Shaun Allen presented on security best practices for Azure DevOps pipelines. He discussed:
1) Using external property files to securely manage secrets and configurations. The files are tokenised and secrets are encrypted.
2) Implementing continuous integration to build and test applications using the external files. This finds errors before deployment.
3) Setting up continuous deployment conditions to trigger deployments based on branch names, with additional controls over which users can deploy to certain environments.
4) Demonstrated how to securely manage secrets using Azure Key Vault and the secure configuration encryption tool.
This document summarizes a presentation on API and data security. The agenda includes introductions of the speaker and organizers, an overview of API security threats and vulnerabilities, and demonstrations of OAuth, JWT, cryptography techniques for data encryption, and API security policies. The presentation covers best practices for API security such as enabling HTTPS, using OAuth and JWT for authentication, restricting payload sizes to prevent DDoS attacks, and applying API policies for rate limiting and threat protection. It also demonstrates client management and identity management use cases using OpenID Connect and SAML with Okta.
This document outlines an agenda for a meetup event on CICD, DevOps, and APIOps with Azure DevOps. The agenda includes introductions, a demo presentation on the topic, Q&A, a quiz, and networking. The presentation will cover DevOps, CI/CD, APIOps, DevOps with Mulesoft, and demonstrate Azure DevOps pipelines and releases. It will also provide an overview of Jenkins.
Custom MuleSoft connector using Java SDKAmit Singh
The document summarizes a presentation on developing custom connectors for MuleSoft using the Java and XML SDKs. The presentation covered what connectors and the Mule SDK are, differences between Mule 3 and 4 SDKs, best practices for connector development, examples of existing connectors, and a live demo of a custom currency exchange connector. It included an agenda, speaker bio, and questions for a prize quiz at the end.
The document outlines the agenda for a Mulesoft Meetup Group meeting on January 25th, 2020 in Bangalore. The agenda includes introductions, several presentations on implementing various Mulesoft capabilities like CORS, CRUD operations using RAML, and OpenID Connect using Okta. It provides details on the content and flow of each presentation. The meetup concludes with a Q&A session, networking time, and lunch.
Mulesoft with ELK (Elastic Search, Log stash, Kibana)Gaurav Sethi
Use the Elastic Stack (ELK stack) to analyze the business data and API analytics.
You can use Logstash for Filebeat to process Anypoint Platform log files, insert them into an Elasticsearch database, and then analyze them with Kibana.
ELK stands for the three Elastic products - Elasticsearch, Logstash, and Kibana
To understand what the Elastic core products, we will use a simple architecture:
1. The logs will be created by an application and pushed into the AWS SQS Queue.
2. Logstash aggregates the logs from different sources and processes them.
3. Elasticsearch stores and indexes the data in order to search it.
4. Kibana is the visualization tool that makes sense of the data.
The document summarizes a Bangalore MuleSoft meetup event that took place on November 24th, 2018. It included a technical session on Mule 4 security features and GDPR compliance, as well as an open forum discussion. The meetup introduced MuleSoft organizers and partners and provided information on learning resources like MuleSoft U and instructor-led training courses.
The document provides an agenda and information about an Ahmedabad MuleSoft Meetup on Azure DevOps and CICD. The meetup will cover topics like what DevOps and CI/CD are, CI/CD pipelines, deploying Mule applications using CloudHub and Maven, unit testing with MUnit, source control with Git and build tools like Azure DevOps. It includes details about the speakers and provides references and next steps after the meetup.
This document summarizes a presentation on API and data security. The agenda includes introductions of the speaker and organizers, an overview of API security threats and vulnerabilities, and demonstrations of OAuth, JWT, cryptography techniques for data encryption, and API security policies. The presentation covers best practices for API security such as enabling HTTPS, using OAuth and JWT for authentication, restricting payload sizes to prevent DDoS attacks, and applying API policies for rate limiting and threat protection. It also demonstrates client management and identity management use cases using OpenID Connect and SAML with Okta.
This document outlines an agenda for a meetup event on CICD, DevOps, and APIOps with Azure DevOps. The agenda includes introductions, a demo presentation on the topic, Q&A, a quiz, and networking. The presentation will cover DevOps, CI/CD, APIOps, DevOps with Mulesoft, and demonstrate Azure DevOps pipelines and releases. It will also provide an overview of Jenkins.
Custom MuleSoft connector using Java SDKAmit Singh
The document summarizes a presentation on developing custom connectors for MuleSoft using the Java and XML SDKs. The presentation covered what connectors and the Mule SDK are, differences between Mule 3 and 4 SDKs, best practices for connector development, examples of existing connectors, and a live demo of a custom currency exchange connector. It included an agenda, speaker bio, and questions for a prize quiz at the end.
The document outlines the agenda for a Mulesoft Meetup Group meeting on January 25th, 2020 in Bangalore. The agenda includes introductions, several presentations on implementing various Mulesoft capabilities like CORS, CRUD operations using RAML, and OpenID Connect using Okta. It provides details on the content and flow of each presentation. The meetup concludes with a Q&A session, networking time, and lunch.
Mulesoft with ELK (Elastic Search, Log stash, Kibana)Gaurav Sethi
Use the Elastic Stack (ELK stack) to analyze the business data and API analytics.
You can use Logstash for Filebeat to process Anypoint Platform log files, insert them into an Elasticsearch database, and then analyze them with Kibana.
ELK stands for the three Elastic products - Elasticsearch, Logstash, and Kibana
To understand what the Elastic core products, we will use a simple architecture:
1. The logs will be created by an application and pushed into the AWS SQS Queue.
2. Logstash aggregates the logs from different sources and processes them.
3. Elasticsearch stores and indexes the data in order to search it.
4. Kibana is the visualization tool that makes sense of the data.
The document summarizes a Bangalore MuleSoft meetup event that took place on November 24th, 2018. It included a technical session on Mule 4 security features and GDPR compliance, as well as an open forum discussion. The meetup introduced MuleSoft organizers and partners and provided information on learning resources like MuleSoft U and instructor-led training courses.
The document provides an agenda and information about an Ahmedabad MuleSoft Meetup on Azure DevOps and CICD. The meetup will cover topics like what DevOps and CI/CD are, CI/CD pipelines, deploying Mule applications using CloudHub and Maven, unit testing with MUnit, source control with Git and build tools like Azure DevOps. It includes details about the speakers and provides references and next steps after the meetup.
Mulesoft Meetup Bangalore - 6th March 2021Gaurav Sethi
The document outlines the agenda for a Mulesoft meetup group meeting on March 6th, 2021 in Bangalore. The agenda includes:
- Introduction and networking
- A session on analyzing and resolving heap memory issues
- A session on building custom connectors in Mule 4
- Question and answer periods
- A trivia quiz with prizes
- Networking time
- A wrap-up and announcement of the next meetup agenda
The document discusses best practices for creating a Virtual Private Cloud (VPC) in MuleSoft. It recommends creating separate VPCs for production and non-production environments for isolation. When choosing a CIDR block size, a balance must be struck between having enough IP addresses without wasting them. The number of applications, workers, environments, high availability needs, and fault tolerance requirements should all be considered when estimating IP needs. Having the correct CIDR block size is important to avoid running out of addresses over time as more applications are deployed.
#3 calicut meetup - understanding slb, dlb and web socketsJohnMathewPhilip
In this virtual-meetup session held on 28th August, 2021 by Patryk Bandurski (MuleSoft Ambassador) we cover a detailed part of SLB, DLB and Web Sockets.
The document summarizes an event on Mule 4 event processing models held in Baltimore. It discusses Mule 4's non-blocking reactive event processing using observables and schedulers. It covers thread management in Mule including different thread pools for CPU-intensive, blocking I/O, and HTTP operations. The document also summarizes synchronous and asynchronous event processing in Mule including using JMS queues and topics as well as VM queues. It discusses different flow and event processing strategies in Mule.
Meetup - Automate your project lifecycle using MuleSoft and Azure DevOpsRenato de Oliveira
This document discusses how to automate the project lifecycle for MuleSoft applications using MuleSoft and Azure DevOps. It covers setting up continuous integration (CI) and continuous delivery (CD) pipelines for building, testing, and deploying MuleSoft applications to different environments. The document provides an overview of the tools and processes used, including configuring notifications, auditing deployment logs, and securely managing application properties and secrets.
This document provides an agenda and overview for a virtual meetup on Hashicorp Vault. The meetup will include introductions by the organizers and sponsor, an introduction to Vault including its features and use cases, a demo, and Q&A. The speaker will discuss using Vault with MuleSoft and show how to store and retrieve credentials from Vault.
The document summarizes the agenda and key topics for the MuleSoft Meetup #4 in Ahmedabad on August 3rd, 2019. The meetup included:
1) A introduction and overview of migrating applications from Mule 3 to Mule 4.
2) A presentation on Anypoint Runtime Manager, MuleSoft's platform for deploying and managing APIs and integrations.
3) A Q&A session.
4) Discussion of the topic for the next meetup and refreshments.
The document then provides more details on selected migration challenges from Mule 3 to Mule 4, such as changes to the event structure and classloading model in Mule 4. It
Nagpur MuleSoft Meetup Group - Working with API Groups in Mulesoft NaimishKakkad2
Nagpur MuleSoft Meetup Group - Working with API Groups in Mulesoft
Create an API group
Modify an API group
Add SLA Tier into an API group
Promote API groups from one Environment to another
Publish the API group on Exchange and Public Portal
Deprecate an API group
Delete an API Group
Q and A
- The document outlines guidelines for a virtual MuleSoft meetup, including welcoming attendees and encouraging them to keep videos on.
- The agenda includes introductions, a presentation on creating MuleSoft API template projects using Maven archetypes, a quiz, and networking.
- The presentation discusses using Maven archetypes to standardize project structure, apply best practices, and speed up development by automatically configuring dependencies and files. It demonstrates generating a new project from an archetype template.
This document provides an overview and agenda for the Warsaw MuleSoft Meetup #6 on February 4th, 2020. The meetup featured a presentation on Practical Approaches to Continuous Integration/Continuous Deployment. The presentation covered topics like CI/CD pipelines, source control branching strategies, automation, and operations. It provided examples and walked through implementation steps for setting up CI/CD processes. The meetup concluded with a networking session and discussions.
The document summarizes a MuleSoft meetup event. The agenda includes a talk on delayed error reprocessing using VM queues by Timothy Hanline and a talk on MuleSoft ERP integrations best practices by Hari Kumar B. There will also be a Q&A session and trivia with prizes for top participants. Announcements provide details on the talks and encourage participants to attend the full event for a chance to win training and certification vouchers.
MuleSoft Surat Live Demonstration Virtual Meetup#1 - Anypoint VPC VPN and DLBJitendra Bafna
The document provides information about a Meetup event on Anypoint VPC, VPN and Dedicated Load Balancer. It includes an agenda with an introduction, overview of Anypoint VPC, VPN and DLB, a demonstration of these services, and time for networking. The speaker, Jitendra Bafna from Capgemini, will cover what Anypoint VPC is, its advantages, characteristics and sizing requirements. He will also discuss what a dedicated load balancer and Anypoint VPN are, the differences between shared and dedicated load balancers, and how to configure certificates and mapping rules on a dedicated load balancer.
CSV and JSON Transformation in WSO2 Micro Integrator 4.0 - WSO2 APIM Communit...WSO2
The document discusses a WSO2 API Manager community call about CSV and JSON transformation in MI 4.0.0. It covers an overview of existing transformation methods like Data Mapper, PayloadFactory, and XSLT mediator. It then discusses the CSV module for transformations between CSV, JSON, and XML. It demonstrates the CSV module and use of FreeMarker templates in the PayloadFactory mediator for transformations. Examples include JSON to XML, XML to JSON, and a more complex transformation between JSON and XML.
The document summarizes an Ahmedabad MuleSoft Meetup event on Mule 4 Connectors that was held from 12 PM to 2 PM on February 20th, 2021. The agenda included introductions, a presentation on Mule 4 connectors and their development, a Q&A session, and a discussion on the next meetup. The presentation covered what connectors are, their benefits, when to use them, and ways to build custom connectors, including using REST Connect, the XML SDK, and the Mule SDK for Java. Attendees were asked to provide feedback and stay connected for future events.
Riyadh Meetup4- Sonarqube for Mule 4 Code reviewsatyasekhar123
This document summarizes a virtual meetup about Mule 4 code review using SonarQube. The meetup agenda included introductions, a discussion of continuous inspection and SonarQube, and a demo. Continuous inspection is part of the software development lifecycle and provides continuous feedback on code quality. SonarQube is a tool that can analyze source code without execution to generate software metrics and identify issues. It was demonstrated at the meetup and supports code review in multiple languages. There was also an open discussion period for questions and suggestions for future meetup topics.
• Understanding ASP.NET Core 1.0 (ASP.NET 5) and why it will replace Classic ASP.NET.
• ASP.NET Core 1.0 - What has changed?
• ASP.NET Core 1.0 - Reviving .NET.
Resilient and Adaptable Systems with Cloud Native APIsVMware Tanzu
SpringOne 2021
Session Title: Resilient and Adaptable Systems with Cloud Native APIs
Speakers: Olga Maciaszek-Sharma, Senior Member of Technical Staff at VMware; Spencer Gibb, Spring Cloud Core Lead at VMware
Surat MuleSoft Meetup#2 - Anypoint Runtime FabricJitendra Bafna
This document provides an overview and agenda for a virtual meetup on MuleSoft Runtime Fabric and Azure DevOps. It includes:
- Details on the organizers and speakers for the event
- An agenda covering What is Anypoint Runtime Fabric?, its architecture and components, a demonstration of manual installation, deployment on AWS and Terraform, and logging, monitoring, scaling and security.
- Background on MuleSoft, including its history and products.
- Descriptions of what Runtime Fabric is, its benefits over other deployment options like standalone servers, and how it provides isolation, scaling and automation of Mule applications.
- A demonstration of the Runtime Fabric architecture and its components like controllers, workers and pods
This document provides an overview of the Play 2 Java framework, including:
- A brief introduction to Play and how it allows building web apps with Java and Scala in a lightweight, scalable way based on Akka
- A live coding demo showing building a basic app that retrieves user data from GitHub's API
- Discussion of deploying the demo app to Heroku cloud platform
- Recommendation to ask further questions later via email
The AWS platform offers a rich set of capabilities that can be leveraged by the customer to better control applications state, configuration, and supporting infrastructure throughout the service lifecycle – all while operating with security best practices such as audit and accountability, access control, change review and governance, and systems integrity. We will showcase and discuss design patterns for using these capabilities in synergy with fast-paced and agile application development methodologies – such as DevOps – to achieve an integrated security operations program.
Mulesoft Meetup Bangalore - 6th March 2021Gaurav Sethi
The document outlines the agenda for a Mulesoft meetup group meeting on March 6th, 2021 in Bangalore. The agenda includes:
- Introduction and networking
- A session on analyzing and resolving heap memory issues
- A session on building custom connectors in Mule 4
- Question and answer periods
- A trivia quiz with prizes
- Networking time
- A wrap-up and announcement of the next meetup agenda
The document discusses best practices for creating a Virtual Private Cloud (VPC) in MuleSoft. It recommends creating separate VPCs for production and non-production environments for isolation. When choosing a CIDR block size, a balance must be struck between having enough IP addresses without wasting them. The number of applications, workers, environments, high availability needs, and fault tolerance requirements should all be considered when estimating IP needs. Having the correct CIDR block size is important to avoid running out of addresses over time as more applications are deployed.
#3 calicut meetup - understanding slb, dlb and web socketsJohnMathewPhilip
In this virtual-meetup session held on 28th August, 2021 by Patryk Bandurski (MuleSoft Ambassador) we cover a detailed part of SLB, DLB and Web Sockets.
The document summarizes an event on Mule 4 event processing models held in Baltimore. It discusses Mule 4's non-blocking reactive event processing using observables and schedulers. It covers thread management in Mule including different thread pools for CPU-intensive, blocking I/O, and HTTP operations. The document also summarizes synchronous and asynchronous event processing in Mule including using JMS queues and topics as well as VM queues. It discusses different flow and event processing strategies in Mule.
Meetup - Automate your project lifecycle using MuleSoft and Azure DevOpsRenato de Oliveira
This document discusses how to automate the project lifecycle for MuleSoft applications using MuleSoft and Azure DevOps. It covers setting up continuous integration (CI) and continuous delivery (CD) pipelines for building, testing, and deploying MuleSoft applications to different environments. The document provides an overview of the tools and processes used, including configuring notifications, auditing deployment logs, and securely managing application properties and secrets.
This document provides an agenda and overview for a virtual meetup on Hashicorp Vault. The meetup will include introductions by the organizers and sponsor, an introduction to Vault including its features and use cases, a demo, and Q&A. The speaker will discuss using Vault with MuleSoft and show how to store and retrieve credentials from Vault.
The document summarizes the agenda and key topics for the MuleSoft Meetup #4 in Ahmedabad on August 3rd, 2019. The meetup included:
1) A introduction and overview of migrating applications from Mule 3 to Mule 4.
2) A presentation on Anypoint Runtime Manager, MuleSoft's platform for deploying and managing APIs and integrations.
3) A Q&A session.
4) Discussion of the topic for the next meetup and refreshments.
The document then provides more details on selected migration challenges from Mule 3 to Mule 4, such as changes to the event structure and classloading model in Mule 4. It
Nagpur MuleSoft Meetup Group - Working with API Groups in Mulesoft NaimishKakkad2
Nagpur MuleSoft Meetup Group - Working with API Groups in Mulesoft
Create an API group
Modify an API group
Add SLA Tier into an API group
Promote API groups from one Environment to another
Publish the API group on Exchange and Public Portal
Deprecate an API group
Delete an API Group
Q and A
- The document outlines guidelines for a virtual MuleSoft meetup, including welcoming attendees and encouraging them to keep videos on.
- The agenda includes introductions, a presentation on creating MuleSoft API template projects using Maven archetypes, a quiz, and networking.
- The presentation discusses using Maven archetypes to standardize project structure, apply best practices, and speed up development by automatically configuring dependencies and files. It demonstrates generating a new project from an archetype template.
This document provides an overview and agenda for the Warsaw MuleSoft Meetup #6 on February 4th, 2020. The meetup featured a presentation on Practical Approaches to Continuous Integration/Continuous Deployment. The presentation covered topics like CI/CD pipelines, source control branching strategies, automation, and operations. It provided examples and walked through implementation steps for setting up CI/CD processes. The meetup concluded with a networking session and discussions.
The document summarizes a MuleSoft meetup event. The agenda includes a talk on delayed error reprocessing using VM queues by Timothy Hanline and a talk on MuleSoft ERP integrations best practices by Hari Kumar B. There will also be a Q&A session and trivia with prizes for top participants. Announcements provide details on the talks and encourage participants to attend the full event for a chance to win training and certification vouchers.
MuleSoft Surat Live Demonstration Virtual Meetup#1 - Anypoint VPC VPN and DLBJitendra Bafna
The document provides information about a Meetup event on Anypoint VPC, VPN and Dedicated Load Balancer. It includes an agenda with an introduction, overview of Anypoint VPC, VPN and DLB, a demonstration of these services, and time for networking. The speaker, Jitendra Bafna from Capgemini, will cover what Anypoint VPC is, its advantages, characteristics and sizing requirements. He will also discuss what a dedicated load balancer and Anypoint VPN are, the differences between shared and dedicated load balancers, and how to configure certificates and mapping rules on a dedicated load balancer.
CSV and JSON Transformation in WSO2 Micro Integrator 4.0 - WSO2 APIM Communit...WSO2
The document discusses a WSO2 API Manager community call about CSV and JSON transformation in MI 4.0.0. It covers an overview of existing transformation methods like Data Mapper, PayloadFactory, and XSLT mediator. It then discusses the CSV module for transformations between CSV, JSON, and XML. It demonstrates the CSV module and use of FreeMarker templates in the PayloadFactory mediator for transformations. Examples include JSON to XML, XML to JSON, and a more complex transformation between JSON and XML.
The document summarizes an Ahmedabad MuleSoft Meetup event on Mule 4 Connectors that was held from 12 PM to 2 PM on February 20th, 2021. The agenda included introductions, a presentation on Mule 4 connectors and their development, a Q&A session, and a discussion on the next meetup. The presentation covered what connectors are, their benefits, when to use them, and ways to build custom connectors, including using REST Connect, the XML SDK, and the Mule SDK for Java. Attendees were asked to provide feedback and stay connected for future events.
Riyadh Meetup4- Sonarqube for Mule 4 Code reviewsatyasekhar123
This document summarizes a virtual meetup about Mule 4 code review using SonarQube. The meetup agenda included introductions, a discussion of continuous inspection and SonarQube, and a demo. Continuous inspection is part of the software development lifecycle and provides continuous feedback on code quality. SonarQube is a tool that can analyze source code without execution to generate software metrics and identify issues. It was demonstrated at the meetup and supports code review in multiple languages. There was also an open discussion period for questions and suggestions for future meetup topics.
• Understanding ASP.NET Core 1.0 (ASP.NET 5) and why it will replace Classic ASP.NET.
• ASP.NET Core 1.0 - What has changed?
• ASP.NET Core 1.0 - Reviving .NET.
Resilient and Adaptable Systems with Cloud Native APIsVMware Tanzu
SpringOne 2021
Session Title: Resilient and Adaptable Systems with Cloud Native APIs
Speakers: Olga Maciaszek-Sharma, Senior Member of Technical Staff at VMware; Spencer Gibb, Spring Cloud Core Lead at VMware
Surat MuleSoft Meetup#2 - Anypoint Runtime FabricJitendra Bafna
This document provides an overview and agenda for a virtual meetup on MuleSoft Runtime Fabric and Azure DevOps. It includes:
- Details on the organizers and speakers for the event
- An agenda covering What is Anypoint Runtime Fabric?, its architecture and components, a demonstration of manual installation, deployment on AWS and Terraform, and logging, monitoring, scaling and security.
- Background on MuleSoft, including its history and products.
- Descriptions of what Runtime Fabric is, its benefits over other deployment options like standalone servers, and how it provides isolation, scaling and automation of Mule applications.
- A demonstration of the Runtime Fabric architecture and its components like controllers, workers and pods
This document provides an overview of the Play 2 Java framework, including:
- A brief introduction to Play and how it allows building web apps with Java and Scala in a lightweight, scalable way based on Akka
- A live coding demo showing building a basic app that retrieves user data from GitHub's API
- Discussion of deploying the demo app to Heroku cloud platform
- Recommendation to ask further questions later via email
The AWS platform offers a rich set of capabilities that can be leveraged by the customer to better control applications state, configuration, and supporting infrastructure throughout the service lifecycle – all while operating with security best practices such as audit and accountability, access control, change review and governance, and systems integrity. We will showcase and discuss design patterns for using these capabilities in synergy with fast-paced and agile application development methodologies – such as DevOps – to achieve an integrated security operations program.
Zure Azure PaaS Zero to Hero - DevOps training dayOkko Oulasvirta
This document provides an overview of Azure DevOps and related Azure services for continuous integration, delivery, and monitoring. It discusses DevOps practices including source control with Azure Repos, work tracking with Azure Boards, continuous integration and deployment pipelines with Azure Pipelines, infrastructure as code with ARM templates, and application monitoring with Application Insights. It also covers security practices like role-based access control and use of Azure Key Vault for secrets management. Live demos are provided for many of the Azure DevOps features and services discussed.
The AWS platform offers a rich set of capabilities that can be leveraged by the customer to better control applications state, configuration, and supporting infrastructure throughout the service lifecycle – all while operating with security best practices such as audit and accountability, access control, change review and governance, and systems integrity. We will showcase and discuss design patterns for using these capabilities in synergy with fast-paced and agile application development methodologies – such as DevOps – to achieve an integrated security operations program.
Continuous Integration and Deployment Best Practices on AWSAmazon Web Services
With AWS, organizations now have the ability to develop and run their applications with speed and flexibility like never before. Working with an infrastructure that can be 100% API-driven enables organizations to use lean methodologies and realize these benefits. In this session, we will explore some key concepts and design patterns for continuous deployment and continuous integration, two elements of lean application and infrastructure development. We will look at several use cases where IT organizations leveraged AWS to rapidly develop and iterate on applications for scale, high availability and cost optimization.
Speaker: Adrian White, Solutions Architect, Amazon Web Services
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017Amazon Web Services
AWS serverless architecture components such as Amazon S3, Amazon SQS, Amazon SNS, CloudWatch Logs, DynamoDB, Amazon Kinesis, and Lambda can be tightly constrained in their operation. However, it may still be possible to use some of them to propagate payloads that could be used to exploit vulnerabilities in some consuming endpoints or user-generated code. This session explores techniques for enhancing the security of these services, from assessing and tightening permissions in IAM to integrating further tools and mechanisms for inline and out-of-band payload analysis that are more typically applied to traditional server-based architectures, and generalising these techniques to APIs for all AWS services.
Devops is an approach that aims to increase an organization's ability to deliver applications and services at high velocity by combining cultural philosophies, practices, and tools that align development and operations teams. Under a DevOps model, development and operations teams work closely together across the entire application lifecycle from development through deployment to operations. They use automation, monitoring, and collaboration tools to accelerate delivery while improving quality and security. Popular DevOps tools include Git, Jenkins, Puppet, Chef, Ansible, Docker, and Nagios.
API Tips & Tricks - Policy Management and Elastic DeploymentAxway
AMPLIFY API Management offers powerful capabilities for creating policies that manage APIs and includes many predefined policy filters. New elastic deployment functionality provides the ability to grow and scale to satisfy dynamic needs.
As software development teams transition to cloud-based architectures and adopt agile processes, the tools they need to support application development in this new world will change. In this session, we'll take you the transition that Amazon made to a service-oriented architecture over a decade ago, and introduce you to some of the processes and tools that we built and adopted along the way. We’ll share what lessons we’ve learned, explain how we’ve achieved better agility and reliability in our software development and deployment processes, and present an overview of tools we’ve used to help get us there that have since become services such as AWS CodeCommit, AWS CodePipeline, AWS CodeDeploy, and more.
1. Overview of DevOps
2. Infrastructure as Code (IaC) and Configuration as code
3. Identity and Security protection in CI CD environment
4. Monitor Health of the Infrastructure/Application
5. Open Source Software (OSS) and third-party tools, such as Chef, Puppet, Ansible, and Terraform to achieve DevOps.
6. Future of DevOps Application
XP teams try to keep systems fully integrated at all times, and shorten the feedback cycle to minutes and hours instead of weeks or months. The sooner you know, the sooner you can adapt.
Watch our record for the webinar "Continuous Integration" to explore how Azure DevOps helps us in achieving continuous feedback using continuous integration.
Devops core principles
CI/CD basics
CI/CD with asp.net core webapi and Angular app
Iac Why and What?
Demo using Azure and Azure Devops
Docker why and what ?
Demo using Azure and Azure Devops
Kubernetes why and what?
Demo using Azure and Azure Devops
One of the most fundamental challenges of CI/CD is the ability to balance between Quality, Time, and Cost. Amazon EC2 Container Service (ECS), along with Docker and Amazon EC2 Container Registry (ECR), has changed the game for many by making resource management very simple. For Okta, it has enabled the Continuous Integration team to maximize throughput while minimizing cost. In this session we will show you how Okta has created a flexible CI system with ECS, Docker, ECR, AWS Lambda, AWS CloudFormation, Amazon RDS, and Amazon SQS. Okta runs 30,000 tests with each developer commit, and releases 10,000 new lines of code each week to production. The CI system, built 100% on AWS, must be able to handle load while keeping cost under control. This talk is oriented toward developers looking to achieve efficient resource and cost management without compromising speed or quality.
The document introduces D365 F&O Azure DevOps tasks. It discusses continuous integration, continuous delivery, and release pipelines using Azure DevOps to automate uploading packages to the Asset Library and deploying to environments in Lifecycle Services. It provides information on setting up the necessary connections and tasks for continuous integration builds and continuous delivery deployments between Azure DevOps and Dynamics 365 Finance and Operations environments.
Configuration Management in the Cloud | AWS Public Sector Summit 2017Amazon Web Services
In order for your application to operate in a predictable manner in both your test and production environments, you must vigilantly maintain the configuration of your resources. By leveraging configuration management solutions, Dev and Ops engineers can define the state of their resources across their entire lifecycle. In this session, you will learn how to use AWS OpsWorks, AWS CodeDeploy, and AWS CodePipeline to build a reliable and consistent development pipeline that assures your production workloads behave in a predictable manner. Learn More: https://aws.amazon.com/government-education/
This session is designed to teach security engineers, developers, solutions architects, and other technical security practitioners how to use a DevSecOps approach to design and build robust security controls at cloud-scale. This session walks through the design considerations of operating high-assurance workloads on top of the AWS platform and provides examples of how to automate configuration management and generate audit evidence for your own workloads. We’ll discuss practical examples using real code for automating security tasks, then dive deeper to map the configurations against various industry frameworks. This advanced session showcases how continuous integration and deployment pipelines can accelerate the speed of security teams and improve collaboration with software development teams.
As software development teams transition to cloud-based architectures and adopt agile processes, the tools they need to support application development in this new world will change. In this session, we'll take you the transition that Amazon made to a service-oriented architecture over a decade ago, and introduce you to some of the processes and tools that we built and adopted along the way. We’ll share what lessons we’ve learned, explain how we’ve achieved better agility and reliability in our software development and deployment processes, and present an overview of tools we’ve used to help get us there that have since become services such as AWS CodeCommit, AWS CodePipeline, AWS CodeDeploy, and more.
Continuous Delivery series: How to automate your infrastructure toolchainSerena Software
This document summarizes a presentation about automating infrastructure toolchains. It discusses:
1) Moving fast without breaking things in highly regulated large enterprises through speed without risk, end-to-end automation that is practitioner specific, collaboration enabled, and enterprise scaled.
2) The presenter, Darryl Bowler, solutions architect at Serena Software, Inc.
3) The differences between system configuration management versus workflow driven automation, including benefits like idempotency but challenges around complex orchestration and limited collaboration.
Similar to Wellington MuleSoft Meetup 2021-02-18 (20)
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 6
Wellington MuleSoft Meetup 2021-02-18
1. Attendee Introductions
● Name
● Company & role
● What do you want to get out of this session?
● Topics you want to discuss at upcoming events.
1
Please introduce yourself in the chat
2. [18th of February 2021]
[Wellington] MuleSoft Meetup Group
Security Best Practices for Azure DevOps Pipeline
3. Reminders. . .
● Session will be recorded. Please use the online chat to ask questions.
● Trivia game after the presentation. Winners will get class voucher or certification exam
voucher of their choice!
● Fill out the post-event survey to share your feedback with us, and for a chance to win $50
Amazon.com gift card.
● Group picture at the end of the session
3
6. Security Best Practices for Azure
DevOps Pipeline
Shaun Allen, Integration Developer - Trustpower
7. Introduction
• Based in Tauranga, New Zealand
• Over 3 years of IT experience
• MuleSoft Certified Developer – Mule 4
• Areas of Expertise:
- Pipelines (CI/CD)
- Automation
- Scripting
- Full Stack
Fun fact: Muay Thai enthusiast
7
9. Business Objectives
Technical Challenges in Securing the Pipeline
• Externalise property or YAML files – on a separate repository.
• Developers create a pull request for every change.
• Dynamic mule key injection per environment.
• Gives flexibility to update mule key per application.
• Secret Management using Azure Key Vault.
• Secrets to be updated when the mule key changes
• Potential for different mule key per application
• DevOps permissions for Service Connections.
9
10. DevSecOps
• A management approach that combines application development, security, operations and
infrastructure as a code (IaaS) in an automated, continuous delivery cycle.
• Applying security at every stage of the software development process enables continuous
integration, reducing the cost of compliance and delivering software more rapidly.
Benefits of DevSecOps
• Improved quality and security of software.
• Faster software delivery.
• Enhanced communication and collaboration between teams.
• Earlier identification and correction of vulnerabilities in code.
• More opportunities for automated builds and quality assurance testing.
Resource: https://searchitoperations.techtarget.com/definition/DevSecOps
10
11. Setup a new application
This pipeline will handle the scaffolding of setting up a new project.
• Create a new folder under applications
• Create key vaults (generic Trustpower ARM template)
• Setup access policy for key vaults (ARM template parameters file)
• Tokenise key vault names into files
• Create application build and deploy pipeline
• Setup permissions for the new pipeline
How is this pipeline triggered?
11
Pipeline on-boarding
12. Service Hooks with Logic Apps
We use Azure DevOps service hooks for triggering Azure logic apps to do some work.
• We have one centralized logic app that all service hooks are sent to
• We then use a simple switch case statement for extracting the type of event i.e git push, PR
completed etc
• Using the above event types, send request to next logic app
• Inspect project level info i.e does the project name begin with mulesoft-
• Exclude any projects such as the mulesoft-pipelines project
• Trigger pipeline to setup a new application
• Will only add the file if the modified branch starts with feature
12
Automation on-boarding
13. Continuous Integration (CI)
Build application using centralised property file
based on environment variables
• File must be placed in the same path as existing properties file (file="properties/${mule.env}-
properties.yaml")
• Find errors before a deploy (save on time and roll back)(Only works with Munit)
• Using a powershell task for build, maven task was outputting the mule key to the console
13
14. POM Configuration Validation
Why do we validate config?
• Make sure all apps are following our standards
What we validate
• Group Id (must be equal to com.trustpower)
• Artifact Id (must match repo name)
• Packaging (must be equal to mule-application)
• Description (simple not null check)
• Does the app have Munit plugin?
• Required application coverage (must be equal to 75%)
• Fail build (must be equal to true)
• Run coverage (must be equal to true)
• Munit format (must be equal to console)
14
Continuous Integration (CI)
15. MUnit
Used for validating flow output.
Pros:
• Can find errors with an application before a deploy i.e if a property doesn’t exist the app will still build
successfully but only fail when trying to run.
• Make sure updates to the application still produce the required result.
• Integrate testing into the CI/CD pipeline.
Cons:
• Takes extra time for the pipeline to run.
• Extra overhead to setup (although easier with recorder).
15
Continuous Integration (CI)
16. Deploy application based on branch name
Pipeline triggers allow for a full CI/CD pipeline, we just need a way of knowing what environment
we want to deploy into
• Trigger build for all target branches
• Note: Not all branches listed in the triggers section can deploy without specific permissions i.e
group membership or using the auto deploy variable.
16
Continuous Deployment (CD)
17. Deploy application based on branch name
Needed a way to deploy to environments in a CI/CD fashion
Pipeline conditions
• feature/* deploys to development
• develop deploys to qa
• release* deploys to preprod
• master deploys to production
17
Continuous Delivery (CD)
18. Deploy application using Anypoint CLI
How do we deploy to cloudhub?
• Using the Anypoint CLI
Commands used by anypoint CLI:
• runtime-mgr cloudhub-application list
• runtime-mgr cloudhub-application start
• runtime-mgr cloudhub-application deploy/modify
• api-mgr api edit
List of commands: https://docs.mulesoft.com/runtime-manager/anypoint-platform-cli
18
Continuous Delivery (CD)
19. Auto deploy and group membership
Pipeline has two ways of deploying into environments.
1. Application settings file has an auto deploy flag
• For dev and qa
2. User who triggered the pipeline is a member of the mulesoft-pipelines “Release Administrators”
group
• Restrict who can deploy to cloudhub (must be manually triggered)
• If triggered from a PR into master, the user comes through as a Microsoft service
account
• Users in this group should be aware that anytime they trigger a pipeline run it will deploy
19
Continuous Delivery (CD) / Pipeline Security
20. Pipeline Security
Property Files Management
We wanted a way to externalise properties for cloudhub environments from the project repository.
• Easier for code reviewers to keep an eye on production configurations (no secrets in plain text etc)
• Centralised management (all application property files stored in one place)
We wanted a way to specify environment defaults for cloudhub deploys
• Use an application settings file (JSON format) to control deploy properties
20
21. Property Files Management - One Policy to rule them
all
One single repository means we can have one policy setup on the master branch to control all pull
requests (code reviews)
• Use one Azure DevOps group who can approve the PR’s.
• Use One file exclude pattern so developers can make quick changes to dev and qa for application
specific properties.
• Still need to create a new branch for updates, but the PR can be completed with no approvals
needed
21
Pipeline Security
22. Secure Credentials and settings.xml files
Credentials file is what we use to authenticate to the anypoint platform before using the anypoint
CLI commands.
• We use one single profile (default)
• This is so we don’t need to continuously set the env for each powershell task
We use a connected application for authentication (we were using a native account)
• Easy to restrict or revoke access
• Control access to data using scopes
22
Pipeline Security
23. Secure Credentials and settings.xml files
Our settings.xml file is how we authorize our pipeline to download dependencies for our
applications.
• Azure DevOps artifact feed (common dependency for all apps)
• Trustpower exchange assets
• Anypoint exchange v2
• Enterprise artifacts (nexus)
Settings file cannot use connected app directly, we must generate an access token using the
connected app details. Dependencies using the access token are:
• Trustpower exchange assets
• Anypoint exchange v2
Azure DevOps is using a PAT token.
Enterprise artifacts (nexus) is using a native login (username and password). We don’t have
access to change this setup.
23
Pipeline Security
24. Secret Management with Azure Key Vault
Automation will setup the scaffolding of a new project.
• Creating the key vault
• Setup the access policy for the service principal (service connection identity) on the key vault
• Key vault name is automatically added to the application settings file with tokenisation
Secrets must be manually setup
• Updates are also manual i.e. if a password or security token changes we would need to manually
update the key vault secret
Applications use secure properties, so if any changes are made to key vault secrets this means
we would have to do a re-deploy to see the update.
• Could use Azure service principals and have the applications pull secrets directly from key vault
• Each app would need it’s own identity for each environment (or at least sandbox & production)
• Key vault cost associated with each secret transaction
24
Pipeline Security
25. Secret Management with Azure Key Vault
Using a pre-defined Azure DevOps pipeline kay vault task (where possible) to pull through
secrets.
• Easy to use
• Specify the service connection to use and what secrets we want to be pulled through
• Secrets can then be accessed like pipeline variables $(MuleKey)
• Also use the Az.KeyVault powershell module to access secrets if we need to do logical statements
• i.e if we need to overwrite the global mule key for our environment with an application specific
one
25
Pipeline Security
26. DevOps permissions for Service Connections
Service connection identity in Azure must be granted permissions on the key vault we are
wanting to access.
The newly created pipeline needs permissions to be able to use the service connections
• The ‘setup new application’ pipeline will allow the new app pipeline to access the service connections
as a user
• For the above to work, the service connections must exist before the pipeline runs
• No CI/CD otherwise, pipeline will hang waiting on permissions
• Just created a new api we can integrate with this pipeline to ensure service connections exist
(Work In Progress)
26
Pipeline Security
27. Secure config encryption tool
When the pipeline pulls secrets from our application key vault, we need a way to encrypt them.
This is where the mulesoft secure config encryption tool comes in
• https://docs.mulesoft.com/mule-runtime/4.3/secure-configuration-properties#secure_props_tool
• We need to supply the following arguments
• File or string
• Algorithm
• Mode
• Mule key
• Secret to be encrypted
Once we have encrypted pipeline secrets setup, we can tokenise the {env}-properties.yaml file
and add this to the src/main/resources/properties folder
27
Pipeline Security
28. Secure Configuration properties
Extract mule key from environment or application key vault
• Mule key length has to abide by the algorithm settings i.e AES algorithm has an exact key length of 16
• This is where you may need different mule keys for applications if migrating to a different algorithm
• Environment mule key vs application mule key
Extract algorithm and mode from the application global-configs.xml file
• Or use the default set in the application.settings file
• If using default of values, there is no properties being setup in the global-configs.xml, hence
the need for defaults in app settings file
28
Pipeline Security
29. SLA Tiers
We use an automated policy to enforce the need for SLA tiers across all environments.
As part of our application pipeline, when the deploy stage happens, we deploy Trustpower
default SLA tiers that are setup in the default.settings file.
We can modify or add to these SLA tiers using the application.settings file for each application in
each environment.
When a user is requesting access to an application this is where they will be able to select their
required SLA tier.
• Auto approved for dev and qa
• Manual approval needed for production
29
Pipeline Security
31. Pipeline improvements
• Use a step template for generating the mule key
• Remove inline scripting
• Some PowerShell tasks need to be smaller and more understandable/readable
• Look through devops improvements (can we use stage dependencies for stage conditions
yet?)
• Integration Postman agent (newman)
• Automate setting up API Manager
• Only trigger one build at any time
• Use of approval gates (Environment)
31
32. Key takeaways
What have we learnt (hopefully):
• How to externally manage property files
• Use policy to exclude files/folders from PR review for faster development
• How to use key vault for secrets and use within pipelines (service connection for access)
• How to use secure config tool with above for setting up encrypted secrets
• How to tokenise a property file to inject secrets from above
• Build an application using the external properties file
• Munit is good for integrating testing into the CI/CD pipeline, but is also handy for exposing errors
before a deploy if the properties file doesn’t match what the application is expecting
• Deploy application using pipeline conditions and flags
• Deploy SLA tiers
32
33. Call for Speakers!
● Incentive for speakers:
Complimentary training class voucher or certification exam voucher of their choice.
● Please contact organizers for more information!
33