Software is eating the world, in all sectors. Marc Andreessen, the founder of Netscape, said it long back about how software is eating the world. He also summarised that every company is a software company these days, and software companies are poised to take over broad swathes of the economy. You’ll see DevOps clearly in 2020, where continuous updates transform the way software is delivered to a nearly-limitless marketplace. DevOps has become a must to thrive in this highly competitive technological world.
While firms have different meanings of DevOps, we can define DevOps as a mindset that a team adopts to gear its engineering momentum to newer heights. DevOps is mostly about eliminating the barriers in engineering and mainly the cultural obstacles that come in between the idea and execution, making the process of shipping software better, faster, cheaper and more secure.
Whatever you may call it, it should all come down to automation at the end of the day, which in turn should help firms with developing fast, shipping fast, fail fast, recovering fast, and learning fast.
From the SDLC model to today, things have changed tremendously. in 2009, DevOps was coined, and it advocated a cultural transformation and some tech principles where everything was treated as code. Then came over the principles like CI/CD, but still, the software used to be written as a big monolith & this had numerous challenges.
So in 2011, microservices architecture was introduced, this microservices architecture advocated the fine-grained and loosely coupled components with a specific task to be carried.
The applications written following this loosely coupled microservices-based architecture were termed, cloud-native. The firms are transitioning from VMs to Kubernetes to Serverless, depending on their business needs and goals.
According to a slide from Black Hat USA 2019 by Kelly Shortridge & Dr. Nicole Forsgren, Four factors are important while benchmarking yourself with the elite performers in the DevOps industry.
In this article, we will see what the future holds for DevOps.
The Diamanti survey of more than 500 IT leaders implies container technology, by all means, has grown far beyond and has matured dramatically in one year and moved from developer experimentation to production. Cloud-Native technologies will rise to new elevations, especially Kubernetes adoption. Cloud-Native technologies give a higher advantage for the firms in faster time to market
Adopting to cloud-native practices means better innovation + advanced transformation + richer customer experience. As described in my other article, ‘Cloud-Native DevOps.’ - Cloud-Native fundamentally boosts cloud automation. It refers to automatically managing the installation, configuration, and supervision of cloud computing services. It is about using technology to make more reliable business decisions for your cloud computing resources at the right time. The Cloud-Native approach helps to release software faster with cloud automation.
According to Oracle’s predictions about the future of cloud-native, it is estimated that 80% of enterprise IT will move to the cloud by 2025. The CNCF survey results showed that the use of cloud-native technologies in production has grown over 200%.
Last year, Abby Kearns, executive director of the open-source platform as a service provider Cloud Foundry Foundation, delivered a keynote at LinuxCon + ContainerCon + CloudOpen China (known as LC3) in 2018 explained a more in-depth view of cloud-native and the future.
“Cloud-native technologies and cloud-native applications are growing,’’ Kearns said. Over the next 18 months, there will be a 100 percent increase in the number of cloud-native applications organizations are writing and using, she added. “This means you can no longer just invest in IT,” but need to in cloud and cloud technologies as well. (Quoted from Abby Kearns’s key note shaping the cloud native future)
U.S. Air Force is one of the most excellent examples she took in her talk on how agile they have become and using bleeding-edge technology & cloud-native principles. The U.S Air Force has implemented agile practices and is now taking advantage of cloud and developing apps to run on multiple clouds.
This point should have been included in the cloud-native part itself. Still, I think this needs special attention as most of the software companies now are indulging themselves with the container registries that help developers store and manage artifacts and all dependencies for the smooth flow of software development life cycle.
Just like managing application source code in a version-controlled repository such as GIT, managing Docker images is very crucial. Docker also provides similar capabilities of managing Docker images that can be managed locally on your development machine and even on a remote container registry, also known as Docker hub.
But, sometimes, these images are prone to many security-related issues and can be easily accessible by hackers. Hence, modern firms need a safe and secure way of managing and maintaining their container images through registries, container registries.
Container registry has become a must to have when it comes to DevOps teams working with containerized applications and microservices architecture. With the popularity of Docker and cloud-native applications increasing day by day, container image management has become a vital part of modern software development. Container registry is simply a collection of repositories that are primarily made to store container images.
In a recent KubeCon conference at San Diego, JFrog announced its own container registry that is impeccable and robust compared to any other in the market right now, the JFrog Container Registry. Based on the robustness of Artifactory, JFrog Container Registry is the most hardened, proven and robust free container registry on the market. It is scalable, hybrid, comes with the fine UI of Artifactory and powered by Artifactory.
The top notable container registries available in the market today include the following,
The private container registries allow companies to apply policies, security, access controls, and more to how they manage containers. The container registry should have features that include fully hybrid, Docker registry, Helm registry, Generic repositories, Remote repositories, Virtual repositories, and rich metadata.
There are a few reasons
Golang as a programming language will create more impact on the DevOps community, it is already making an impact. Most of the DevOps tools like Kubernetes, helm, Docker, etcd, Istio, etc are written in Go. Joe Beda, the creator of Kubernetes, writes about why Kubernetes is written in Go.
Golang is excellent for working in environments where you can’t or don’t want to install dependencies since it compiles into a stand-alone binary. Without having to get the whole environment set up, you can get things done in a much faster way than other programming languages.
JFrog surveyed over a thousand developers at the most recent GopherCon conferences in London and San Diego, to better understand the Go community and general sentiment towards Go modules.
Security gets more priority in the development life cycle than ever. Security becomes everybody’s responsibility rather than just the security experts.
Even though the word ‘DevSecOps’ seems like just another buzzword bingo, it is required, to give more importance to security. DevSecOps creates security awareness and a shared knowledge base within the organization to tighten the security in the software development process. Capital One breach, earlier this year, made cloud security a concerning factor and hence the focus is on securing data in the public cloud.
Samsung Note 7 disaster explains a lot about why security is so crucial at the beginning of the process and at each stage of the development life cycle. Specialists speculate that one of the problems with the Note 7 phones involved its battery management system. This system monitors the electric current and stops the charging process when the battery is full. A fault in this system led the battery cell to overcharge, become unstable, and eventually explode.
This bug fix cost Samsung nearly $17 billion. Had the company caught the issue earlier, they could have saved a lot of money and the brand reputation.
[Credit source of the above story: Synopsys]
Have some strategic approach to make security a must in the organization, here are some points to take care
Chaos engineering principles will get adopted by many firms to check the stability and reliability of the systems and to see the extent of security concerns. Intentionally harming systems can help you find bigger bugs & will make sure the hackers don’t find any loopholes in the system. This will also help organizations to find bugs before their customers do. The aim is to keep making your systems stronger than ever.
Open-source gets more and more attention since the advantages & flexibility that it brings to the developers. Open source is on the move, a recent survey by Synopsys found that almost 70% of corporate organizations are either contributing to or have open-source projects.
Open-source software is great for developers to improve their skills personally,
In a recent Open Source India 2019 conference, we surveyed almost 300 open source professionals and below is the result of responses when we asked them the reason to like Open source software.Customization is the fact that most people like open-source software.
A recent research study by CB Insights, it is estimated that the open-source services industry is set to exceed $17B in 2019, and expected to reach nearly $33B by 2022.
The big giants like Microsoft, Google, Intel, and Facebook — which are not open-source companies, are actively contributing to various projects on GitHub. Google employees have made 5,500 collective contributions in 2018. Many of these contributions have helped smaller, independent projects.
Majority support is for Google’s open-source software projects like Kubernetes, Istio, and Knative, which are in high demand. As corporate-sponsored projects become more popular, independent developers will continue to contribute. This shows that the giants should come forward and help the open-source community to grow.
For example, Microsoft’s Visual Studio Code project has over 19,000 contributors in total. With thousands of developers contributing, these tech giants benefit from the free developer input and direct user feedback. This allows organizations to build better software faster. Open Source technology has definitely gone mainstream & has a bright future.
Cheryl Hung, Director of Ecosystem at Cloud Native Foundation, makes it clear in her recent talk at ‘The Linux Foundation Open Source Summit,’ Europe that large companies are now working on Open Source projects. Especially Kubernetes, has created a huge community.
Deploying in milliseconds is the future & many firms are making use of serverless architecture to the fullest extent already. The Serverless market is expected to reach $7.7B by 2021. According to RightScale’s 2018 State of the Cloud report, Serverless is the fastest-growing cloud service model today, the annual growth rate is 75% and is expected to go beyond expectations in 2020.
Current serverless computing options include:
Why future developers prefer serverless?
In May 2017, Microsoft CEO, Satya Nadella, acknowledged the potential of serverless and its ability to change the mechanics of cloud computing.
He said, “But one of the things that I think is going to change how we think about logic completely is ‘serverless’… So the serverless computation is going to fundamentally not only change the economics of what is back-end computing, but it’s going to be the core of the future of distributed computing.” - Credits: CB Insights
Lego’s journey to Serverless will show you how your journey can start with a small step & end up with a big success. Black Friday Cyber Monday disaster made them move to Serverless. The Lego had a legacy system that includes Oracle ATG eight servers talking to the same database with SAP in the back that goes to a TAX system.
With the above legacy system, they went on for the Black Friday Cyber Monday event, which turned into a disaster while the system couldn’t control the night vertical peak. As a result, the series of events took place where the TAX system went down first, and then that took the SAP down, and as a result, the whole Lego e-commerce platform was down for flat 2 hours. This made them go through a considerable loss.
This event made them think about Serverless. How?
After the disaster, the Lego team decided to move to cloud, have a simple API, have a Lambda behind it, and just use it. This was the first step to move to Serverless at Lego. This made them also move to a microservices architecture and even DevOps and automation.
The Lego team started with a single Lambda to calculate sales tax, and now it makes use of n number of Lambda.
The whole talk is here :Serverless Journey of shop.LEGO.com - Sheen Brisals
We will see many organizations getting out of their comfort zones and trying out new technologies and even the traditional sectors like healthcare, financial institutes, governments will see an overall drastic improvement with digital transformation by embracing cloud-native and DevOps practices. Let us see some interesting recent case studies.
See how FedEx, a courier delivery services company, found its way to Digital Transformation. FedEx didn’t have enough IT professionals to work with the modern Cloud-Native and DevOps processes, but it didn’t stop there. FedEx knew the problem of not having the right skills in its talent pool of engineers, and hence CIO Rob Carte found a solution. FedEx became a university, started teaching its own engineers the advanced computing skills & modern way of software development.
For this initiative, the team was created, and it was named ‘The Cloud Dojo.’ The Dojo comprises a cross-functional team of expert cloud developers, security professionals, and operations specialists, co-located in one location. The aim was to train the team to move the traditional engineering with modern cloud practices - DevOps, Cloud-Native, Rewriting legacy applications to run in the cloud, and automation. This homegrown team, called Cloud Dojo, has reskilled more than 2,500 software programmers.
To date, FedEx has rewritten more than 200 production applications for the cloud, with more than 300 apps on tap. FedEx’s Cloud Dojo team won the 2019 CIO 100 Award in IT excellence. Read the whole story & FedEx’s CIO, Carter’s CIOs tips.
**Box’s digital transformation Journey: **
A few years ago at Box, it was taking up to six months to build a new microservice. Fast forward to today, it takes only a couple of days. How did they manage to speed up? Two key factors made it possible,
Founded in 2005, Box was a monolithic PHP application and had grown over time to millions of lines of code. The monolithic nature of their application led to them basically building very tightly coupled designs, and this tight coupling was coming in their way. It was resulting in them not being able to innovate as quickly as they wanted to. Bugs in one part of their application would require them to roll back the entire application.
So many engineers working on the same code base with millions of lines of code, bugs were not that uncommon. It was increasingly hard to ship features or even bug fixes on time. So they looked out for a solution and decided to go with the microservices approach. But then they started to face another set of problems, that’s where Kubernetes came in:)
See the full video talk by Kunal Parmar, Senior Engineering Manager at Box.
The multi-cloud approach will flourish. The majority of enterprises have a hybrid cloud strategy. Many of the applications are written to run on-prem and off-prem and potentially on multiple public cloud environments. Google’s cloud services platform Anthos is just an amazing validation that multi-cloud is going to be too flexible and cost-effective for software firms.
Azure and AWS being the leaders in this space are going to dictate the multi-cloud future.
According to recent RightScale 2019 State of the Cloud Report, it is seen that 84% of enterprises have a multi-cloud strategy.
Multi-cloud is highly relevant to today’s growing market trends. According to a recent IDC survey named ‘Cloud Repatriation Accelerates in a Multicloud World,’ multi-cloud best describes today’s cloud reality.
While there is a lot of talk going on about cloud cost optimization and vendor lock-in, multi-cloud addresses some crucial facts here, this is the model used by companies to avoid vendor lock-in, cost optimization, security, data sovereignty, minimizing downtime, etc.
Embracing DevOps is just the conversation starter and there is a long way to go. The number of companies are increasing day by day and the dependency on the cloud is hence making the DevOps market a big one. Allied Market Research estimates the DevOps market to reach $9.40 Bn, globally, by 2023 at 18.7% CAGR. DevOps brings development and operations together and gives higher confidence and freedom to the teams to ship at a higher velocity and with quality.
DevOps isn’t done growing yet; it is evolving day by day & has a bright future. We all know this, 2018 was the Year of Enterprise DevOps, according to Forrester. Businesses that practice DevOps practices recover 24 times faster from failures and spend 50% less time remediating security issues, DevOps is proven to produce happier and more engaged teams.
Hope these DevOps trends will give you an idea about where the market is going forward and how can you prepare yourself to be more agile and release fast.
#DevOps #Docker #Kubernetes
Multiple vulnerabilities in the Citrix Application Delivery Controller (ADC) and Gateway would allow code injection, information disclosure and denial of service, the networking vendor announced Tuesday. Four of the bugs are exploitable by an unauthenticated, remote attacker.
The Citrix products (formerly known as NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively, and are installed in at least 80,000 companies in 158 countries, according to a December assessment from Positive Technologies.
Other flaws announced Tuesday also affect Citrix SD-WAN WANOP appliances, models 4000-WO, 4100-WO, 5000-WO and 5100-WO.
Attacks on the management interface of the products could result in system compromise by an unauthenticated user on the management network; or system compromise through cross-site scripting (XSS). Attackers could also create a download link for the device which, if downloaded and then executed by an unauthenticated user on the management network, could result in the compromise of a local computer.
“Customers who have configured their systems in accordance with Citrix recommendations [i.e., to have this interface separated from the network and protected by a firewall] have significantly reduced their risk from attacks to the management interface,” according to the vendor.
Threat actors could also mount attacks on Virtual IPs (VIPs). VIPs, among other things, are used to provide users with a unique IP address for communicating with network resources for applications that do not allow multiple connections or users from the same IP address.
The VIP attacks include denial of service against either the Gateway or Authentication virtual servers by an unauthenticated user; or remote port scanning of the internal network by an authenticated Citrix Gateway user.
“Attackers can only discern whether a TLS connection is possible with the port and cannot communicate further with the end devices,” according to the critical Citrix advisory. “Customers who have not enabled either the Gateway or Authentication virtual servers are not at risk from attacks that are applicable to those servers. Other virtual servers e.g. load balancing and content switching virtual servers are not affected by these issues.”
A final vulnerability has been found in Citrix Gateway Plug-in for Linux that would allow a local logged-on user of a Linux system with that plug-in installed to elevate their privileges to an administrator account on that computer, the company said.
#vulnerabilities #adc #citrix #code injection #critical advisory #cve-2020-8187 #cve-2020-8190 #cve-2020-8191 #cve-2020-8193 #cve-2020-8194 #cve-2020-8195 #cve-2020-8196 #cve-2020-8197 #cve-2020-8198 #cve-2020-8199 #denial of service #gateway #information disclosure #patches #security advisory #security bugs
The year 2020 has arrived, and its arrival brings a lot of innovations and transformations in the Information and Technology (IT) sector and especially to DevOps technologies. The study conducted by experts at Grand View Research says that the DevOps market is anticipated to be worth 12.85 billion USD by 2025. The adoption of DevOps practices rose 17% in 2018 as compared to 10% in 2017, according to Statista. It has been seen that top organizations that have included DevOps practices in their Software Development cycle have experienced a 63% improvement in the quality of software deployments. Due to Agile adoption, 63% frequency in the release of new versions of software! Also, higher standards of coding have been observed.
The market for DevOps is being driven by the increased adoption of Agile methodologies, cloud technologies, rising digitisation, and business automation. Adopting DevOps in the IT culture is a necessity for better team collaborations. So is your business ready to embrace DevOps culture in 2020? Various tools available for DevOps are Docker, Jenkins, GIT, etc. You can always take assistance from Cloud DevOps Consultants or DevOps service providers. If you want to know more about DevOps trends in 2020, then keep reading.
The trends show the interests of the IT industry in CI as the only tool for deployments is slowing down. Continuous Integration (CI) is the process that automates build and runs unit tests on each PUSH of code. CI-Pipelines only work in segments. In order for all the teams to collaborate better, there is a need for automation of CI along with Continuous Delivery and Continuous Deployment of the code and binaries to the target environments. That is where DevOps comes into the picture to improve the process of planning, coding, and automation of delivery and deployment.
**Related Reading - **How to Setup a CI/CD Pipeline with Kubernetes 2020
Cyber security is one of the vital concerns for IT corporations. DevOps is going to be spending a lot of resources on security. The term being used is DevSecOps. The increase in the need for security has made the integration of security in the application development process necessary. By this measure, the vulnerabilities will decrease, and the whole process will be effective, secure, and efficient.
There will be a simplification of operations with the server-less architecture used by DevOps teams. Legacy systems are being upgraded to server-less operations with solutions like Google Functions, AWS Lambda, and Microsoft’s Azure Functions. This change is cost-effective and also improves the experience of users. This server-less architecture will be the go-to architecture for developers to increase productivity and will need DevOps automation more than ever.
Zero-touch automation is the future of DevOps automation. There will be no need for human intervention when machine learning is utilized to automate the back-up of vast data fully. The companies which have already implemented or adapted DevOps have seen a significant increase in productivity and faster rates of deployment. Understanding the DevOps cycle and administering automation between all the blocks of sequences.
There will be an accelerated shift to Cloud-native DevOps since all the enterprises are moving to Cloud-based enterprise products. Cloud adoption ensures flexibility, less downtime, reduces infrastructure expenditures. Gartner predicts that shift to the cloud by 2022 will effect 1.3 Trillion USD of IT industry spending directly or indirectly. Many companies like Google, Microsoft, and Amazon provide cloud computing and storage facilities and smooth operations. These companies are seeing a massive spike in other enterprises looking for their cloud services for faster changes in production.
#devops adoption #devops and agile #devops 2020 #devops benefits #devops
DevOps and Cloud computing are joined at the hip, now that fact is well appreciated by the organizations that engaged in SaaS cloud and developed applications in the Cloud. During the COVID crisis period, most of the organizations have started using cloud computing services and implementing a cloud-first strategy to establish their remote operations. Similarly, the extended DevOps strategy will make the development process more agile with automated test cases.
According to the survey in EMEA, IT decision-makers have observed a 129%* improvement in the overall software development process when performing DevOps on the Cloud. This success result was just 81% when practicing only DevOps and 67%* when leveraging Cloud without DevOps. Not only that, but the practice has also made the software predictability better, improve the customer experience as well as speed up software delivery 2.6* times faster.
3 Core Principle to fit DevOps Strategy
If you consider implementing DevOps in concert with the Cloud, then the
below core principle will guide you to utilize the strategy.
Guide to Remold Business with DevOps and Cloud
Companies are now re-inventing themselves to become better at sensing the next big thing their customers need and finding ways with the Cloud based DevOps to get ahead of the competition.
#devops #devops-principles #azure-devops #devops-transformation #good-company #devops-tools #devops-top-story #devops-infrastructure
DevOps is a new catalyst that is rapidly spreading throughout the tech industry. Over the years it has gained much popularity and everyone has their own interpretation of it. It emerged a few after agile programming practices, and nowadays people are trying to figure out the relevance of enterprise DevOps. Before we move on to that, we first need to understand DevOps, its culture, and some other aspects.
There are many forms of divides in the tech industry. DevOps concepts solve this one in particular. Therefore, to understand and fully appreciate DevOps we first need to focus on this dispute. Within any software company, there has long been a divide between the development and operations teams.
Development teams are responsible for creating feature-rich, seamless integrations that have varying requirements with each new customer. They’re responsible for changing user requirements, maintenance, and continuous development activities. The takeover at the start of the SDLC development cycle.
On the other hand, Operation teams are primarily responsible for system stability and accessibility. They come in towards the end of the process where handover of a software release is given. Their responsibility is reviewing implementations by the development teams and ensuring the system is accessible and stable, and recommend changes if necessary.
To break the silos between Dev and Ops DevOps takes a few leaps, enabling better collaboration and performance.
The agile admin defines DevOps as,
DevOps is the practice of operations and development engineers participating together in the entire service lifecycle, from design through the development process to production support.
The term “Dev” is an umbrella term for not only developers, but any person included in the development of the product. So, this can include QA engineers, SR engineers, and other disciplines as well. Essentially, the “dev” team are the makers of the product.
Secondly, the term “Ops” covers all operations staff including systems engineers, system administrators, release engineers, network engineers, and all other relevant disciplines. The “Ops” team is responsible for the product after its development is complete.
In conclusion, operations engineers need to adopt the same methods adopted by developers and vice versa. DevOps extends Agile principles beyond just the development stage. Rather it extends it over the boundary of development and onto the entire process up till delivery.
#devops adoption #devops and agile #devops 2020 #devops application #devops
Once an industry term becomes popular, particularly in technology, it can be difficult to get an accurate definition. Everyone assumes that the basics are common knowledge and moves on. However, if your company has been discussing DevOps, or if you are interested in learning more about it, here are some basics you should know.
DevOps refers to the restructuring of the traditional software application cycle to support Agile development and continuous improvement/continuous delivery. Traditionally, the software was created in large-scale, monolithic bundles. New features and new releases were created in large packages and released in full-scale, infrequent, major deployments.
This structure is no longer effective in the modern business environment. Companies are under increasing pressure to be agile. They must respond rapidly to changes in the business environment to remain competitive. Software development needs to be completely changed as a process so that incremental improvements can be made frequently – ideally, several times per day.
However, changing a development lifecycle completely requires major changes – in people and culture, process, and enabling tooling – to be effective. DevOps was created by the breaking down of cycles between development and operations, combining two separate functions in application development. These changes intend to support agile, secure, continuous improvements, and frequent releases.
#devops #devops adoption #devops benefits #q& #a #devops goals #devops migration #devops questions