Wednesday, February 17, 2021
Building a new software product is a highly innovative and creative process. Things simply don't go to plan all the time, setbacks and failures are inevitable along the way. What makes a difference is how a team deals with them. Each failure is an opportunity to reassess, make a change and try a different approach
BUSINESS PROBLEM & CHALLENGE
Network automation was not well practiced or well understood inside our network engineering team, but was sorely needed. We needed to decrease effort and mistakes on daily management tasks by minimizing the direct human interaction with network devices. High on our priority list of goals, was improving network security by recognizing and fixing security vulnerabilities and increasing the network performance.
HOW WE OVERCAME THE CHALLENGE
We started by simplifying daily workflows, baselining our configurations and removing snowflakes. While this can be very labour-intensive at the outset when you’re working on a global scale in a highly critical customer environment, the long-term benefits far outweighed the labour.
Next, we created an inventory file which listed all network devices by type, model, location and IP address - this enabled us to retrieve info about devices and using network programming and automation, allowing us to deploy to all devices, or even a subset of devices (eg. only those in a specific area), depending on what was needed. The benefit to this is we avoided manual configuration and logging into hundreds of different devices to add configuration to each one.
Overcoming these two big challenges set us up for success and enabled us to deploy at a global scale. We lived by the mantra:
“If it’s not repeatable, it’s not automatable. And if it’s not automatable, it’s not scalable.”
LEARNINGS AND MEASURABLE OUTCOMES
So what did we learn? For starters, it can be hard to automate a use case or test in the same way you would if doing it manually. Testing that requires physical movement, for example losing service provider links or hardware failure is also a challenge, as automating something like that is very tricky. We also learned that code reviews are extremely important. Shared code ownership means the entire team can make changes anywhere, at any time.
And what we’re the measurable outcomes?
Faster deployment times - we were able to efficiently push changes to over 300 network devices and audit the configuration of our global network, taking the time to execute from days down to hours.
Removed the fear of large and complex network changes - the accuracy and efficiency with which we were able to deploy at scale, gave business and the leadership more confidence in subsequent large scale network changes and deployments.
Faster feedback on network changes - it allowed us to get reviews on network configuration changes with version control and peer review, treating infrastructure as code (IaC).
Helped with adhering to PSIRT/CSIRT challenging timeframes and security vulnerabilities.
We started by simplifying daily workflows, baselining our configurations and removing snowflakes. Next, we created an inventory file which listed all network devices by type, model, location and IP address.
Speed of deployment; speed of feedback on network changes; speed of adherence to PSIRT/CSIRT timeframes; confidence and buy-in from senior leadership on subsequent deployments!
Have you ever tried to hammer a nail with a pair of pliers? While you may succeed eventually, the process is inefficient and frustrating because you’re using the wrong tool. The same holds true for developers who try to work with application performance management (APM) solutions to monitor mobile and web applications. Because these solutions are designed for DevOps and infrastructure teams to monitor backend systems and performance, they don’t provide the insights developers need into release stability, errors, and how these are impacting the customer experience.
Then there are application stability management (ASM) solutions, which are built specifically for engineering organizations. ASM provides actionable insights into how stable the application is, where bugs exist, and how to improve the end user experience. James Smith, CEO of Bugsnag, will explain the differences between the two solutions and outlines the benefits organizations can achieve when APM and ASM are provided to the right teams.
Apache Kafka is a complex system with multiple parameters to configure for different use cases. As a Consulting Engineer at Confluent, I can see many clients who need to benchmark their production systems and understand its capacity. Benchmark details can be used to optimize the throughput and better utilize resources. Benchmarking and measuring aren’t just for finding a bottleneck; they’re about trying to better understand the loads you’re placing on the system. This talk will focus on methods and tools of Apache Kafka performance analysis and benchmarking. It will be helpful to anyone trying to operate a large Apache Kafka cluster and achieve the throughput and latency goals.
PRO WORKSHOP (ProductWorld): Building Sticky User Experiences - Lessons Learned about What Works for Push, in-App Messages, and Email
Every day, OneSignal sends more than 8 billion messages. Looking at this aggregated data provides deep insights into what works and what doesn’t when it comes to keeping users coming back to your app or website.
In this session, I’ll cover what works and what doesn’t from learnings across 100 BN+ messages and show hands on how to use push notifications, in-app messages, email, track important outcomes, and use personalization to build great products that drive engagement.
I’ll also share insights learned from being a product manager at both Facebook and Linkedin about building engaging user experiences.
Thursday, February 18, 2021
Today, unfortunately, many agile teams are not yet able to create a true shippable increment every sprint. This is because their Definition of Done (DoD) is weak (immature).
As such, teams have a lot of UNDONE work at the end of every sprint. This work may take a lot of different forms and is usually passed on to a 'special' UNDONE department or group to be handled. In Scrum and in Large Scale Scrum UNDONE department do not exist.
It may seem that reasons for having UNDONE department are purely technical [limitations]. But this is rarely so. For the most part, they are political and have to do with traditional organizational design and sphere of control.
How confident are you that your code—including any 3rd party code your team brought in—is running in a secure and compliant manner before you deploy to production?
Imagine this - your developers check-in code for a new feature. It includes pieces of code your team wrote and pieces of code from a 3rd party. The code passes SAST & SCA and you deploy it to production. A day later, your production server is breached...and the attacker leveraged a bug in your code that caused privilege escalation and was able to become root.
In today’s microservices-containers/Kubernetes/Docker-DevOps world, a static code scanner isn't sufficient. You need RUNTIME observability into the application’s security, privacy, and compliance. Your developers need to know if their code or a 3rd party’s code can cause issues at runtime.
This panel of RUNTIME observability and security developers and experts will discuss the what, why, and how DeepFactor’s Continuous Observability platform:
- Automatically observes more than 170 parameters—across system call, library, network, web, and API behaviors in every thread of every process in every running container of your application—and detects security and compliance risks in your CI pipeline
- Detects insecure behaviors that only manifest at runtime and cannot be caught with code scanning or just looking at known CVE databases
- Reduces alert volume by prioritizing the findings of your SCA tools with runtime insights from observability tools
- Empowers Engineering leadership to accelerate productivity and decrease mean-time-to-remediate (MTTR) security and compliance risks pre-production as their teams ship secure releases on schedule
You’ll leave this session armed with the knowledge to immediately leverage continuous observability to consistently deploy apps with confidence.
Need a Kubernetes cluster for a short amount of time, but always forget to destroy them? Worry no more, as in this session we'll show you how to create a self-destructing Kubernetes Cluster.
During this talk, we'll showcase a number of technology principles: Infrastructure as Code, CI/CD, identity in the cloud and scheduling jobs on Kubernetes. We'll use Terraform, GitHub Actions and Azure Kubernetes as demo material, but the concepts of this talk translate to any technology platform.
By attending this talk you'll get a practical understanding of Infrastructure as Code, CI/CD, identity in the cloud and scheduling jobs on Kubernetes.
Runtime security for containers, Kubernetes and cloud native isn't for the faint of heart. To confidently secure your applications, you need a recipe. And, much like the one grandma used for her consistently amazing chocolate chip cookies, the one you get from this session will guarantee your security success.
In this session, Scott Surovich and POP will share practical experience and excerpts from Scott's new book Kubernetes and Docker - An Enterprise Guide. They’ll share the key ingredients for tooling that provides an engine, ruleset, and outputs that fit real-world scenarios.
They will cover:
- An introduction to CNCF open source project Falco for runtime security of applications/ cloud native infrastructure
- Real world use cases of Falco with a short demo showing rulesets and outputs valid for your business
- A primer to how to contribute your own capabilities to Falco
- A kickass chocolate chip cookie recipe to wow your friends and family
Building modern DevOps pipelines relies on using best-in-class developer tools, with a deep focus on providing real actionable developer value, and gluing them together. At Cloudsmith we believe good old package management needs a serious refresh, with a name befitting its focus on DevSecOps. We call it Continuous Packaging.
Today, building automation and security into software supply chains requires packaging source code, dependencies, and containers into logical, versioned units. Shift-Left security is not enough. Every organization needs a reliable Package Delivery Network, a single pane of glass through which you can see the flow of packages providing much-needed isolation and provenance. Two concepts we’ll outline as vital for managing secure distribution and deployments.
Context switching between your IDE, Github.com, JIRA, Terminal, and Slack is no way to optimize collaboration and it results in countless hours of distraction and lack of focus, hurting code quality. Team alignment and productivity depend on just the right mix of collaboration and staying in the zone. Extensible IDEs are opening the door to great innovation in developer workflow. Turning the IDE into the true Hub of the development flow is the best way to integrate the essential tools into a cohesive and streamlined process. In the future, your code host, issue tracker and messaging app will be placed where they belong: In your editor. Here we will discuss how such an integration should happen, and we will spell out the benefits that accrue to the individual developer, the team and the organization.
Shifting Application Security Left and into the hands of developers has been a topic of discussion, but remains just that, a discussion. Legacy solutions in the market are not built from the ground up to enable this and achieve DevSecOps. In this session we will discuss the key features that your AppSec testing tools need to enable shift left, or shift everywhere, to empower developers to detect, prioritise and remediate security issues EARLY, as part of your agile development and unit testing processes, without slowing down DevOps. The talk will include specific examples from leading organizations that have deployed these solutions, the business impact they have achieved and the steps you can take to achieve the same, across your applications and APIs
The DevOps movement has been undeniably pulling Developers into Operations. “Shift left” and “You build it, you run it” have become familiar rallying cries. But how do you actually enable developers to participate in Operations when so many policies, processes, and tools were designed to keep them out? This talk will look at how Real-Time Operations enables the safe (and sane) delegation of operational control, wherever it is needed.
Historically, data security has been an afterthought — something that others handle; the IT team will handle it after our software goes live, the client will handle it with hardware. In today’s environment of large-scale data breaches, data security as an afterthought is too little too late.
Application and data security should be part of every design and product roadmap discussion just like functionality, stability and user experience. The more mobile the data needs to be, the more agile the solution needs to be. By shifting security conversations to early in the product development lifecycle instead of after code has already been released, software organizations can save money, better differentiate their offerings and scale more effectively in the long run. This session will discuss important design considerations for application-level security and how to select tools and methods that support your software architecture instead of dictating it.
The role of the developer continues to change as they sit on the front line of application and even cloud infrastructure security. Today, developers are focused on innovating fast and improving security, but how do high-performing teams accomplish this? They commit code frequently, release often and update dependencies regularly (608x faster than others).
In this webinar, we discuss the key traits of high-performing teams and how that impacts the role of the developer.
Choose the best third party dependencies
Determine the lowest effort upgrades between open source versions
Solve for issues in both direct and transitive dependencies with a single-click
Block and quarantine suspicious open source components
As software engineers, we strive to better our craft and leave a lasting mark on the organizations we work for. Throughout our careers, we balance two types of knowledge: the combination of business domain and technical stack is our bread and butter.
No matter if you work for a bank or an app that is revolutionizing wine delivery for pets, as an engineer you tend to get better at developing features. Design patterns and approaches learned on one project can transfer into others, while the new challenges add to your skillset. Ironically what does not transfer easily between projects is the process of deploying and releasing the software that you work so hard to build. For most organizations, deployments and releases are team-centric since applications are unique but Continuous Delivery is changing that.
Learn in this session how modern Continuous Delivery approaches are ushering in standardization in one of the last and sometimes scary frontiers for software engineers, your releases. Core to Continuous Delivery is making strides in engineering efficiency. With advancements with AI/ML in your CI/CD pipelines, even the most snowflake based deployments can benefit from standardization.
Building on its rich history of innovation, Choice Hotels used a cloud-first approach to accelerate innovation and battle digital-native competitors.
To make the cloud promise a reality, Choice Hotels brought on an API-first programmable data infrastructure platform to automate data compliance and data delivery. By doing so, the organization broke down data silos, allowing software teams to significantly improve the quality and speed of application testing and development.
In this fireside chat with Jason Simpson, VP of Engineering at Choice Hotels, you’ll discover:
Learnings from a migration of hundreds of applications from legacy systems to Amazon Web Services (AWS)
Insights on leveraging data to minimize the risk of outages and delivering a frictionless experience for customers and franchisees across platforms
Reaping the scalability of cloud to manage unexpected business shifts including impacts from COVID-19
Perspectives on how Programmable Data Infrastructure can be leveraged for Migration, CI/CD Acceleration and even Service Restoration with APM Integration
Every error does not concern every engineer. Your team members don’t need to be pinged about every application error, especially when an error occurs in someone else’s part of the code. In fact, it can become a negative distraction that takes away focus from their work. Join Bugsnag's Sr. Solution Engineer to discover why eliminating noise and focusing on the bugs that you can and should fix, drive a culture of code ownership, and improves developer productivity.
How do you know your feature is working perfectly in production? If something breaks in production, how will you know? Will you wait for a user to report it to you? What do you do when your staging test results do not reflect current production behavior? In order to test proactively as opposed to reactively, try testing in production! You will have an increased accuracy of test results, your tests will run faster due to the elimination of bad data, and you will have higher confidence before releases. This can be accomplished through feature flagging, canary releases, setting up a proper CI/CD pipeline, and data cleanup. You will leave this talk with strategies to mitigate risk, to better your understanding of the steps to get there, and to shift your company’s testing culture, so you can provide the best possible experience to your users. At the end of the day, we don't care if your features work in staging, we care if they work in production.
In this session, we’ll explore how to secure your delivery pipelines, from development to deployment with key learnings including:
- Combining continuous packaging with integration & delivery.
- Applying holistic security principles across the whole value stream.
- Using infrastructure-as-code techniques to build, stage, and deploy.
With the business increased the pressure and demand of flexibility of the development team, the agile movement was pushed to the limits. CI/CD was born to reduce manual step to reduce human errors and increase speed to go-live! Last not least, with DevOps the teams took application responsibilities, from cradle to grave. Nevertheless, software security is still missing in many full-stack developers resume and application security responsibilities are pushed off to the security department still. Petty, because the exactly agile, CI/CD and DevOps are security enabling practices.
This session is explaining Shift-left, early security enablement in the development Lifecycle. As the application development becomes more developer centric, the developer’s toolset must match the new challenges to have responsibilities matching capabilities. Learn from rugged software to supply chain cleanliness. Learn to avoid the common pitfalls and benefits of modern application development strategies. Hear why security champions programmes tend to fail, compliance driven security trainings are a waste of time and money. Take back the best practices, proven solutions and Shift Left beyond the development.
Observability, instrumentation, telemetry--what does it all mean? This introduction to observability is for software practitioners who want to better understand the health of their production systems. Learn how to generate better data and gain new insights. You'll walk away ready to use observability to level up everyone on your team!
The always-on, always-available expectations of digital services have increased the requirements of technical teams to provide response and readiness around the clock. For teams new to this concept, introducing on-call can be challenging. There are technical and cultural considerations to keep in mind when adding on-call responsibilities to new teams. In this talk, we’ll look at some of those challenges and provide recommendations for folks who are dreading their new duties.
When DevOps surfaced as a concept 10 years ago, the economy was struggling, the cloud was a toddler, servers lived in office closets, and deploys were a monthly — or quarterly — Saturday exercise. DevOps was a novel concept, focused on breaking down silos and reducing conflict between developers and operations folks. It was simple, yet difficult to understand and implement. A decade on, I find myself like a kid in the backseat asking, “Are we there yet?” And even if we were, how would we know? This talk explores the state of DevOps, cloud expansion, and what’s next for modern engineering organizations.
Friday, February 19, 2021
Manage Databases with MySQL
Create, Deploy, and Manage Containers with Docker
Build and Manage Websites with Plesk
Over the past 17 years, the Linode community has grown to serve millions of developers and small businesses around the world. Tap into a diverse and growing community to accelerate your app's awareness and adoption.
Simplify your sales cycle, discover new customers and leverage co-marketing support from the Linode Partner Team. We're here to guide you through listing on the Linode Marketplace, and see what opportunities come next.
Once your listing is created, developers, teams, and companies can discover your solution in our library and quickly deploy it from our Cloud Manager, API, or CLI.
Tech giants like Amazon, Google, and Microsoft have set a north star for companies around the world to stay competitive. They engineer away every impediment to fast, reliable software releases.
To achieve Internet and cloud speed and scale, you can’t wait for anything. Everything has to be programmable and API-driven.
Over the last two decades, storage, compute, and code have all been automated, giving rise to the cloud and fast CI/CD releases.
Data is the last automation frontier. It is heavy, complex, and filled with security and privacy risk.
Cloud and Kubernetes adoption led to greater container usage in 2020. Staying up-to-date with the latest trends in security and monitoring for Kubernetes and container environments is more important than ever.
In this session, you’ll hear real-world examples of nearly one billion unique containers deployed in today’s modern global enterprises. You’ll walk away with new knowledge about:
- How organizations are dealing with container security concerns
- Interesting shifts in runtime and registry usage
- Usage trends that impact container security
- Practices others are using to to run containers with greater confidence
- Trends in lifespan and density as container usage matures
We’ve all heard the buzz around pushing application security into the hands of developers, but if you’re like most companies, it has been hard to actually make this a reality. You aren’t alone - putting the culture, processes, and tooling into place to make this happen is tough. Join StackHawk CSO Scott Gerlach as he shares his triumphs and failures while building DevSecOps practices and tools at companies such as GoDaddy, SendGrid, and Twilio. Dig into specific reasons why developers struggle with AppSec and what you can do to make it work better. Whether you’re a seasoned DevSecOps pro or just starting out, this will be an entertaining (and judgement-free!) talk you won’t want to miss!
OPEN TALK (CloudWorld): The Good, the Bad and the Ugly: Keeping Your Service Reliable with SLIs and SLOs
With increasing service traffic and services scaling, the need to ensure reliability and customer satisfaction has never been higher. How can we ensure that a service is reliable and the needs of customers are met?
Through defining and monitoring SLIs and SLOs! This talk will cover why strategically defining SLIs, SLOs and SLAs and monitoring SLIs can help improve the reliability of your service and ensure customer satisfaction in the long term. We follow this by walking through the process of defining these critical metrics, and go through some case studies and industry practices.
K8ssandra has made it effortless to deploy Apache Cassandra on Kubernetes. Long a simple means of deploying stateless applications, modern tooling and APIs has facilitated the move of databases to this pervasive platform. Join Chris Bradford in deploying the K8ssandra stack to Kubernetes. Learn how it packages a production Cassandra deployment with supporting tooling alongside Stargate, a next generation data gateway. We will explore everything from the management interfaces leveraged by DevOps teams to performant, highly available, REST, Graph, and Document APIs for developers.
You have successfully stepped on the Kubernetes bandwagon and joined the multitude of companies who think Kubernetes will solve all their problems. But no one told you how. What kind of DevOps processes need to be build on top of Kubernetes to reap the benefits of all that was promised ? How do you do CI/CD, monitoring, On calls, upgrades, maintenance and more. More, so how do you do all this when your Enterprise runs on bare metal and machines go down and never come up for weeks ? You will leave this talk with a recipe for doing DevOps within your Enterprise using Kubernetes. You will become more confident of the exact steps you need to follow to deliver a good experience for your internal developers while still maintaining their trust and zero downtime for their applications. You will also learn about delivering software using staged manner across your data centers. All of this will be shared from a real experience of running Kubernetes clusters at Salesforce.
The networked software systems we build are increasing in complexity every moment. From the abstractions of cloud hosting and inherited libraries to container scheduling and third-party vendors, the turtles go all the way around!
Today the most successful builders and operators are embracing complexity through CI/CD, Chaos Engineering, and innovation in Incident Response. They realize that the adaptive world around us is advancing at such a breakneck speed, it is leaving our capacity to understand it in the dust. That humans and technology must race a gauntlet of automation surprises and collaboration challenges as a team, learning and improving along the way.
This session showcases methods of deploying, running, and navigating complexity. It offers a practical view of how software systems can scale and remain robust to failure (like fallbacks or high-availability), achieve highly reliable socio-technical operations (via runbooks and game-days), and adapt to surprise through techniques of resilience engineering (graceful extensibility and building for adaptation).
Are you ready to say goodbye to your application backlog, and hello to developing apps at lightning speed? Look no further than progressive web apps.
Progressive web apps (PWAs) are web apps that provide end-users with a frictionless experience while still offering the features of the native-like applications they know and love. Some of the key benefits of PWAs include cross-platform, independent distribution, no installation, and offline capabilities.
In this session, Rui Barbosa, Developer Advocate at OutSystems, will demonstrate how to quickly build a mobile application from scratch and immediately distribute it using PWA technology. See how the OutSystems platform can empower you to become a world-class problem solver!
Are you struggling with security testing of your APIs, web-services or cloud-native applications? Are you looking for new ways to test security without impacting velocity? Would you like to get visibility into sensitive data that your application handles? If answer to any of these questions is yes, allow us to introduce you to new and unique ways to perform security testing. In this session, we will give you an overview of developer friendly security test tools from Synopsys for unparalleled accuracy and visibility into application vulnerabilities with remediation guidance and just-in-time contextual training to help your developers with remediation effort to improve your application security posture.
Provisioning AWS resources one by hand is tedious and cumbersome, especially in an environment where you have multiple similar set ups. Learn how you can use AWS CloudFormation to simplify setting your virtual machine up and how it can be used to even install and configure your software for you.