Five great DevOps best practices for security, scalability, and performance

As Theserverside continues to investigate how best to invest in the http://www.aliyun.com/zixun/aggregation/13485.html ">devops related time and money, In order to correlate the best practices that some industry experts recommend to help build scalable, secure, and high-performance deployments, the focus is now shifting. Here are 5 tips and best practices that the industry's most important experts have tried for themselves:

1, vigilant overall security risk-tufin co-founder and CTO Reuven Harrison stressed the growing complexity of the network. The continued adoption of emerging technologies such as virtualization, Cloud, BYOD and software definition networks (SDN) means that networks are becoming more complex, more isomerization, and so are security risks, he said. "As SDN and network virtualization continue to mature, the only way to manage these networks at any level of efficiency and security is to automate key management functions," he said. "That's the premise of DevOps." But DevOps must include security as a key component, because without it, the volume and tempo of the network changes introduced by technologies such as SDN and virtualization can raise the level of it risk in that environment to the highest levels of the day. "The big challenge is that security has so far been seen as an afterthought, and security organizations are thought to be corporate inhibitors that will only tell the business what to do rather than how to do it safely." This is a cultural issue that requires security, the developer, and the operations team to nurture a level of trust and collaboration that has not been done before. The only way to do this is to do it gradually and with vigilance.

2. Observe security risk change-ASG Software FX, vice president of product management and cloud Torsten Volk, says it is important to see DevOps as a collaborative concept and process that can lead developers and IT operations to faster and more efficient deployment, operation, and upgrade applications. "Every new release before DevOps raises the same set of security considerations," he says. "However, once the new release is conducted at a much higher tempo, security has to be an uninterrupted concern." "In this context, the DevOps tool can help by proactively securing the consistency of infrastructure and software component configurations." These tools can even automate the remediation of security vulnerabilities and automatically take countermeasures by regularly validating the proper use of security best practices. Although the latter scenario sounds advanced, the endpoint is what every DevOps team is eager to reach.

3, attention to scalability-according to Pythiandevops team leader Aaron M. Lee, there are often two types of scalability that DevOps engineers need to deal with: Applications and organization. "The scalability of the app really is the question of how much time it takes to develop and operate a system that successfully delivers a certain level of concurrency, that is, to reach a level that matches or exceeds the user's needs over a period of time," Lee said. "The answer to these questions is a critical success factor for many companies, and the ability to do that is often unknown," says Lee, who said scalability is a problem for everyone. Enterprises and technology people must weigh in the function, market time, cost and risk tolerance. You need to have the right metrics, including how many users are on those endpoints in a particular pattern and how many concurrent requests there are.

4, strive to achieve ease of use-devops is automation and repeatability. Dr. Andy Piper, the CTO of the london-based push Marvell, says this requires a configurable virtual environment and a lot of it. "You have to automate to be scalable," he says, "so make sure you're using tools like Puppet and chef to automate the building and configuration of your VM." Similarly, make sure you have the ability to back it up, such as a local backup, which is more tricky to achieve, or backup in the cloud, if your product has to. "In the end, making the product easy to install, configure, and run will make the entire devops process much easier."

5, Management Gateway-infozen, Director of project Management Cloud practice, said that while the new goal is to build the best culture between the development and operations teams, it is still good to keep some gateways between the two functions in order to ensure a stable product environment. "Our team is structured to incorporate operations into development discussions and day-to-day agile development so that the operations team understands what changes will occur in future releases," she said. "The operations team is responsible for maintaining the stability of the product's operations." We found this method very effective for us. We recommend that testing and operations be automated. Our integration testing allows us to find problems before we reach production, and our operational automation enables cost efficiencies and better operations. By automating, fewer people are exposed to the production environment, which can significantly reduce human error. It also helps to improve the security situation, as fewer people need access to the product environment. ”

DevOps is not difficult. The challenge is that the organization does not take the devops approach to the challenges of integration, development, and deployment, "said Theserverside's software architect and editor Cameron McKenzie." By adopting the DevOps approach and taking note of these 5 steps, a successful devops environment is only one or two implementations.