"All happy cloud deployments are alike; each unhappy cloud deployment is unhappy in its own way." — Leo Tolstoy, Site Reliability Engineer
At Gruntwork, I've had the chance to see the cloud adoption journeys of hundreds of companies, from tiny startups to Fortune 50 giants. I've seen those journeys go well. I've seen those journeys go poorly. In this talk, I discuss a few of the ways cloud adoption can go horribly wrong (massive cost overruns, endless death marches, security disasters), and more importantly, how you can get it right.
To help you get it right, we looked at the cloud journeys that were successful and extracted from them the patterns they had in common. We distilled all this experience down into something called the Gruntwork Production Framework, which defines five concrete steps you can follow to adopt the cloud at your own company—and hopefully, to end up with your very own happy cloud deployment.
Terraform can be used to automate the deployment and management of infrastructure as code. It allows defining infrastructure components like VMs, networks, DNS records etc. as code in configuration files. Key benefits include versioning infrastructure changes, consistency across environments, and automation of deployments. The document then provides details on installing Terraform, using common commands like plan, apply and import, defining resources, variables, modules and managing remote state. It also demonstrates creating an EC2 instance using a generated AMI.
This document introduces Docker Compose, which allows defining and running multi-container Docker applications. It discusses that Docker Compose uses a YAML file to configure and run multi-service Docker apps. The 3 steps are to define services in a Dockerfile, define the app configuration in a Compose file, and run the containers with a single command. It also covers topics like networking, environment variables, and installing Docker Compose. Hands-on labs are provided to learn Compose through examples like WordPress.
Chaos Engineering - The Art of Breaking Things in Production
This is an introduction to Chaos Engineering - the Art of Breaking things in Production. This is conducted by two Site Reliability Engineers which explains the concepts, history, principles along with a demonstration of Chaos Engineering
The technical talk is given in this video: https://youtu.be/GMwtQYFlojU
YouTube Link: https://youtu.be/h8uM4mezyHU
** DevOps Certification Courses - https://www.edureka.co/devops-certification-courses** This Edureka PPT on ‘DevOps Real-Time Scenarios’ will discuss the various real-time Challenges that you encounter while adopting or implementing DevOps practices.
Follow us to never miss an update in the future.
YouTube: https://www.youtube.com/user/edurekaIN
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Castbox: https://castbox.fm/networks/505?country=in
1) DevOps aims to automate and integrate processes between software development and IT teams to increase efficiency. It emphasizes cross-team communication and technology automation.
2) When adopting Salesforce DevOps, organizations face challenges around lack of best practices, admin-friendliness of tools, complexity of Salesforce environments, and finding expertise.
3) There are two main approaches to Salesforce DevOps - building out a solution using Salesforce tools like DX and scripting, or buying an ISV solution. Building provides more flexibility while buying provides pre-built features and support.
This document summarizes a presentation on pentesting like a grandmaster chess player. It discusses how chess grandmasters focus on individual skill through early and relentless practice, preparation through extensive study of opponents and scenarios, and performance through maintaining health and discipline. Specific chess players are discussed as examples, such as how Kasparov outprepared his opponent through thorough research. The document advocates pentesters similarly focus on individual hacking skills, in-depth target preparation, and optimized performance.
Recently I was asked to explain what dev-ops is at a large enterprise software vendor undergoing transformation.
In these slides, I present the concepts, tools and mindset that drive DevOPS.
In this session we will take an introduction look to Continuous Integration and Continuous Delivery workflow.
This is an introduction session to CI/CD and is best for people new to the CI/CD concepts, or looking to brush up on benefits of using these approaches.
* What CI & CD actually are
* What good looks like
* A method for tracking confidence
* The business value from CI/CD
The document discusses DevOps practices at Amazon Web Services (AWS). It begins with an overview of DevOps and how it has helped Amazon deploy code faster and more frequently. It then discusses specific DevOps tools and services offered by AWS, including AWS CodeCommit for source control, AWS CodeBuild for builds, AWS CodeDeploy for deployments, AWS CodePipeline for release orchestration, and AWS CodeStar for application development. The document explains how these services work together to enable continuous integration and continuous delivery workflows. It also discusses how AWS has implemented DevOps practices like infrastructure as code and monitoring within its own systems to deploy millions of times per day while maintaining quality, security and reliability.
Navigate the universe of CI/CD tools.
As the fastest way to production, the CI/CD pipeline is now mainstream among software companies, forming the backbone of the modern DevOps environment. While DevOps handles the culture aspect, CI/CD focuses on the process and tools.
With this guide, we hope to provide a clear overview of the various CI/CD tools categories and give a broad sampling of the various tools that are available.
Being a newer technology, Docker has yet to make its way into some computer science training programs. College programs, bootcamps, and online resources have yet to jump onto the container train; so, what's the best way for newer engineers to learn Docker from square one? Chloe (former actress turned developer) tells her story about how she went from wondering "What's a Docker?" to helping teach others about Docker and instead asking "What?? You haven't heard of Docker?". This talk is perfect for anyone new to Docker looking for how to get started, or for those interested in learning how to teach Docker to new users.
First DRAFT of a DevOps presentation and posters covering the essentials for a DevOps mindset. Help improve the content by forking and contributing a pull request to https://github.com/wpschaub/DevOps-mindset-essentials/blob/master/README.md.
This document discusses the basics of CI/CD and the different pieces involved in a CI/CD setup such as wiring projects with build servers, setting up pipelines, and pipeline as code. It explains connecting the dots between a developer's machine, repository, CI server, end users, and connecting these pieces together in the final CI/CD pipeline picture.
This document provides an introduction to Docker. It discusses why Docker is useful for isolation, being lightweight, simplicity, workflow, and community. It describes the Docker engine, daemon, and CLI. It explains how Docker Hub provides image storage and automated builds. It outlines the Docker installation process and common workflows like finding images, pulling, running, stopping, and removing containers and images. It promotes Docker for building local images and using host volumes.
The document discusses different Docker networking drivers including null, host, bridge, overlay, and macvlan/ipvlan networks. It provides examples of creating networks with each driver and how containers on different networks will connect and obtain IPs. Specifically, it shows how the bridge driver sets up a private Docker bridge network (docker0 by default) and how overlay networks use VXLAN tunnels to connect containers across multiple Docker daemons.
Showcase development processes and methods with our content ready Devops PowerPoint Presentation Slide. Focus on rapid application delivery using our visually appealing development and operations PPT visuals. The operating system PowerPoint complete deck comprises self-explanatory and editable PowerPoint templates such as need for DevOps, best practices, criteria for choosing a pilot project, DevOps goals, timeline for DevOps transformation, current state future state, 30-60-90 day plan, roadmap for DevOps, transformation post successful DevOps Implementation, RACI matrix, dashboard to name a few. Users can easily customize all the templates as per their specific project needs. Furthermore, you can also use this IT operations management presentation deck to encourage your team to adopt DevOps culture practices and tools. Demonstrate DevOps goals like Increase automation and standardize the process, reduce cost effort & time to market and so on. Download our system development lifecycle PowerPoint templates to present ways to make improved products faster for greater client satisfaction. Handle deficiencies with our DevOps Powerpoint Presentation Slides. Initiate action to acquire desired assets. https://bit.ly/3y8q8NC
Abusing bleeding edge web standards for appsec glory
"Through cooperation between browser vendors and standards bodies in the recent past, numerous standards have been created to enforce stronger client-side control for web applications. As web appsec practitioners continue to shift from mitigating vulnerabilities to implementing proactive controls, each new standard adds another layer of defense for attack patterns previously accepted as risks. With the most basic controls complete, attention is shifting toward mitigating more complex threats. As a result of the drive to control for these threats client-side, standards such as SubResource Integrity (SRI), Content Security Policy (CSP), and HTTP Public Key Pinning (HPKP) carry larger implementation risks than others such as HTTP Strict Transport Security (HSTS). Builders supporting legacy applications actively make trade-offs between implementing the latest standards versus accepting risks simply because of the increased risks newer web standards pose.
In this talk, we'll strictly explore the risks posed by SRI, CSP, and HPKP; demonstrate effective mitigation strategies and compromises which may make these standards more accessible to builders and defenders supporting legacy applications; as well as examine emergent properties of standards such as HPKP to cover previously unforeseen scenarios. As a bonus for the breakers, we'll explore and demonstrate exploitations of the emergent risks in these more volatile standards, to include multiple vulnerabilities uncovered quite literally during our research for this talk (which will hopefully be mitigated by d-day)."
(Source: Black Hat USA 2016, Las Vegas)
This document discusses challenges with integrating security into agile development processes and proposes solutions. It notes that traditional security approaches like threat modeling and penetration testing don't work well in agile environments with short release cycles. The document recommends automating security scans and tests to run with each code change. It also suggests integrating security findings into existing bug tracking tools to streamline remediation. The overall goal is to make security practices more agile and collaborative to improve cycle times for fixing issues.
Why the cloud is more secure than your existing systems
Talk presented by Ernest Mueller at LASCON 2010 on cloud computing security and why it's likely that the cloud is more secure than what you're doing right now.
To go faster in a car, you need not only a powerful engine, but also safety mechanisms like brakes, air bags, and seat belts. This is a talk about the safety mechanisms that allow you to build software faster. It's based on the book "Hello, Startup" (http://www.hello-startup.net/). You can find the video of the talk here: https://www.youtube.com/watch?v=4fKm6ImKml8
A presentation given at the 2011 Amazon AWS Genomics meeting held in Seattle, WA.
This is a 30 minute talk I gave focusing mainly on practical tools, tips and methods for bootstrapping and orchestration on the cloud.
Covers examples of:
Ubuntu Cloud Init
AWS Cloud Formation
Opscode Chef
MIT StarCluster
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
DevOpsSec applies DevOps principles like decentralization, shared resources, and transparency to security. It focuses on reducing the mean time to detect (MTTD) security issues and mean time to resolve (MTTR) them. Automating security testing and integrating it into continuous integration helps detect attacks and issues earlier. Treating security operations like other services improves culture.
This document discusses hacking serverless runtime environments like AWS Lambda, Azure Functions, and Auth0 WebTask. It begins by introducing the presenters and what will be covered. The document then explores how different vendors implement sandbox isolation and common attack techniques like persistence and data exfiltration. It examines specific runtimes like AWS Lambda in depth, investigating how to profile the environment, persist code, and escalate privileges. The document emphasizes that detection is difficult in serverless environments and provides examples of potential indicators of compromise. Overall, the document provides an overview of attacking and defending serverless architectures.
Today’s cutting edge companies have software release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This automation helps you catch bugs sooner and accelerates developer productivity. In this session, we’ll share best practices (including ones followed internally at Amazon) and how you can bring them to your company by using open source and AWS services.
Speaker: Raghuraman Balachandran, Solutions Architect, Amazon India
Learn how to use AWS services to automate manual tasks, help teams manage complex environments at scale, and keep engineers in control of the high velocity that is enabled by DevOps. In this session, we will provide an overview of the various AWS development and deployment services and when best to use them. We will show how to build a fully automated infrastructure and software delivery pipeline with AWS CodePipeline, AWS CodeBuild, AWS CloudFormation and AWS CodeDeploy. At the end of the session, a GitHub repository of AWS CloudFormation templates will be provided so you can quickly deploy the same pipeline to your AWS account(s).
Is Multi-Cloud good or bad? How about Serverless? The answer to all these questions is Yes, sometimes. Whether you're new to all this or a long-time industry veteran, you'll surely come away from this approachable talk with a new understanding of cutting edge technology and actionable insights on how to make smart trade offs.
Vancouver Cloud Summit 2024 (2024-04-22)
Serverless in production, an experience report (microservices london)
AWS Lambda has changed the way we deploy and run software, but the serverless paradigm has created new challenges to old problems: How do you test a cloud-hosted function locally? How do you monitor them? What about logging and config management? And how do we start migrating from existing architectures?
Yan Cui shares solutions to these challenges, drawing on his experience running Lambda in production and migrating from an existing monolithic architecture.
“Serverless” can be defined as a couple simple things: 1 - It’s a programming model for structuring applications as functions and events (basically a manifestation of microservices). 2 - It’s a cloud business model, where use is billed by the function call instead of by the provisioned server, so apps only pay when they run and for how long they run, eliminating over-provisioning and typically reducing costs.
In this talk, we’ll cover the what, why and how of serverless, and learn more about it through running code.
Throughout the session, we’ll focus on how the serverless model is being leveraged in the real world - not just toy functions and demos. Legacy enterprise apps - which are typically monolithic, written by large teams of Java and .Net devs, and resembling a bit of a mud ball - are being shaved down to take advantage of serverless, and we’ll be sharing some early results from those efforts. We'll discuss examples of how Fortune 50 companies are building their serverless projects on the Kubernetes and Mesos clouds they have already deployed.
Le terme “Serverless” a plusieurs significations: 1 - un modèle de programmation pour structurer les applications en tant que fonctions et événements (essentiellement une manifestation de microservices); et 2 - Il s'agit d'un modèle d'entreprise Cloud, où l'utilisation est facturée par l'appel de fonction plutôt que par le serveur provisionné, de sorte que les applications ne paient que lorsqu'elles fonctionnent et pour combien de temps elles courent, éliminant le sur-provisionnement et réduisant les coûts associés.
Dans ce discours, nous allons couvrir le quoi, le pourquoi et comment de Serverless, et en savoir plus à ce sujet en exécutant le code. Nous nous concentrerons sur la façon dont le modèle Serverless est utilisé dans le monde réel - pas seulement les fonctions et démos. Les applications d'entreprise héritées - qui sont généralement monolithiques, écrites par de grandes équipes de développeurs Java et .Net et ressemblant à un peu une grande boule de boue - sont rasées pour profiter de Serverless, et nous partagerons des résultats préliminaires de ces efforts.
Serverless in production, an experience report (FullStack 2018)
This document discusses considerations for making serverless applications production ready. It covers topics like testing, monitoring, logging, deployment pipelines, performance optimization, and security. The document emphasizes principles over specific tools, and recommends focusing on shipping working software through practices like embracing external services for testing instead of mocking.
Serverless in production, an experience report (London js community)
AWS Lambda has changed the way we deploy and run software, but this new serverless paradigm has created new challenges to old problems - how do you test a cloud-hosted function locally? How do you monitor them? What about logging and config management? And how do we start migrating from existing architectures?
In this talk Yan and Diana will discuss solutions to these challenges by drawing from real-world experience running Lambda in production and migrating from an existing monolithic architecture.
Jon Noble. Jon will give a brief overview of why you should consider security as part of your CloudStack deployment, why your approach to security needs to be different than in a traditional environment, and also talk about some of the motives behind the attacks – why they attack you and what they do once they have compromised a system.
In this talk we debunk common myths and misconceptions about serverless - how cold starts works, serverless is not just about saving operational cost, think about control with responsibility, and think about vendor lock-in with the reward.
Serverless in production, an experience report (Going Serverless)
1. The document discusses best practices for making serverless applications production ready, including practices around testing, monitoring, logging, configuration management, and continuous integration/deployment.
2. It recommends integrating serverless applications with services like API Gateway, Kinesis, DynamoDB, and SSM Parameter Store and considering practices like centralized logging, distributed tracing, role-based access controls, and parameterizing configurations.
3. The document emphasizes the importance of testing at the unit, integration, and end-to-end/acceptance levels and having automated testing and deployment pipelines to catch errors and deploy changes quickly and reliably.
Managing WorkSpaces at Scale | AWS Public Sector Summit 2016
Amazon WorkSpaces provides businesses with secure, managed desktops in the Amazon cloud, and offers an enhanced security posture, the ability to support the needs of a modern mobile workforce, and the flexibility to scale globally. In this session, you’ll hear about how organizations can simplify end user computing by moving desktops to the cloud. The session will cover identity and access management, network access and design, integration with on-premises IT infrastructure, application delivery, and the end user experience. Generalized deployment model and office in the box with a deconstructed network. You will also hear first-hand from customers who have implemented WorkSpaces and best practices for deploying Amazon WorkSpaces at scale. Topics will include security and network access, identity and access management, application delivery, and end user experience.
Do you need Ops in your new startup? If not now, then when? And...what is Ops?
Learn how to scale ruby-based distributed software infrastructure in the cloud to serve 4,000 requests per second, handle 400 updates per second, and achieve 99.97% uptime – all while building the product at the speed of light.
Unimpressed? Now try doing the above altogether without the Ops team, while growing your traffic 100x in 6 months and deploying 5-6 times a day!
It could be a dream, but luckily it's a reality that could be yours.
A brief overview of what we do at Gruntwork. Learn what we mean by "DevOps as a Service" and how you can get your entire infrastructure, defined as code, in about a day. https://www.gruntwork.io/
Listen up, developers. You are not special. Your infrastructure is not a beautiful and unique snowflake. You have the same tech debt as everyone else. This is a talk about a better way to build and manage infrastructure: Terraform Modules. It goes over how to build infrastructure as code, package that code into reusable modules, design clean and flexible APIs for those modules, write automated tests for the modules, and combine multiple modules into an end-to-end techs tack in minutes.
You can find the video here: https://www.youtube.com/watch?v=LVgP63BkhKQ
The Truth About Startups: What I wish someone had told me about entrepreneurs...
This is the talk I gave at MIT's Martin Center for Entrepreneurship. It's a talk I wish someone gave me when I was in college to help me think about the role of entrepreneurship and startups in my career.
You can find the video of the talk here: https://www.youtube.com/watch?v=Rus32iR_Ag0
This talk is a very quick intro to Docker, Terraform, and Amazon's EC2 Container Service (ECS). In just 15 minutes, you'll see how to take two apps (a Rails frontend and a Sinatra backend), package them as Docker containers, run them using Amazon ECS, and to define all of the infrastructure-as-code using Terraform.
A comprehensive walkthrough of how to manage infrastructure-as-code using Terraform. This presentation includes an introduction to Terraform, a discussion of how to manage Terraform state, how to use Terraform modules, an overview of best practices (e.g. isolation, versioning, loops, if-statements), and a list of gotchas to look out for.
For a written and more in-depth version of this presentation, check out the "Comprehensive Guide to Terraform" blog post series: https://blog.gruntwork.io/a-comprehensive-guide-to-terraform-b3d32832baca
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
This is a talk about managing your software and infrastructure-as-code that walks through a real-world example of deploying microservices on AWS using Docker, Terraform, and ECS.
Every startup begins with an idea. This is a talk on how to come up with startup ideas and how to use validation to pick the ones worth working on. It's based on the book "Hello, Startup" (http://www.hello-startup.net/). You can find the video of the talk here: https://www.youtube.com/watch?v=GkmiE8d_5Pw
A guide to hiring based on my book, "Hello, Startup". Learn who to hire, where to find them, how to interview them, and how to make an offer they can't refuse.
Recording: https://www.youtube.com/watch?v=jaSmYLymc0U
Book: http://www.hello-startup.net
This is an excerpt from my talk "Startup DNA" (http://www.slideshare.net/brikis98/startup-dna) that just focuses on the "Speed Wins" concept. For more info, check out my book "Hello, Startup: A Programmer's Guide to Building Products, Technologies, and Teams" at http://www.hello-startup.net.
Node.js vs Play Framework (with Japanese subtitles)
Video: http://www.nicovideo.jp/watch/1410857293
Here's the showdown you've been waiting for: Node.js vs Play Framework. Both are popular open source web frameworks that are built for developer productivity, asynchronous I/O, and the real time web. But which one is easier to learn, test, deploy, debug, and scale? Should you pick Javascript or Scala? The Google v8 engine or the JVM? NPM or Ivy? Grunt or SBT? Two frameworks enter, one framework leaves.
This version of the presentation has Japanese subtitles. For the English only version, see http://www.slideshare.net/brikis98/nodejs-vs-play-framework
Video: https://www.youtube.com/watch?v=b6yLwvNSDck
Here's the showdown you've been waiting for: Node.js vs Play Framework. Both are popular open source web frameworks that are built for developer productivity, asynchronous I/O, and the real time web. But which one is easier to learn, test, deploy, debug, and scale? Should you pick Javascript or Scala? The Google v8 engine or the JVM? NPM or Ivy? Grunt or SBT? Two frameworks enter, one framework leaves.
This is the English version of the presentation. For the version with Japanese subtitles, see http://www.slideshare.net/brikis98/nodejs-vs-play-framework-with-japanese-subtitles
This document discusses rapid prototyping techniques for quickly building products from ideas. Rapid prototyping allows developers to build products faster through instant feedback on code changes and leveraging existing open source libraries. It is suggested that dynamic languages, interactive development environments, and pushing code to the browser can provide very fast feedback. While prototypes may be thrown away, the rapid trial and error process of prototyping can lead to higher quality products and better engineers through continuously improving ideas.
Web pages can get very complex and slow. In this talk, I share how we solve some of these problems at LinkedIn by leveraging composition and streaming in the Play Framework. This was my keynote for Ping Conference 2014 ( http://www.ping-conf.com/ ): the video is on ustream ( http://www.ustream.tv/recorded/42801129 ) and the sample code is on github ( https://github.com/brikis98/ping-play ).
This document discusses asynchronous I/O in Java and Scala using the Play Framework. It describes how LinkedIn uses a service-oriented architecture with hundreds of services making requests to each other. It then covers how Play supports non-blocking I/O using asynchronous code, promises, and futures to allow parallel requests without blocking threads. Key points covered include using map and flatMap to transform promises and futures, handling errors and timeouts, and the benefits of non-blocking I/O for scalability.
Video of the presentation: http://www.youtube.com/watch?v=8z3h4Uv9YbE
At LinkedIn, we have started to use the Play Framework to build front-end and back-end services at massive scale. Play does things a little differently: it's a Java and Scala web framework, but it doesn't follow the servlet spec; it's fairly new, but it runs on top of robust technologies like Akka and Netty; it uses a thread pool, but it's built for non-blocking I/O and reactive programming; most importantly, it's high performance, but also high productivity. We've found that the Play Framework is one of the few frameworks that is able to maintain the delicate balance of performance, reliability, and developer productivity. In the Java and Scala world, nothing even comes close. In this talk, I'll share what we've learned so far, including details of rapid iteration with Java and Scala, the story behind async I/O on the JVM, support for real time web apps (comet, WebSockets), and integrating Play into a large existing codebase.
This is the story of the Hackday and[in]cubator programs at LinkedIn; this is the story of scalable, best-of-breed methods for driving innovation; this is the story of transformation: of your career, company, and the world.
Video of the live presentation: http://tcbaltics.com/video/jim-brikman
Startup DNA: the formula behind successful startups in Silicon Valley (update...
[Updated May 5, 2017] "Successful startups are all alike; every unsuccessful startup is unsuccessful in its own way." These are my personal observations on a few traits that make startups successful. You can find a video of the talk at https://www.youtube.com/watch?v=z_D9oXCK2lM and the book at http://www.hello-startup.net/.
The document discusses LinkedIn's adoption of the Dust templating language in 2011. Some key points:
- LinkedIn needed a unified view layer as different teams were using different templating technologies like JSP, GSP, ERB.
- They evaluated 26 templating options and selected Dust as it best met their criteria like performance, i18n support, and being logic-less.
- Dust templates are compiled to JavaScript for client-side rendering and to Java for server-side rendering (SSR) through Google's V8 engine, allowing templates to work on both client and server.
- SSR addresses challenges like SEO, supporting clients without JavaScript, and i18n by rendering
Explore the rapid development journey of TryBoxLang, completed in just 48 hours. This session delves into the innovative process behind creating TryBoxLang, a platform designed to showcase the capabilities of BoxLang by Ortus Solutions. Discover the challenges, strategies, and outcomes of this accelerated development effort, highlighting how TryBoxLang provides a practical introduction to BoxLang's features and benefits.
An MVP (Minimum Viable Product) mobile application is a streamlined version of a mobile app that includes only the core features necessary to address the primary needs of its users. The purpose of an MVP is to validate the app concept with minimal resources, gather user feedback, and identify any areas for improvement before investing in a full-scale development. This approach allows businesses to quickly launch their app, test its market viability, and make data-driven decisions for future enhancements, ensuring a higher likelihood of success and user satisfaction.
What is OCR Technology and How to Extract Text from Any Image for Free
Discover the fascinating world of Optical Character Recognition (OCR) technology with our comprehensive presentation. Learn how OCR converts various types of documents, such as scanned paper documents, PDFs, or images captured by a digital camera, into editable and searchable data. Dive into the history, modern applications, and future trends of OCR technology. Get step-by-step instructions on how to extract text from any image online for free using a simple tool, along with best practices for OCR image preparation. Ideal for professionals, students, and tech enthusiasts looking to harness the power of OCR.
introduction of Ansys software and basic and advance knowledge of modelling s...
Ansys Mechanical enables you to solve complex structural engineering problems and make better, faster design decisions. With the finite element analysis (FEA) solvers available in the suite, you can customize and automate solutions for your structural mechanics problems and parameterize them to analyze multiple design scenarios. Ansys Mechanical is a dynamic tool that has a complete range of analysis tools.
Responsibilities of Fleet Managers and How TrackoBit Can Assist.pdf
What do fleet managers do? What are their duties, responsibilities, and challenges? And what makes a fleet manager effective and successful? This blog answers all these questions.
Your project needs and long-term objectives will ultimately choose which of React Native and Flutter to use. For applications using JavaScript and current web technologies in particular, React Native is a mature and trustworthy choice. For projects that value performance and customizability across many platforms, Flutter, on the other hand, provides outstanding performance and a unified UI development experience.
In this talk, we will explore strategies to optimize the success rate of storing and retaining new information. We will discuss scientifically proven ideal learning intervals and content structures. Additionally, we will examine how to create an environment that improves our focus while you remain in the “flow”. Lastly we will also address the influence of AI on learning capabilities.
In the dynamic field of software development, this knowledge will empower you to accelerate your learning curve and support others in their learning journeys.
Discover the Power of ONEMONITAR: The Ultimate Mobile Spy App for Android Dev...
Unlock the full potential of mobile monitoring with ONEMONITAR. Our advanced and discreet app offers a comprehensive suite of features, including hidden call recording, real-time GPS tracking, message monitoring, and much more.
Perfect for parents, employers, and anyone needing a reliable solution, ONEMONITAR ensures you stay informed and in control. Explore the key features of ONEMONITAR and see why it’s the trusted choice for Android device monitoring.
Share this infographic to spread the word about the ultimate mobile spy app!
A Comparative Analysis of Functional and Non-Functional Testing.pdf
A robust software testing strategy encompassing functional and non-functional testing is fundamental for development teams. These twin pillars are essential for ensuring the success of your applications. But why are they so critical?
Functional testing rigorously examines the application's processes against predefined requirements, ensuring they align seamlessly. Conversely, non-functional testing evaluates performance and reliability under load, enhancing the end-user experience.
Break data silos with real-time connectivity using Confluent Cloud Connectors
Connectors integrate Apache Kafka® with external data systems, enabling you to move away from a brittle spaghetti architecture to one that is more streamlined, secure, and future-proof. However, if your team still spends multiple dev cycles building and managing connectors using just open source Kafka Connect, it’s time to consider a faster and cost-effective alternative.
NBFC Software: Optimize Your Non-Banking Financial Company
NBFC Software: Optimize Your Non-Banking Financial Company
Enhance Your Financial Services with Comprehensive NBFC Software
NBFC software provides a complete solution for non-banking financial companies, streamlining banking and accounting functions to reduce operational costs. Our software is designed to meet the diverse needs of NBFCs, including investment banks, insurance companies, and hedge funds.
Key Features of NBFC Software:
Centralized Database: Facilitates inter-branch collaboration and smooth operations with a unified platform.
Automation: Simplifies loan lifecycle management and account maintenance, ensuring efficient delivery of financial services.
Customization: Highly customizable to fit specific business needs, offering flexibility in managing various loan types such as home loans, mortgage loans, personal loans, and more.
Security: Ensures safe and secure handling of financial transactions and sensitive data.
User-Friendly Interface: Designed to be intuitive and easy to use, reducing the learning curve for employees.
Cost-Effective: Reduces the need for additional manpower by automating tasks, making it a budget-friendly solution. Benefits of NBFC Software:
Go Paperless: Transition to a fully digital operation, eliminating offline work.
Transparency: Enables managers and executives to monitor various points of the banking process easily.
Defaulter Tracking: Helps track loan defaulters, maintaining a healthy loan management system.
Increased Accessibility: Cutting-edge technology increases the accessibility and usability of NBFC operations. Request a Demo Now!
A captivating AI chatbot PowerPoint presentation is made with a striking backdrop in order to attract a wider audience. Select this template featuring several AI chatbot visuals to boost audience engagement and spontaneity. With the aid of this multi-colored template, you may make a compelling presentation and get extra bonuses. To easily elucidate your ideas, choose a typeface with vibrant colors. You can include your data regarding utilizing the chatbot methodology to the remaining half of the template.
This document provides an introduction and overview of DevOps concepts and practices. It discusses how DevOps seeks to resolve the core conflict between development needs to deploy new features quickly and operations needs to keep systems running stably. The document outlines some key DevOps concepts like breaking down silos between development and operations, enabling collaboration across teams, integrating tooling and automating processes to allow for faster and more reliable software releases. It also discusses how DevOps aims to better align IT capabilities with business needs like continuously delivering value to customers through software.
The document discusses continuous integration using Jenkins and Git. Continuous integration involves integrating code changes frequently from developers on a project to avoid integration problems late in a project. Jenkins is a free and open source continuous integration server that can be used with version control systems like Git to automatically build code, run tests, and generate reports each time changes are committed to the repository. Setting up continuous integration involves installing Jenkins, configuring a Git repository, and configuring Jenkins to clone the repository, build the code, run tests, and generate reports on each change notification from Git.
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...Sonatype
There are numerous examples of DevOps and Continuous Delivery reference architectures available, and each of them vary in levels of detail, tools highlighted, and processes followed. Yet, there is a constant theme among the tool sets: Jenkins, Maven, Sonatype Nexus, Subversion, Git, Docker, Puppet/Chef, Rundeck, ServiceNow, and Sonar seem to show up time and again.
Terraform can be used to automate the deployment and management of infrastructure as code. It allows defining infrastructure components like VMs, networks, DNS records etc. as code in configuration files. Key benefits include versioning infrastructure changes, consistency across environments, and automation of deployments. The document then provides details on installing Terraform, using common commands like plan, apply and import, defining resources, variables, modules and managing remote state. It also demonstrates creating an EC2 instance using a generated AMI.
This document introduces Docker Compose, which allows defining and running multi-container Docker applications. It discusses that Docker Compose uses a YAML file to configure and run multi-service Docker apps. The 3 steps are to define services in a Dockerfile, define the app configuration in a Compose file, and run the containers with a single command. It also covers topics like networking, environment variables, and installing Docker Compose. Hands-on labs are provided to learn Compose through examples like WordPress.
Chaos Engineering - The Art of Breaking Things in ProductionKeet Sugathadasa
This is an introduction to Chaos Engineering - the Art of Breaking things in Production. This is conducted by two Site Reliability Engineers which explains the concepts, history, principles along with a demonstration of Chaos Engineering
The technical talk is given in this video: https://youtu.be/GMwtQYFlojU
YouTube Link: https://youtu.be/h8uM4mezyHU
** DevOps Certification Courses - https://www.edureka.co/devops-certification-courses** This Edureka PPT on ‘DevOps Real-Time Scenarios’ will discuss the various real-time Challenges that you encounter while adopting or implementing DevOps practices.
Follow us to never miss an update in the future.
YouTube: https://www.youtube.com/user/edurekaIN
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Castbox: https://castbox.fm/networks/505?country=in
1) DevOps aims to automate and integrate processes between software development and IT teams to increase efficiency. It emphasizes cross-team communication and technology automation.
2) When adopting Salesforce DevOps, organizations face challenges around lack of best practices, admin-friendliness of tools, complexity of Salesforce environments, and finding expertise.
3) There are two main approaches to Salesforce DevOps - building out a solution using Salesforce tools like DX and scripting, or buying an ISV solution. Building provides more flexibility while buying provides pre-built features and support.
This document summarizes a presentation on pentesting like a grandmaster chess player. It discusses how chess grandmasters focus on individual skill through early and relentless practice, preparation through extensive study of opponents and scenarios, and performance through maintaining health and discipline. Specific chess players are discussed as examples, such as how Kasparov outprepared his opponent through thorough research. The document advocates pentesters similarly focus on individual hacking skills, in-depth target preparation, and optimized performance.
Recently I was asked to explain what dev-ops is at a large enterprise software vendor undergoing transformation.
In these slides, I present the concepts, tools and mindset that drive DevOPS.
In this session we will take an introduction look to Continuous Integration and Continuous Delivery workflow.
This is an introduction session to CI/CD and is best for people new to the CI/CD concepts, or looking to brush up on benefits of using these approaches.
* What CI & CD actually are
* What good looks like
* A method for tracking confidence
* The business value from CI/CD
The document discusses DevOps practices at Amazon Web Services (AWS). It begins with an overview of DevOps and how it has helped Amazon deploy code faster and more frequently. It then discusses specific DevOps tools and services offered by AWS, including AWS CodeCommit for source control, AWS CodeBuild for builds, AWS CodeDeploy for deployments, AWS CodePipeline for release orchestration, and AWS CodeStar for application development. The document explains how these services work together to enable continuous integration and continuous delivery workflows. It also discusses how AWS has implemented DevOps practices like infrastructure as code and monitoring within its own systems to deploy millions of times per day while maintaining quality, security and reliability.
Navigate the universe of CI/CD tools.
As the fastest way to production, the CI/CD pipeline is now mainstream among software companies, forming the backbone of the modern DevOps environment. While DevOps handles the culture aspect, CI/CD focuses on the process and tools.
With this guide, we hope to provide a clear overview of the various CI/CD tools categories and give a broad sampling of the various tools that are available.
Being a newer technology, Docker has yet to make its way into some computer science training programs. College programs, bootcamps, and online resources have yet to jump onto the container train; so, what's the best way for newer engineers to learn Docker from square one? Chloe (former actress turned developer) tells her story about how she went from wondering "What's a Docker?" to helping teach others about Docker and instead asking "What?? You haven't heard of Docker?". This talk is perfect for anyone new to Docker looking for how to get started, or for those interested in learning how to teach Docker to new users.
First DRAFT of a DevOps presentation and posters covering the essentials for a DevOps mindset. Help improve the content by forking and contributing a pull request to https://github.com/wpschaub/DevOps-mindset-essentials/blob/master/README.md.
This document discusses the basics of CI/CD and the different pieces involved in a CI/CD setup such as wiring projects with build servers, setting up pipelines, and pipeline as code. It explains connecting the dots between a developer's machine, repository, CI server, end users, and connecting these pieces together in the final CI/CD pipeline picture.
This document provides an introduction to Docker. It discusses why Docker is useful for isolation, being lightweight, simplicity, workflow, and community. It describes the Docker engine, daemon, and CLI. It explains how Docker Hub provides image storage and automated builds. It outlines the Docker installation process and common workflows like finding images, pulling, running, stopping, and removing containers and images. It promotes Docker for building local images and using host volumes.
The document discusses different Docker networking drivers including null, host, bridge, overlay, and macvlan/ipvlan networks. It provides examples of creating networks with each driver and how containers on different networks will connect and obtain IPs. Specifically, it shows how the bridge driver sets up a private Docker bridge network (docker0 by default) and how overlay networks use VXLAN tunnels to connect containers across multiple Docker daemons.
Showcase development processes and methods with our content ready Devops PowerPoint Presentation Slide. Focus on rapid application delivery using our visually appealing development and operations PPT visuals. The operating system PowerPoint complete deck comprises self-explanatory and editable PowerPoint templates such as need for DevOps, best practices, criteria for choosing a pilot project, DevOps goals, timeline for DevOps transformation, current state future state, 30-60-90 day plan, roadmap for DevOps, transformation post successful DevOps Implementation, RACI matrix, dashboard to name a few. Users can easily customize all the templates as per their specific project needs. Furthermore, you can also use this IT operations management presentation deck to encourage your team to adopt DevOps culture practices and tools. Demonstrate DevOps goals like Increase automation and standardize the process, reduce cost effort & time to market and so on. Download our system development lifecycle PowerPoint templates to present ways to make improved products faster for greater client satisfaction. Handle deficiencies with our DevOps Powerpoint Presentation Slides. Initiate action to acquire desired assets. https://bit.ly/3y8q8NC
Abusing bleeding edge web standards for appsec gloryPriyanka Aash
"Through cooperation between browser vendors and standards bodies in the recent past, numerous standards have been created to enforce stronger client-side control for web applications. As web appsec practitioners continue to shift from mitigating vulnerabilities to implementing proactive controls, each new standard adds another layer of defense for attack patterns previously accepted as risks. With the most basic controls complete, attention is shifting toward mitigating more complex threats. As a result of the drive to control for these threats client-side, standards such as SubResource Integrity (SRI), Content Security Policy (CSP), and HTTP Public Key Pinning (HPKP) carry larger implementation risks than others such as HTTP Strict Transport Security (HSTS). Builders supporting legacy applications actively make trade-offs between implementing the latest standards versus accepting risks simply because of the increased risks newer web standards pose.
In this talk, we'll strictly explore the risks posed by SRI, CSP, and HPKP; demonstrate effective mitigation strategies and compromises which may make these standards more accessible to builders and defenders supporting legacy applications; as well as examine emergent properties of standards such as HPKP to cover previously unforeseen scenarios. As a bonus for the breakers, we'll explore and demonstrate exploitations of the emergent risks in these more volatile standards, to include multiple vulnerabilities uncovered quite literally during our research for this talk (which will hopefully be mitigated by d-day)."
(Source: Black Hat USA 2016, Las Vegas)
This document discusses challenges with integrating security into agile development processes and proposes solutions. It notes that traditional security approaches like threat modeling and penetration testing don't work well in agile environments with short release cycles. The document recommends automating security scans and tests to run with each code change. It also suggests integrating security findings into existing bug tracking tools to streamline remediation. The overall goal is to make security practices more agile and collaborative to improve cycle times for fixing issues.
Why the cloud is more secure than your existing systemsErnest Mueller
Talk presented by Ernest Mueller at LASCON 2010 on cloud computing security and why it's likely that the cloud is more secure than what you're doing right now.
To go faster in a car, you need not only a powerful engine, but also safety mechanisms like brakes, air bags, and seat belts. This is a talk about the safety mechanisms that allow you to build software faster. It's based on the book "Hello, Startup" (http://www.hello-startup.net/). You can find the video of the talk here: https://www.youtube.com/watch?v=4fKm6ImKml8
A presentation given at the 2011 Amazon AWS Genomics meeting held in Seattle, WA.
This is a 30 minute talk I gave focusing mainly on practical tools, tips and methods for bootstrapping and orchestration on the cloud.
Covers examples of:
Ubuntu Cloud Init
AWS Cloud Formation
Opscode Chef
MIT StarCluster
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012Nick Galbreath
DevOpsSec applies DevOps principles like decentralization, shared resources, and transparency to security. It focuses on reducing the mean time to detect (MTTD) security issues and mean time to resolve (MTTR) them. Automating security testing and integrating it into continuous integration helps detect attacks and issues earlier. Treating security operations like other services improves culture.
This document discusses hacking serverless runtime environments like AWS Lambda, Azure Functions, and Auth0 WebTask. It begins by introducing the presenters and what will be covered. The document then explores how different vendors implement sandbox isolation and common attack techniques like persistence and data exfiltration. It examines specific runtimes like AWS Lambda in depth, investigating how to profile the environment, persist code, and escalate privileges. The document emphasizes that detection is difficult in serverless environments and provides examples of potential indicators of compromise. Overall, the document provides an overview of attacking and defending serverless architectures.
Today’s cutting edge companies have software release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This automation helps you catch bugs sooner and accelerates developer productivity. In this session, we’ll share best practices (including ones followed internally at Amazon) and how you can bring them to your company by using open source and AWS services.
Speaker: Raghuraman Balachandran, Solutions Architect, Amazon India
Learn how to use AWS services to automate manual tasks, help teams manage complex environments at scale, and keep engineers in control of the high velocity that is enabled by DevOps. In this session, we will provide an overview of the various AWS development and deployment services and when best to use them. We will show how to build a fully automated infrastructure and software delivery pipeline with AWS CodePipeline, AWS CodeBuild, AWS CloudFormation and AWS CodeDeploy. At the end of the session, a GitHub repository of AWS CloudFormation templates will be provided so you can quickly deploy the same pipeline to your AWS account(s).
Is Multi-Cloud good or bad? How about Serverless? The answer to all these questions is Yes, sometimes. Whether you're new to all this or a long-time industry veteran, you'll surely come away from this approachable talk with a new understanding of cutting edge technology and actionable insights on how to make smart trade offs.
Vancouver Cloud Summit 2024 (2024-04-22)
Serverless in production, an experience report (microservices london)Yan Cui
AWS Lambda has changed the way we deploy and run software, but the serverless paradigm has created new challenges to old problems: How do you test a cloud-hosted function locally? How do you monitor them? What about logging and config management? And how do we start migrating from existing architectures?
Yan Cui shares solutions to these challenges, drawing on his experience running Lambda in production and migrating from an existing monolithic architecture.
“Serverless” can be defined as a couple simple things: 1 - It’s a programming model for structuring applications as functions and events (basically a manifestation of microservices). 2 - It’s a cloud business model, where use is billed by the function call instead of by the provisioned server, so apps only pay when they run and for how long they run, eliminating over-provisioning and typically reducing costs.
In this talk, we’ll cover the what, why and how of serverless, and learn more about it through running code.
Throughout the session, we’ll focus on how the serverless model is being leveraged in the real world - not just toy functions and demos. Legacy enterprise apps - which are typically monolithic, written by large teams of Java and .Net devs, and resembling a bit of a mud ball - are being shaved down to take advantage of serverless, and we’ll be sharing some early results from those efforts. We'll discuss examples of how Fortune 50 companies are building their serverless projects on the Kubernetes and Mesos clouds they have already deployed.
Le terme “Serverless” a plusieurs significations: 1 - un modèle de programmation pour structurer les applications en tant que fonctions et événements (essentiellement une manifestation de microservices); et 2 - Il s'agit d'un modèle d'entreprise Cloud, où l'utilisation est facturée par l'appel de fonction plutôt que par le serveur provisionné, de sorte que les applications ne paient que lorsqu'elles fonctionnent et pour combien de temps elles courent, éliminant le sur-provisionnement et réduisant les coûts associés.
Dans ce discours, nous allons couvrir le quoi, le pourquoi et comment de Serverless, et en savoir plus à ce sujet en exécutant le code. Nous nous concentrerons sur la façon dont le modèle Serverless est utilisé dans le monde réel - pas seulement les fonctions et démos. Les applications d'entreprise héritées - qui sont généralement monolithiques, écrites par de grandes équipes de développeurs Java et .Net et ressemblant à un peu une grande boule de boue - sont rasées pour profiter de Serverless, et nous partagerons des résultats préliminaires de ces efforts.
Serverless in production, an experience report (FullStack 2018)Yan Cui
This document discusses considerations for making serverless applications production ready. It covers topics like testing, monitoring, logging, deployment pipelines, performance optimization, and security. The document emphasizes principles over specific tools, and recommends focusing on shipping working software through practices like embracing external services for testing instead of mocking.
Serverless in production, an experience report (London js community)Yan Cui
AWS Lambda has changed the way we deploy and run software, but this new serverless paradigm has created new challenges to old problems - how do you test a cloud-hosted function locally? How do you monitor them? What about logging and config management? And how do we start migrating from existing architectures?
In this talk Yan and Diana will discuss solutions to these challenges by drawing from real-world experience running Lambda in production and migrating from an existing monolithic architecture.
Jon Noble. Jon will give a brief overview of why you should consider security as part of your CloudStack deployment, why your approach to security needs to be different than in a traditional environment, and also talk about some of the motives behind the attacks – why they attack you and what they do once they have compromised a system.
In this talk we debunk common myths and misconceptions about serverless - how cold starts works, serverless is not just about saving operational cost, think about control with responsibility, and think about vendor lock-in with the reward.
Serverless in production, an experience report (Going Serverless)Yan Cui
1. The document discusses best practices for making serverless applications production ready, including practices around testing, monitoring, logging, configuration management, and continuous integration/deployment.
2. It recommends integrating serverless applications with services like API Gateway, Kinesis, DynamoDB, and SSM Parameter Store and considering practices like centralized logging, distributed tracing, role-based access controls, and parameterizing configurations.
3. The document emphasizes the importance of testing at the unit, integration, and end-to-end/acceptance levels and having automated testing and deployment pipelines to catch errors and deploy changes quickly and reliably.
Managing WorkSpaces at Scale | AWS Public Sector Summit 2016Amazon Web Services
Amazon WorkSpaces provides businesses with secure, managed desktops in the Amazon cloud, and offers an enhanced security posture, the ability to support the needs of a modern mobile workforce, and the flexibility to scale globally. In this session, you’ll hear about how organizations can simplify end user computing by moving desktops to the cloud. The session will cover identity and access management, network access and design, integration with on-premises IT infrastructure, application delivery, and the end user experience. Generalized deployment model and office in the box with a deconstructed network. You will also hear first-hand from customers who have implemented WorkSpaces and best practices for deploying Amazon WorkSpaces at scale. Topics will include security and network access, identity and access management, application delivery, and end user experience.
Do you need Ops in your new startup? If not now, then when? And...what is Ops?
Learn how to scale ruby-based distributed software infrastructure in the cloud to serve 4,000 requests per second, handle 400 updates per second, and achieve 99.97% uptime – all while building the product at the speed of light.
Unimpressed? Now try doing the above altogether without the Ops team, while growing your traffic 100x in 6 months and deploying 5-6 times a day!
It could be a dream, but luckily it's a reality that could be yours.
Similar to Cloud adoption fails - 5 ways deployments go wrong and 5 solutions (20)
A brief overview of what we do at Gruntwork. Learn what we mean by "DevOps as a Service" and how you can get your entire infrastructure, defined as code, in about a day. https://www.gruntwork.io/
Listen up, developers. You are not special. Your infrastructure is not a beautiful and unique snowflake. You have the same tech debt as everyone else. This is a talk about a better way to build and manage infrastructure: Terraform Modules. It goes over how to build infrastructure as code, package that code into reusable modules, design clean and flexible APIs for those modules, write automated tests for the modules, and combine multiple modules into an end-to-end techs tack in minutes.
You can find the video here: https://www.youtube.com/watch?v=LVgP63BkhKQ
The Truth About Startups: What I wish someone had told me about entrepreneurs...Yevgeniy Brikman
This is the talk I gave at MIT's Martin Center for Entrepreneurship. It's a talk I wish someone gave me when I was in college to help me think about the role of entrepreneurship and startups in my career.
You can find the video of the talk here: https://www.youtube.com/watch?v=Rus32iR_Ag0
This talk is a very quick intro to Docker, Terraform, and Amazon's EC2 Container Service (ECS). In just 15 minutes, you'll see how to take two apps (a Rails frontend and a Sinatra backend), package them as Docker containers, run them using Amazon ECS, and to define all of the infrastructure-as-code using Terraform.
A comprehensive walkthrough of how to manage infrastructure-as-code using Terraform. This presentation includes an introduction to Terraform, a discussion of how to manage Terraform state, how to use Terraform modules, an overview of best practices (e.g. isolation, versioning, loops, if-statements), and a list of gotchas to look out for.
For a written and more in-depth version of this presentation, check out the "Comprehensive Guide to Terraform" blog post series: https://blog.gruntwork.io/a-comprehensive-guide-to-terraform-b3d32832baca
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Yevgeniy Brikman
This is a talk about managing your software and infrastructure-as-code that walks through a real-world example of deploying microservices on AWS using Docker, Terraform, and ECS.
Every startup begins with an idea. This is a talk on how to come up with startup ideas and how to use validation to pick the ones worth working on. It's based on the book "Hello, Startup" (http://www.hello-startup.net/). You can find the video of the talk here: https://www.youtube.com/watch?v=GkmiE8d_5Pw
A guide to hiring based on my book, "Hello, Startup". Learn who to hire, where to find them, how to interview them, and how to make an offer they can't refuse.
Recording: https://www.youtube.com/watch?v=jaSmYLymc0U
Book: http://www.hello-startup.net
This is an excerpt from my talk "Startup DNA" (http://www.slideshare.net/brikis98/startup-dna) that just focuses on the "Speed Wins" concept. For more info, check out my book "Hello, Startup: A Programmer's Guide to Building Products, Technologies, and Teams" at http://www.hello-startup.net.
Node.js vs Play Framework (with Japanese subtitles)Yevgeniy Brikman
Video: http://www.nicovideo.jp/watch/1410857293
Here's the showdown you've been waiting for: Node.js vs Play Framework. Both are popular open source web frameworks that are built for developer productivity, asynchronous I/O, and the real time web. But which one is easier to learn, test, deploy, debug, and scale? Should you pick Javascript or Scala? The Google v8 engine or the JVM? NPM or Ivy? Grunt or SBT? Two frameworks enter, one framework leaves.
This version of the presentation has Japanese subtitles. For the English only version, see http://www.slideshare.net/brikis98/nodejs-vs-play-framework
Video: https://www.youtube.com/watch?v=b6yLwvNSDck
Here's the showdown you've been waiting for: Node.js vs Play Framework. Both are popular open source web frameworks that are built for developer productivity, asynchronous I/O, and the real time web. But which one is easier to learn, test, deploy, debug, and scale? Should you pick Javascript or Scala? The Google v8 engine or the JVM? NPM or Ivy? Grunt or SBT? Two frameworks enter, one framework leaves.
This is the English version of the presentation. For the version with Japanese subtitles, see http://www.slideshare.net/brikis98/nodejs-vs-play-framework-with-japanese-subtitles
This document discusses rapid prototyping techniques for quickly building products from ideas. Rapid prototyping allows developers to build products faster through instant feedback on code changes and leveraging existing open source libraries. It is suggested that dynamic languages, interactive development environments, and pushing code to the browser can provide very fast feedback. While prototypes may be thrown away, the rapid trial and error process of prototyping can lead to higher quality products and better engineers through continuously improving ideas.
Web pages can get very complex and slow. In this talk, I share how we solve some of these problems at LinkedIn by leveraging composition and streaming in the Play Framework. This was my keynote for Ping Conference 2014 ( http://www.ping-conf.com/ ): the video is on ustream ( http://www.ustream.tv/recorded/42801129 ) and the sample code is on github ( https://github.com/brikis98/ping-play ).
This document discusses asynchronous I/O in Java and Scala using the Play Framework. It describes how LinkedIn uses a service-oriented architecture with hundreds of services making requests to each other. It then covers how Play supports non-blocking I/O using asynchronous code, promises, and futures to allow parallel requests without blocking threads. Key points covered include using map and flatMap to transform promises and futures, handling errors and timeouts, and the benefits of non-blocking I/O for scalability.
Video of the presentation: http://www.youtube.com/watch?v=8z3h4Uv9YbE
At LinkedIn, we have started to use the Play Framework to build front-end and back-end services at massive scale. Play does things a little differently: it's a Java and Scala web framework, but it doesn't follow the servlet spec; it's fairly new, but it runs on top of robust technologies like Akka and Netty; it uses a thread pool, but it's built for non-blocking I/O and reactive programming; most importantly, it's high performance, but also high productivity. We've found that the Play Framework is one of the few frameworks that is able to maintain the delicate balance of performance, reliability, and developer productivity. In the Java and Scala world, nothing even comes close. In this talk, I'll share what we've learned so far, including details of rapid iteration with Java and Scala, the story behind async I/O on the JVM, support for real time web apps (comet, WebSockets), and integrating Play into a large existing codebase.
This is the story of the Hackday and[in]cubator programs at LinkedIn; this is the story of scalable, best-of-breed methods for driving innovation; this is the story of transformation: of your career, company, and the world.
Video of the live presentation: http://tcbaltics.com/video/jim-brikman
Startup DNA: the formula behind successful startups in Silicon Valley (update...Yevgeniy Brikman
[Updated May 5, 2017] "Successful startups are all alike; every unsuccessful startup is unsuccessful in its own way." These are my personal observations on a few traits that make startups successful. You can find a video of the talk at https://www.youtube.com/watch?v=z_D9oXCK2lM and the book at http://www.hello-startup.net/.
The document discusses LinkedIn's adoption of the Dust templating language in 2011. Some key points:
- LinkedIn needed a unified view layer as different teams were using different templating technologies like JSP, GSP, ERB.
- They evaluated 26 templating options and selected Dust as it best met their criteria like performance, i18n support, and being logic-less.
- Dust templates are compiled to JavaScript for client-side rendering and to Java for server-side rendering (SSR) through Google's V8 engine, allowing templates to work on both client and server.
- SSR addresses challenges like SEO, supporting clients without JavaScript, and i18n by rendering
Explore the rapid development journey of TryBoxLang, completed in just 48 hours. This session delves into the innovative process behind creating TryBoxLang, a platform designed to showcase the capabilities of BoxLang by Ortus Solutions. Discover the challenges, strategies, and outcomes of this accelerated development effort, highlighting how TryBoxLang provides a practical introduction to BoxLang's features and benefits.
An MVP (Minimum Viable Product) mobile application is a streamlined version of a mobile app that includes only the core features necessary to address the primary needs of its users. The purpose of an MVP is to validate the app concept with minimal resources, gather user feedback, and identify any areas for improvement before investing in a full-scale development. This approach allows businesses to quickly launch their app, test its market viability, and make data-driven decisions for future enhancements, ensuring a higher likelihood of success and user satisfaction.
What is OCR Technology and How to Extract Text from Any Image for FreeTwisterTools
Discover the fascinating world of Optical Character Recognition (OCR) technology with our comprehensive presentation. Learn how OCR converts various types of documents, such as scanned paper documents, PDFs, or images captured by a digital camera, into editable and searchable data. Dive into the history, modern applications, and future trends of OCR technology. Get step-by-step instructions on how to extract text from any image online for free using a simple tool, along with best practices for OCR image preparation. Ideal for professionals, students, and tech enthusiasts looking to harness the power of OCR.
introduction of Ansys software and basic and advance knowledge of modelling s...sachin chaurasia
Ansys Mechanical enables you to solve complex structural engineering problems and make better, faster design decisions. With the finite element analysis (FEA) solvers available in the suite, you can customize and automate solutions for your structural mechanics problems and parameterize them to analyze multiple design scenarios. Ansys Mechanical is a dynamic tool that has a complete range of analysis tools.
Responsibilities of Fleet Managers and How TrackoBit Can Assist.pdfTrackobit
What do fleet managers do? What are their duties, responsibilities, and challenges? And what makes a fleet manager effective and successful? This blog answers all these questions.
React Native vs Flutter - SSTech SystemSSTech System
Your project needs and long-term objectives will ultimately choose which of React Native and Flutter to use. For applications using JavaScript and current web technologies in particular, React Native is a mature and trustworthy choice. For projects that value performance and customizability across many platforms, Flutter, on the other hand, provides outstanding performance and a unified UI development experience.
In this talk, we will explore strategies to optimize the success rate of storing and retaining new information. We will discuss scientifically proven ideal learning intervals and content structures. Additionally, we will examine how to create an environment that improves our focus while you remain in the “flow”. Lastly we will also address the influence of AI on learning capabilities.
In the dynamic field of software development, this knowledge will empower you to accelerate your learning curve and support others in their learning journeys.
Discover the Power of ONEMONITAR: The Ultimate Mobile Spy App for Android Dev...onemonitarsoftware
Unlock the full potential of mobile monitoring with ONEMONITAR. Our advanced and discreet app offers a comprehensive suite of features, including hidden call recording, real-time GPS tracking, message monitoring, and much more.
Perfect for parents, employers, and anyone needing a reliable solution, ONEMONITAR ensures you stay informed and in control. Explore the key features of ONEMONITAR and see why it’s the trusted choice for Android device monitoring.
Share this infographic to spread the word about the ultimate mobile spy app!
A Comparative Analysis of Functional and Non-Functional Testing.pdfkalichargn70th171
A robust software testing strategy encompassing functional and non-functional testing is fundamental for development teams. These twin pillars are essential for ensuring the success of your applications. But why are they so critical?
Functional testing rigorously examines the application's processes against predefined requirements, ensuring they align seamlessly. Conversely, non-functional testing evaluates performance and reliability under load, enhancing the end-user experience.
Break data silos with real-time connectivity using Confluent Cloud Connectorsconfluent
Connectors integrate Apache Kafka® with external data systems, enabling you to move away from a brittle spaghetti architecture to one that is more streamlined, secure, and future-proof. However, if your team still spends multiple dev cycles building and managing connectors using just open source Kafka Connect, it’s time to consider a faster and cost-effective alternative.
NBFC Software: Optimize Your Non-Banking Financial CompanyNBFC Softwares
NBFC Software: Optimize Your Non-Banking Financial Company
Enhance Your Financial Services with Comprehensive NBFC Software
NBFC software provides a complete solution for non-banking financial companies, streamlining banking and accounting functions to reduce operational costs. Our software is designed to meet the diverse needs of NBFCs, including investment banks, insurance companies, and hedge funds.
Key Features of NBFC Software:
Centralized Database: Facilitates inter-branch collaboration and smooth operations with a unified platform.
Automation: Simplifies loan lifecycle management and account maintenance, ensuring efficient delivery of financial services.
Customization: Highly customizable to fit specific business needs, offering flexibility in managing various loan types such as home loans, mortgage loans, personal loans, and more.
Security: Ensures safe and secure handling of financial transactions and sensitive data.
User-Friendly Interface: Designed to be intuitive and easy to use, reducing the learning curve for employees.
Cost-Effective: Reduces the need for additional manpower by automating tasks, making it a budget-friendly solution. Benefits of NBFC Software:
Go Paperless: Transition to a fully digital operation, eliminating offline work.
Transparency: Enables managers and executives to monitor various points of the banking process easily.
Defaulter Tracking: Helps track loan defaulters, maintaining a healthy loan management system.
Increased Accessibility: Cutting-edge technology increases the accessibility and usability of NBFC operations. Request a Demo Now!
A captivating AI chatbot PowerPoint presentation is made with a striking backdrop in order to attract a wider audience. Select this template featuring several AI chatbot visuals to boost audience engagement and spontaneity. With the aid of this multi-colored template, you may make a compelling presentation and get extra bonuses. To easily elucidate your ideas, choose a typeface with vibrant colors. You can include your data regarding utilizing the chatbot methodology to the remaining half of the template.
8. I've seen things you people
wouldn’t believe. DDos attacks
starting fires off the shoulder
of Ohio (us-east-2). I watched
C-suite foreheads glitter in the
dark near their Fargate bills.
All those moments will be lost
in time, like tears in rain...
Image credit: Blade Runner, Warner Bros, 1982
11. Before After
Dev team Write code, “toss it over the wall” Write code, deploy
Ops team Rack servers, deploy code Write code, deploy
Servers Dedicated physical servers Elastic virtual servers
Connectivity Static IPs Dynamic IPs, service discovery
Security Physical, strong perimeter, high trust Virtual, end-to-end, zero trust
Infra provisioning Manual Infrastructure as Code (IaC) tools
Server configuration Manual Configuration management tools
Testing Manual Automated testing
Deployments Manual Automated
Deployment cadence Weeks or months Many times per day
Change process Change request tickets Self-service
Change cadence Weeks or months Minutes
The shift to DevOps and the cloud
12. Adopting the cloud without acknowledging
these changes leads to problems
13. This talk is about 5 common causes of
cloud adoption failure…
21. Problems with ClickOps:
1. Slow
Hours of clicking to spin up a new environment.
2. No reuse
Every deploy must be done from scratch. No leverage from previous work.
3. No audit trail
All info trapped in one person’s head. No versioning.
4. Error-prone
Manual task = human error. Deployment problems. Snowflake servers. Can’t use tests.
5. Tedious
No one likes doing slow, repetitive, error-prone, risky work over and over again.
27. The modern Service Catalog:
1. Defined as code
Using tools such as Terraform, CloudFormation, Docker, Kubernetes, etc.
2. Designed for production use
Not a “5 minute demo,” but production-grade code.
3. Meet company requirements out-of-the-box
Scalability, HA, security, compliance (e.g., SOC 2, ISO 27001, PCI, HIPAA), etc.
4. Tested to meet company requirements
Code reviews, static analysis, functional testing, policy enforcement, etc.
5. Infrastructure and app code
Defines templates and patterns for both infrastructure and applications.
28. Infrastructure
templates
This is your Cloud API
https://docs.gruntwork.io/guides/production-
framework/ingredients/service-catalog/infrastructure-templates
29. Application
templates
This is your API between the
cloud and your apps
https://docs.gruntwork.io/guides/production-
framework/ingredients/service-catalog/application-templates
33. Key idea #1: Manage everything as
code in a Service Catalog.
34. Manual provisioning à Infrastructure as code
Manual server config à Configuration management
Manual app config à Configuration files
Manual builds à Continuous integration
Manual deployment à Continuous delivery
Manual testing à Automated testing
Manual policies à Automated policies (OPA)
Manual DBA work à Schema migrations
Manual specs à Automated specs (BDD)
35. Recall the problems with ClickOps:
1. Slow
Hours of clicking to spin up a new environment.
2. No reuse
Every deploy must be done from scratch. No leverage from previous work.
3. No audit trail
All info trapped in one person’s head. No reproducibility. No versioning.
4. Error-prone
Manual task = human error. Every environment a little bit different. No testing.
5. Tedious
No one likes doing slow, repetitive, error-prone, risky work over and over again.
36. Advantages of code:
1. Slow Fast
Computers can do in seconds what it takes a human hours to do.
2. No reuse Reusable
Leverage your previous work and the work of others. Evolve your code over time.
3. No audit trail Logged & versioned
Everything is in your version control system, including the full history of changes.
4. Error-prone Reliable
Code + automated tests + code reviews dramatically reduce errors.
5. Tedious Enjoyable
Writing code and being creative is more fun than repetitive, stressful, manual work.
37. 1. Do it by hand
2. Do it live
3. Do it on my machine
4. Do it only on my machine
5. Do it once
Outline
41. But IAM is hard
Image from Why is AWS IAM So Hard? by Stephen Kuenzli
42. An error occurred (AccessDenied) when calling the
ListBuckets operation: Access Denied
(tweak the IAM policy)
An error occurred (AccessDenied) when calling the
ListBuckets operation: Access Denied
(tweak the IAM policy)
An error occurred (AccessDenied) when calling the
ListBuckets operation: Access Denied
And frustrating. It’s just “Access Denied”
over and over and over again.
45. Problems with everyone is an admin:
1. Weak security
Huge blast radius from any mistake. Any compromised credentials may result in a
severe security incident. Any guard rails you put in place are ineffective.
2. Sprawl
Tons of new accounts and resources spun up and no one knows what they are for.
3. No consistency
Everything is configured differently: logging, networking, security controls, etc.
4. Difficult to fix it
If everyone is an admin, very hard to “undo” the damage: you don’t know what they’ve
done and you’re never 100% confident you’ve reined things in.
46. “Attempting to
get all the AWS
accounts under
control”
Jacques-Louis David
Oil on canvas, 1799
49. landing zone noun
/ˈlændɪŋ zəʊn/
A streamlined way to create new accounts in your cloud provider that are
configured out-of-the-box with best practices (e.g., authentication, authorization,
logging, monitoring, tagging, guard rails, etc.).
50. Key ingredients of a Landing Zone:
1. Account structure
2. Account baselines
3. Account vending machine
51. Key ingredients of a Landing Zone:
1. Account structure
2. Account baselines
3. Account vending machine
52. account structure noun
/əˈkaʊnt ˈstrʌktʃə(r) /
How to configure multiple inter-connected accounts in the cloud to provide
isolation, compartmentalization, authentication, authorization, auditing, and
reporting.
54. Key ingredients of a Landing Zone:
1. Account structure
2. Account baselines
3. Account vending machine
55. account baseline noun
/əˈkaʊnt ˈbeɪslaɪn/
The basic set of controls installed in every account to enforce a common set of
best practices (e.g., authentication, authorization, logging, monitoring, tagging,
guard rails, etc.).
56. Description Examples
Authentication User identity, login, MFA IAM users & roles, SSO, IdPs
Authorization User permissions and access IAM policies & groups, ACLs, RBAC
Monitoring Audit logging, app logging, metrics CloudTrail, Elastic stack, Grafana
Networking IPs, routing, DNS, connectivity VPCs, NAT, Route 53, VPN, SSH, RDP
Hardening Network hardening, intrusion detection WAF, IPS, Squid Proxy, GuardDuty
Guard rails Limit what actions can be taken IAM policies, SCPs, OPA, AWS Config
Compliance Enforce compliance requirements SOC2, ISO 27001, CIS, PCI, HIPAA
Ownership Associate accounts & resources with teams Tagging, billing
Account baselines should handle:
58. Key ingredients of a Landing Zone:
1. Account structure
2. Account baselines
3. Account vending machine
59. account vending machine noun
/əˈkaʊnt ˈvendɪŋ məˈʃiːn/
An official tool or process for spinning up new accounts which enforces each of
those accounts is configured with the appropriate account baseline.
60. Key ingredients for an account vending machine:
1. Self-service
Teams should be able to spin up new accounts for themselves on-demand.
2. GitOps-driven
Under the hood, manage accounts as code checked into version control.
3. Apply baselines
The vending machine ensures the proper baseline is applied to every new account.
4. Provision access
The vending machine not only creates accounts, but also grants teams access to them
(e.g., via SSO).
61. module "account_baseline" {
source = "github.com/gruntwork-io/account-baseline"
child_accounts = {
dev = "accounts+dev@company.com"
stage = "accounts+stage@company.com"
prod = "accounts+prod@company.com"
# Add new account
example = "accounts+example@company.com"
}
}
Example vending machine: update a
file, commit, CI / CD system deploys it
62. Key idea #2: Set up your Landing Zone
as early as you can.
63. 1. Do it by hand
2. Do it live
3. Do it on my machine
4. Do it only on my machine
5. Do it once
Outline
66. Even with IaC, relying on a person to do
deployments leads to problems
67. Problems with a person deploying:
1. Error prone
Manual process = human error. E.g., fat-fingering a command, forgetting some step.
2. Not reproducible
E.g., Wrong version installed locally, accidentally deploying uncommitted changes.
3. Low bus factor
Often only 1 or 2 devs can deploy. What if they go on vacation or leave the company?
4. Race conditions
Different devs accidentally deploy different code (e.g., different branches) = conflicts.
5. Not secure
Deploying arbitrary changes requires arbitrary—admin—permissions. We already know
what happens when you give too many people admin permissions.
71. Description
GitOps-driven The pipeline is triggered by commits to version control
Defined as code The full workflow should be defined as code
Automated tests The pipeline should run pre-, post-, and during- deploy checks.
Preview environments Deploy the changes in each PR into an ephemeral environment
Promotion workflows Promote immutable artifacts across environments: e.g., dev à stage à prod
Approval workflows For some types of changes, require human approval for deployment to prod
Deployment workflows Blue/green deploys, rolling deploys, canary deploys, feature toggles
App and infra code Your need a workflows for both application and infrastructure code
Key CI / CD pipeline features:
72. The workflows for app & infra code are
similar, but with key differences.
73. Application code Infrastructure code
Run locally
• Run the code on localhost
• Make a change, refresh
• Run the code in the cloud (sandboxes)
• Make a change, redeploy (use stages!)
Code review • Submit pull request with code changes • Submit pull request with code changes
Test
• Static analysis: linter
• Functional tests: unit, integration, e2e
• Static analysis: linter, policy enforcement
• Functional tests: plan, integration
Release
• Merge pull request
• Build immutable, versioned artifact
• Merge pull request
• Create git tag
CI config
• CI server has limited permissions
• CI server triggers K8S, ECS, EC2, etc.
• Isolated worker has admin permissions
• CI server triggers isolated worker
Deploy
• Promote artifacts: e.g., dev à stage à prod
• Rolling, blue/green, canary, feature flags
• Promote tags: e.g., dev à stage à prod
• Plan, approve, deploy, hope
Workflows for app & infra code:
74. Key idea #3: The CI / CD pipeline is the
only thing that can deploy to prod.
75. No one has write access to prod (let
alone admin access) except the pipeline.
76. Key idea #4: The CI / CD pipeline will
only deploy vetted services from the
Service Catalog to prod.
77. The Catalog + Pipeline are the only path
to prod; the API between Devs and Ops.
78. Key idea #5: The CI / CD pipeline
protects its permissions for prod.
80. Giving your CI server direct access to
admin permissions considered harmful.
81. This is a BAD combination:
1. Everyone in your company can access your CI server
2. You use the CI server to execute arbitrary code
3. The CI server has admin permissions
85. The isolated worker:
1. Is highly locked down
Unlike the CI server, no one at the company has direct access to the worker.
2. Can only be triggered by the CI server
The CI server only has permissions to trigger the worker via an API & stream logs from it.
3. Exposes a limited, locked-down API
The worker only allows you to run certain commands (e.g., terraform apply), in certain
repos, in certain branches, in certain folders, etc.
4. Minimizes the potential damage
If an attacker gets access to your CI server, the worst they can do is trigger a deploy on
your own code. They do NOT get admin permissions directly.
86. 1. Do it by hand
2. Do it live
3. Do it on my machine
4. Do it only on my machine
5. Do it once
Outline
104. Devs should have sandbox accounts
for easy testing, learning, etc.
105. Tool Clouds Features
cloud-nuke AWS
Delete all resources older than a certain
date; in a certain region; of a certain type.
safe-scrub Google Cloud
Safely delete unwanted resources in a
GCP project
Azure Powershell Azure
Includes native commands to delete
Resource Groups
Run cleanup tools in cron jobs to remove
old resources in sandbox accounts
106. In prod, Devs deploy via self-service with
the Service Catalog + CI / CD Pipeline.
107. Key self-service features:
1. GitOps-driven
Everything is managed as code and driven by commits to version control. Allows code
review, testing, audit log, versioning, etc.
2. UI-driven (optional)
Web UI as a layer on top of GitOps layer to make it more accessible.
3. Focus on common use cases
E.g., Account vending machine, data store deployment, app deployment. Don’t have to
solve everything right away.
4. Access controls
Different teams can access/deploy different things. E.g., NetOps team might be able to
deploy networking, whereas app teams can deploy orchestration tools and data stores.
108. module "account_baseline" {
source = "github.com/gruntwork-io/account-baseline"
child_accounts = {
dev = "accounts+dev@company.com"
stage = "accounts+stage@company.com"
prod = "accounts+prod@company.com"
# Add new account
example = "accounts+example@company.com"
}
}
Example of self-service: update a file,
commit, CI / CD system deploys it
109. Key idea #7: Any team can contribute
to the Service Catalog.
123. “Software maintenance
cost is increasingly
growing and estimates
showed that about 90%
of software life cost is
related to its
maintenance phase.”
Which Factors Affect Software Projects
Maintenance Cost More?
Sayed Mehdi Hejazi Dehaghani and Nafiseh Hajrahimi
124. If you don’t have a plan for maintenance,
all that code you wrote will rot.
125. “Coming back to that
Terraform codebase
after 6 months.”
Eero Järnefelt
Oil on canvas, 1893
128. Key auto-update features:
1. Automation-driven
Updates are discovered and the code is updated automatically. No relying on a human
to remember it. Update cadence should be configurable.
2. GitOps-driven
The code is updated via automated pull requests.
3. Automated testing
You must have automated tests in place and running against each pull request to let
you know if the updated code still works.
4. Automated deployment
Once a pull request is merged, it must deploy automatically via the CI / CD pipeline,
promoting the update across environments: e.g., dev à stage à prod.
129. Key idea #8: Updates are pushed to the
code via PRs, automatically.
130. Key idea #9: Code without automated
tests will rot.
131. How to do automated testing for infrastructure code
https://terratest.gruntwork.io/docs/getting-started/introduction/#watch-how-to-test-infrastructure-code
132. 1. Do it by hand
2. Do it live
3. Do it on my machine
4. Do it only on my machine
5. Do it once
Outline
134. Key ideas:
1. Manage everything as code in a Service Catalog.
2. Set up your Landing Zone as early as you can.
3. Only the CI / CD Pipeline can deploy to prod.
4. The CI / CD Pipeline only deploys from the Service Catalog.
5. The CI / CD Pipeline protects its admin permissions.
6. Any team can deploy infra + apps from the Service Catalog.
7. Any team can contribute to the Service Catalog.
8. Updates are pushed to the code via PRs, automatically.
9. Code without automated tests will rot.
135. Fail Description Solution
Do it by hand ClickOps Service Catalog
Do it live Everyone is an admin Landing Zone
Do it on my machine People deploying from their computers CI / CD Pipeline
Do it only on my machine Only Ops can deploy Self-Service
Do it once Not taking maintenance into account Automatic Updates
5 cloud adoption fails and solutions:
136. The 5 solutions
are part of the
Gruntwork
Production
Framework
https://docs.gruntwork.io/guides/production-framework/
137. If you use this framework, here’s the
experience for your Ops team:
138. Step 1: Create a Service Catalog
Everything defined as code. Works for app + infra. You could build from
scratch or on top of an existing one (e.g., Gruntwork Service Catalog).
139. Step 2: Set up your Landing Zone
Set up your basic account structure, define account baselines, etc.
140. Step 3: Set up a CI / CD pipeline
Ensure it’s the only way to deploy to prod. Make it work for apps + infra.
141. Step 4: Provide self-service
Enable all teams to deploy. Start with a GitOps solution. Add UI later.
142. Step 5: Set up automatic updates
PRs opened automatically. Automated tests in place for app + infra code.
144. Step 1: Scaffold a new app
Leverage vetted application templates from the Service Catalog and the
logic built in: e.g., service discovery, packaging, monitoring, testing, etc.
145. Step 2: Deploy infrastructure
Leverage Self-Service + Service Catalog + CI / CD Pipeline.
146. Step 3: Iterate on the app
Leverage CI / CD built into the templates to deploy subsequent changes.
147. Step 4: Debug issues
Leverage monitoring, logging, alerting, etc. built into the templates.
148. Step 5: Stay up to date
Leverage auto update built into the templates. Automated PRs + tests.