Modern applications need to be fast, available, and secure. They are composed of many microservices, often supported by multiple data services. Managing each of these data services in a dynamic, Kubernetes world is complex, time-consuming and leaves little time for innovation.
Applying microservice patterns to the frontend yields microfrontends. With them, we get the benefits of microservices in the frontend.
As part of Solutions Review’s Premium Content Series—a collection of contributed columns written by industry experts in maturing software categories— Dotan Horovits of Logz.io provides an in-depth overview of OpenTelemetry and how it can help simplify DevOps monitoring. “Microservices” is the new norm for building products these days. It bears many advantages in accelerating development,…
Is your monolith on its last legs? Are you having scalability issues? Check our our free ebook on migrating from monolith to microservices.
Our Client in the Leading Automotive Industry is looking for an amazing individual that is embedded as a Kubernetes DevOps Engineer The ideal candidate should have: Create architecture components for Microservices Architecture, Cloud Architecture and Container Architecture Develop, test, and deploy work on Azure Platform At least 8 years’ worth of experience using C# or…
Distributed tracing tools help organizations find the source of an issue and monitor an application's microservices. Explore five different tools.
Software Developer Sarah Wells shares her journey from monolithic to microservices with us and tells us about the benefits and constraints associated with them.
Agility has long been a topic in organizations of all sizes. In an environment of increasing complexity, agility can become a key competitive advantage.
You shouldn't start a new project with microservices, even if you're sure your application will be big enough to make it worthwhile.
Helios' SaaS platform is designed for developers to solve intrinsic problems that arise in microservices environments. So how can it help you?…
This week's Java roundup for July 18th, 2022, features news from Oracle, JDK 18, JDK 19, JDK 20, Spring Boot and Spring Security milestone and point releases, Spring for GraphQL 1.0.1, Liberica JDK updates, Quarkus 2.10.3, CVE in Grails, JobRunr 5.1.6, JReleaser maintenance, Apache Tomcat 9.0.65 and 10.1.0-M17, Tornado VM on Apple M1 and the JBNC conference.
Microservices need a different approach when it comes to testing. The microservices test pyramid is more complex. Here's how to use it.
Continuous delivery and infrastructure as code are mainstream, right? At least, many claim to practice it. If you don't do it, you're out - or at least falling behind.
From VMs to Kubernetes and Serverless, there are many ways of to deploy microservices. The perfect method is determined by size and scaling requirements.
Posted under: General The phone rang. On the other end, I heard a booming voice many of you are familiar with. “Hey Mikey! What’s shaking? What’s your plan now that Rich is with Firemon?” It was Alan Shimel, my good friend and head of Techstrong Group. It was maybe 10 minutes after Rich’s announcement had hit Twitter. I told Alan I would stay the course, but he had other ideas. “We should do something together. Think about it.” So I did. We had a call a few days later and started sketching out what it would look like if I joined Alan and the team. I’d want to build a research team since that’s what I love to do. I’d also like to have a hand in developing the corporate strategy. Alan said that sounded great; when can I start? I wasn’t there yet. I needed to know more about the business. I needed to spend some more time with the team. So I made the pilgrimage down to Boca to do a working session with Alan and see what we could work out. I learned that Techstrong is at the center of some pretty disruptive technology shifts, like DevOps (yes, DevOps.com is ours), cloud-native computing, containers (containerjournal.com), microservices, and of course, security (securityboulevard.com). There is an excellent events business with tons of virtual events. I’ve been a guest on TechstrongTV more times than I could count, so I know about their video capabilities. And the company has a top-notch customer list. So there is an exciting platform to build on. But could I have an impact? Next, I dug into the research business that another old friend, Mitchell Ashley, created. There are some short reports and they did some speaking gigs, but Techstrong Research didn’t have a point of view about where the markets are heading. So it was “research,” but not the kind of research I do. So yeah, I can have an impact on Techstrong Research. The timing also felt right. My youngest kids are off to college in August, so it’s a good time to make some changes. It’s not like my partners at Securosis haven’t done a similar thing. Adrian headed off into corporate cloud land a couple of years ago. Rich made a move to Firemon earlier this year. As much as I loved the 12 years with Securosis, I’m ready to tilt at another windmill. Though it had to be the right situation, and I found that with Techstrong. I’m happy to say I’m taking my talents to ~~South Beach~~ Boca. I’ve taken the role of Chief Strategy Officer of Techstrong Group and General Manager of Techstrong Research. The intangibles made this an easy decision for me. It’s about working with my friends. It always has been. I have been fortunate to work with Rich and Adrian for the past 12 years. When we spun out DisruptOps, I was able to work with Jody Brazil, Brandy Peterson, and Matt Eberhart. And now I get to work with my good friends Alan, Mitch, and Parker. I have no illusions about how much work lies ahead. I’m back to building a research business, and it’s very exciting. Ultimately I’m a builder, and I’m lucky to have the opportunity to build with another set of good friends. Securosis is still a thing. Rich and I will continue to run our cloud security curriculum and training activities here. But Securosis will no longer function as an analyst firm. I’ll continue to support existing clients, but that work will transition to Techstrong Research when it makes sense. I’m not sure if this is good or bad, but you’ll see a lot more of me. I’ll be visible across the Techstrong network, writing, speaking, and interviewing exciting companies. I’ll be publishing trends and forward-looking research and ensuring that Techstrong has a strong point of view about where technology is going. I’ll be at Black Hat, so if you are there, let me know. It’ll be great to meet up, and I can fill you in on all the cool stuff we do at Techstrong. - Mike Rothman (0) Comments Subscribe to our daily email digest…
Microservices demand more complex testing strategies. Learn when to implement microservices, how to test them, and how to maintain and improve these tests.
ImmuniWeb Neuron can run in-depth testing of APIs and microservices, hosted on premises or in a cloud environment.
Like tidying up a house before a total renovation, preparing your monolith is the first step towards transitioning to microservices.
How to Achieve Fast and Secure Continuous Delivery of Cloud-Native Applications brooke.crothers Tue, 07/05/2022 - 16:11 4 views What is Continuous Delivery? Continuous Delivery is the ability to get software changes of all types, including new features, configuration changes, and bug fixes, into production safely and quickly in a sustainable way. Continuous Delivery is critical towards successfully achieving the DevOps potential across your organization. Continuous Delivery aims to reduce the time between when code is written and when it's deployed while maintaining high quality and reducing risk. It is a crucial part of the software development process as it allows teams to continuously release new features, making it possible to test them, and make changes quickly. According to research conducted by the Continuous Delivery Foundation, adopting a Continuous Delivery approach to software development offers many benefits. For example, at the organization level, it accelerates the delivery of new features, increases the responsiveness to external events and helps build deeper relationships with the product customers. At the process level, the approach helps decrease deployment pain while improving quality. Security is a Key Challenge of Continuous Delivery at Scale Although CD brings many advantages in the software development industry, 75% of organizations still can improve their processes in terms of deployment frequency and lead time for changes. The key challenges of CD at scale are the following: Pipeline sprawl Pipeline sprawl has created many management inconsistencies. For example, pipelines are not declared as code or they are patched and extended over multiple generations. In addition, pipeline sprawl across many development teams results in inconsistent CI/CD processes that create vulnerabilities. Foundational problems The 12 Factor App is a set of principles that describes a way of making software that, when followed, enables companies to create code that can be released reliably, scaled quickly, and maintained in a consistent and predictable manner. However, many developers fail to apply these 12 factors, resulting in overly complicated apps and giant monoliths that slow down build and deployment times. Furthermore, an immature development lifecycle will greatly harm CD at scale. Improper use of version control, inefficient repository structure and lack of code reviews will result in poor quality products and lack of scalable pipelines. Security and visibility Managing secrets and access to the environments is a critical factor for building trust across your CI/CD pipelines. Lack of best practices and security governance hurt your ability to audit and trace changes to your software and greatly reduces visibility into your environment. Closely related to the lack of visibility and security is having poor testing coverage and lack of quality testing to measure all indicators of development performance. Failure to address these challenges not only affects the time-to-market of your apps, but also impacts your software supply chain, leaving your organization (and your customers) open to attacks looking to exploit vulnerabilities in your applications. As demonstrated by the SolarWinds supply chain attack, the disruption can be devastating. How to enable security in Continuous Delivery When we discuss about CD, we need to understand that there are pipelines running in the environment and to secure CD we need to secure these pipelines. The foundation of security in CD is to have version controlled pipelines as code. A pipeline as code file specifies the stages, jobs, and actions for a pipeline to perform. Because the file is versioned, changes in pipeline code can be tested in branches with the corresponding application release. Pipelines as code is the first step to handle fast, secure continuous delivery at scale. When you have pipelines as code you can parameterize them, reuse them and extend them to meet your business needs. Most importantly, you can embed security and compliance policies to simplify access to approved, secured, and reliable pipelines for your development teams. Since your CI/CD is a critical component in your software supply chain, you want to be sure that your CI/CD is as secure as possible through static or dynamic testing so that your artifacts can be trusted. To achieve that, you need to consider the following important aspects: Use secure credential storage and rotate your keys frequently Inspect your build output and make sure you are not leaking secrets or any other sensitive information Code-sign all your artifacts and incorporate runtime checks to guarantee integrity As a system gets more complex, it is critical to have checks and best practices in place to guarantee artifact integrity, that the source code you are relying on is the code you are actually using. If you want to develop and deliver software that is as resilient as possible, you could leverage a security framework like SLSA (Supply chain Levels for Software Artifacts, pronounced as salsa), that includes a check-list of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in your business. Venafi Can Help Cloud-native machine identity automation gives developers a high-grade consistent deployment process with built-in workload security. With Venafi Jetstack Secure you can automate security best practices and improve the developer experience. Jetstack Secure provides vital visibility and control of X.509 certificates and their configuration status across Kubernetes and OpenShift clusters. To learn how your organization can securely automate cloud native workloads, speak to an expert. Related Posts Open Source Makes Machine Identities on Kubernetes Accessible for All Google CAS Supports cert-manager and Jetstack Secure for Cloud Native and Private PKI Pulumi Policy-as-Code for cert-manager Simplifies Machine Identity Management Open-Source Community: CNCF Sandbox Accepts Cert-Manager Anastasios Arampatzis Cloud As software development environments adopt cloud-native technologies, container-based architectures, and microservices, distributing software manually becomes less practical. But the need for speed often ignores or minimizes necessary security testing. Vulnerabilities found in the production version of an application can lead to compromised systems and data. To reduce the risk of vulnerabilities going undetected during the software development lifecycle, organizations should add continuous security validation to the CI/CD (continuous integration continuous delivery) pipeline. This makes developers more productive, reducing time-to-market despite the added layer of security checks, and more secure apps will eventually gain consumer trust over other apps that put users and their data at risk. Get Fast, Easy, and Secure Enterprise-Grade Code Signing With Venafi! Off UTM Medium Resources UTM Source Blog UTM Campaign Recommended-Resources…
Releasing microservices applications is hard when code is scattered among dozens of repos. Here's why using a monorepo might make more sense.
Kubernetes is becoming the de-facto standard for running microservices across cloud platforms and has formed its ecosystem.
Cloud native is a development approach that improves building, maintainability, scalability, and deployment of applications. My intention with this article is to explain, in a pragmatic way, how to build, deploy, run, and monitor a simple cloud-native application on Microsoft Azure using open-source technologies.
Kanban is an agile alternative that’s been receiving more attention. We spoke with Thomas Schissler about Kanban’s possibilities and its challenges.