difficult to change. It provides advice on being aware of your company's culture, finding ways to inculcate good cultural values like writing high-quality code, and approaches for influencing decision makers to prioritize culture.
SpringOne Tour: Domain-Driven Design: Theory vs PracticeVMware Tanzu
This document discusses domain-driven design, clean architecture, bounded contexts, and various modeling concepts. It provides examples of an e-scooter reservation system to illustrate domain modeling techniques. Key topics covered include identifying aggregates, bounded contexts, ensuring single sources of truth, avoiding anemic domain models, and focusing on observable domain behaviors rather than implementation details.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
13. Spring Cloud Pipelines
• Supports the following automation servers out of the box:
• Concourse
• Jenkins using Jenkins Job DSL plugin
• Jenkins using Jenkinsfile with Blue Ocean
• Logic of all steps done via Bash scripts
• you can convert the internals to suit your needs
• you can use whatever automation server you want
• supports Maven & Gradle
• Includes 150 Bash tests to validate your customizations of SCP
• using https://github.com/sstephenson/bats
75. Act I: The Scaffold
75
● Objective:
○ Automate the deployment of greeting-ui and fortune-service
a.k.a. Make the pipelines run green
○ Establish environments (PCF spaces) in accordance with SCP
recommendations
● Approach:
○ Minimum changes to apps (scaffolding, not code)
○ Create a pipeline for each
○ Create PCF spaces
○ Run the pipelines
76. Greeting and Fortune
● Spring Boot apps
● Source code on GitHub
● Maven
● No tests
● Use 5 services
○ MySQL database (for Fortune)
○ Spring Cloud Services: Eureka, Hystrix/Turbine, Config Server
○ Rabbit - for Config Server refresh trigger propagation
77. ● Add 2 new branches to the app repos
App Scaffold
77
78. ● Add 2 new branches to the app repos
● Add a Maven wrapper
○ mvn -N io.takari:maven:wrapper
App Scaffold
78
79. ● Add 2 new branches to the app repos
● Add a Maven wrapper
○ mvn -N io.takari:maven:wrapper
● Add artifact repo info to app pom.xml (and ~/.m2/settings.xml)
○ distributionManagement.repository.id
○ distributionManagement.repository.url
App Scaffold
79
80. ● Add 2 new branches to the app repos
● Add a Maven wrapper
○ mvn -N io.takari:maven:wrapper
● Add artifact repo info to app pom.xml
○ distributionManagement.repository.id
○ distributionManagement.repository.url
● git push!
App Scaffold
80
81. Pipeline Configuration - Git and Mvn
81
● Create a credentials file for each app (copy sample in SCP)
○ Git url and branch of your app
○ Git url and branch of the SCP code base use v1.0.0.M8 or later for cf)
○ Your git name, email, and private key
○ Your maven repo info and credentials
82. Build - Success!
82
● At this point, the Build jobs should all succeed
● App builds, jar uploads to maven repo, git tagged as “dev/<version>”
● The api compatibility job runs “mvn clean verify -P apicompatibility”, but the
profile does not exist yet, so it really isn’t doing much
● Takes place on Concourse worker
83. ● Create app manifest.yml
● Create a new manifest for SCP (e.g. sc-pipelines.yml)
○ Provide info for SCP to provision services on CF (test* & stage)
● Git push!
App Scaffold
83
test:
services:
- name: fortune-db
type: broker
broker: cleardb
plan: spark
- name: config-server
type: broker
broker: p-config-server
plan: standard
params:
git:
uri: https://github.com/ciberkleid/app-config
useExisting: true
...
84. Pipeline Configuration - CF
84
● Add general CF info to the credentials file
○ paas-type: cf
○ pipeline-descriptor (the sc-pipelines manifest)
○ paas-hostname-uuid (to avoid route collision)
● Add target & login info for Test, Stage and Prod
○ For Test, you specify a prefix. SCP appends the app name
85. Cloud Foundry Setup: Test, Stage, Prod
85
● Create the Test, Stage, and Prod spaces
● Manually provision services in Prod
○ And maybe Stage
○ But not Test
86. Test, Stage & Prod - Success!
86
● App deployed to PCF through Prod
● Git tagged as prod/<version>
● Ability to trigger rollback through Concourse
89. Act I: The Scaffold - Recap
89
● Objective:
○ Automate the deployment of greeting-ui and fortune-service
a.k.a. Make the pipelines run green
○ Establish environments (PCF spaces) in accordance with SCP
recommendations
● Approach:
○ Minimum changes to apps (scaffolding, not code)
○ Create a pipeline for each
○ Create PCF spaces
○ Run the pipelines
93. Act II: The Test
93
● Objective:
○ Increase effectiveness of and confidence in the pipelines
○ Standardize approach to testing
● Approach:
○ Use mvn profiles to control test executions
○ Add/organize tests in agreement with SCP framework
○ Enable DB backward compatibility testing
100. Enable Database Rollback Testing
100
● Flyway
○ OSS DB migration tool
○ For relational databases
○ Convention over configuration
○ Database versioning
○ Migration on app startup (good for CD!)
101. DB Schema Creation With Flyway
101
● Disable JPA auto-generated schemas; let flyway do it
● Follow flyway conventions for SQL file name
● Tada! Schema is now versioned!
102. DB Schema Population With Flyway
102
● Add INSERT statements to V1__init.sql
● Data is populated upon app startup, but only once per DB version
103. Act II: The Test - Recap
103
● Objective:
○ Increase effectiveness of and confidence in the pipelines
○ Standardize approach to testing
● Approach:
○ Use mvn profiles to control test executions
○ Add/organize tests in agreement with SCP framework
○ Enable DB backward compatibility testing
104. Is THAT Enough?
104
● Good:
○ You are in a great position to include well-organized, robust testing and
derive a high level of confidence from your pipelines
○ You can ensure safe rollbacks in case of database schema changes
● Better:
○ Implementing a contract-driven approach will have additional benefits to
your general development practice
○ Inter-team communication will be simpler
○ Contract tests will catch breaking API changes in build rather than stage
○ Troubleshooting will be easier
○ Failure and feedback will be faster
106. Act III: The Contract
106
● Objective:
○ Increase reliability - strive to maximize pipeline benefits
○ Encourage contract-based programming practices
● Approach:
○ Add contracts, stubs, and a stubrunner
○ Enable API backward compatibility testing
107. The Greeting/Fortune Contract
107
import org.springframework.cloud.contract.spec.Contract
Contract.make {
description("""
should return a fortune string
""")
request {
method GET()
url "/"
}
response {
status 200
body "foo fortune"
}
}
108. Spring Cloud Contract Basics
108
● Add the Spring Cloud Contract Maven Plugin to your pom.xml (Fortune)
○ Plugin requires a base class to set up the context and stub out the
service that satisfies the API call (e.g. the DB)
public class BaseClass {
@Before
public void setup() {
FortuneService service = BDDMockito.mock(FortuneService.class);
BDDMockito.given(service.getFortune()).willReturn("foo fortune");
RestAssuredMockMvc.standaloneSetup(new FortuneController(service));
}
}
109. Spring Cloud Contract Basics
109
● Add the Spring Cloud Contract Maven Plugin to your pom.xml (Fortune)
○ Plugin will auto-generate tests and stubs (and a stub.jar)
○ Stub jar is uploaded to the maven repo, along with the app jar
110. For Back-Compatibility, Use Prod Contracts
110
<profile>
<id>apicompatibility</id>
<plugin>
<configuration>
<contractsRepositoryUrl>${repo.with.binaries}</contractsRepositoryUrl>
<contractDependency>
<groupId>${project.groupId}</groupId>
<artifactId>${project.artifactId}</artifactId>
<classifier>stubs</classifier>
<version>${latest.production.version}</version>
</contractDependency>
...
In this case, we want the contracts plugin to generate tests based on contracts outside of the
project (the ones from the latest prod jar on our maven repo). Pipeline injects values in red
dynamically
111. Greeting: Build with Stubrunner
greeting-ui
circuit breaker fallback
or manually configured
WireMock
greeting-ui
stubs
without stubrunner with stubrunner
● Greeting starts an in-process stubrunner that automatically configures
WireMock
112. Greeting: Integration Tests Aligned with Stubs
112
For in-process stubrunner, the
server-side Wiremock port
For in-process stubrunner, the
client-side endpoint config
113. Greeting: Test with Stubrunner (standalone)
greeting-ui
circuit breaker fallback
greeting-ui
stubrunner
without stubrunner with stubrunner
Note: Update the
greeting smoke tests
accordingly
114. Home Stretch: Standalone Stubrunner Config
● You need a stubrunner app!
○ Clone spring-cloud-samples/cloudfoundry-stub-runner-boot
○ Build it, and upload the jar to your maven repo
● Your stubrunner app needs a manifest!
○ Put it in your app repo (e.g. greeting-ui repo)
● You need to tell SCP to deploy the stubrunner app!
○ Do it through the pipeline descriptor (e.g. sc-pipelines.yml)
115. Home Stretch: Standalone Stubrunner Config
● Specify the server side (stubrunner) ports
<properties>
<stubrunner.ids>io.pivotal:fortune-service:_latest:stubs:10000</stubrunner.ids>
</properties>
● Disable Eureka lookup for smoke tests
● Provide URLs to non-8080 stubrunner ports explicitly
116. Act III: The Contract - Recap
116
● Objective:
○ Increase reliability - strive to maximize pipeline benefits
○ Encourage contract-based programming practices
● Approach:
○ Add contracts, stubs, and a stubrunner
○ Enable API back compatibility testing
117. So what have we achieved
117
● The Scaffold:
○ Automate the deployment of greeting-ui and fortune-service
a.k.a. Make the pipelines run green
○ Establish environments (PCF spaces) in accordance with SCP
recommendations
● The Test:
○ Increase effectiveness of and confidence in the pipelines
○ Standardize approach to testing
● The Contract
○ Increase reliability - strive to maximize pipeline benefits
○ Encourage contract-based programming practices
122. Though Really, You’re Just Beginning...
122
Because now…
● You can evolve your app faster
● With (hopefully) better code
● Consistent testing practices
● Fast failure and feedback
● Contract-based API definitions
● API and DB rollback assurance
● And…. instant pipelines from source to production!
123. What About Poor Simon?
123
Greeting UI Fortune Service Fortune DB
Simon
WHO SAID
Do What
Works!?
124. What About Poor Simon?
124
Greeting UI Fortune Service Fortune DB
Simon
WHO SAID
Do What
Works!?
Contract.make{“””
should return author name
“””)
...
125. What About Poor Simon?
125
Greeting UI Fortune Service Fortune DB
Simon
WHO SAID
Do What
Works!?
Fortune Service
Stub
126. What About Poor Simon?
126
Greeting UI Fortune Service Fortune DB
Simon
WHO SAID
Do What
Works!?
V2:
ALTER TABLE fortune
CHANGE COLUMN text TO fortune,
ADD author CHAR (50);
127. What About Poor Simon?
127
Greeting UI Fortune Service Fortune DB
Simon
WHO SAID
Do What
Works!?
128. What About Poor Simon?
128
Greeting UI Fortune Service Fortune DB
Simon
Pivotal says it
all the time!
129. Simon Spring Cloud Pipelines
129
Greeting UI Fortune Service Fortune DB
Oh, right!
I knew that.
130. Sample Code...
130
● Github repos showing the
end-state of each “act”
● Step-by-step instructions will
be published soon and made
accessible through the repo
Readmes
133. Learn More. Stay Connected.
▪ Read the docs
http://cloud.spring.io/spring-cloud-pipelines/
▪ Talk to us on Gitter
https://gitter.im/spring-cloud/spring-cloud-pipelines
Twitter: twitter.com/springcentral
YouTube: spring.io/video
LinkedIn: spring.io/linkedin
Google Plus: spring.io/gplus