An Introduction to DevOps Practices and Tools

In the last few years, we’ve have had the opportunity to work with a diverse set of customers in the APAC and the US region. We’ve helped them migrate and maintain their infrastructure on AWS cloud. We have embraced and evangelized a 360 degree approach towards application, infrastructure and data management, availability and security. This helped us achieve light touch, automation focused and fault tolerant deployments. I want to describe a few of these practices and tools in this post.

This is a first of many posts on the series, and I’ll be doing a deep dive on specific topics in subsequent posts. If there are specific questions you’d like answered, or if you want to know what tools and practices are suitable for your environment, please leave a message in the comments section, or contact me directly.

DevOps Methodology and Practices

Development Stage

This section describes the various processes that are implemented during various stages of the solution life-cycle. These include:

• Build automation design (CI/CD)
• Architecture and deployment planning (Dev, Stage and Production)
• System bench-marking and sizing
• Disaster recovery planning and design
• Security design
• Functional and load testing
• Go-Live and data migration planning
• Data migration and cut-over

Post Go-Live

Once an application is live, operations support teams need to work with developers to implement the following practices:

• App monitoring and management
• Deployment and rollback strategy (in place updates vs A/B deployments)
• Infra monitoring and management
• Incident management
• Cost analysis, management and optimization
• Disaster recovery rehearsals
• Data backup and restore rehearsals
• Security audits and management
• Configuration management for patches and upgrades (OS, supporting software)
• Manage CI/CD pipelines for application updates
• Analytics and Reporting (Up-time and SLAs)

Tools and Solutions

Tools play an important part in supporting a full blown deployment and DevOps practices. I’ve listed a few of these below categorized by practice. In each of these areas, there are several options available. The order of recommendations is usually as follows:

1. Open source tools
2. Free tools
3. Commercial tools with SaaS models
4. Commercial tools with licensing

This is a general rule we follow, unless no effective tools exist in the free/open source space. Even so, this is not an exhaustive list and only a compilation of most commonly used tools. There may be other tools that better suit your requirements.

Infrastructure monitoring and management

These tools are used for machine level CPU, memory, network and service monitoring. Can be configured for SLAs, notifications and escalations.

• Nagios + Cacti (self-hosted)
• OpsView (self-hosted, Freemium)
• DataDog (SaaS)
• Zabbix (self-hosted)

Service up-time monitoring

Independently monitor web site endpoints for up-time.

App performance management and monitoring

Monitoring bottlenecks and problem areas in application code.

• NewRelic
• AppDynamics
• Crashalytics — Mobile app monitoring and analytics. Similar to what NewRelic does for backend code.
• CleverTap — Mobile analytics for user behavior.

Functional + Load Testing Tools

• Apache JMeter — Open Source web application load testing
• Cloudqa.io — SaaS web application functional testing. Cross browser testing
• Selenium — Self hosted web application functional testing
• Appium — Mobile application functional testing

Anti-virus and Anti-malware

• Trend Micro Deep Security
• McAfee ePO and Endpoint Protection

Intrusion Detection and Prevention (IDS/IPS)

• OSSEC — Host based intrusion detection
• Snort — Network based intrusion detection

Web Application Firewall and DDoS Protection

• Incapsula Imperva
• CloudFlare
• Akamai

Continuous Integration and Delivery (CI/CD)

• Jenkins

Single Sign-On (SSO)

• Okta
• PingIdentity

OWASP Top 10 Compliance

• IndusGuard Web

Patching and configuration management

• Puppet
• Chef
• Ansible

Compliance

• SafeNet

Data Encryption

• CipherCloud

Vulnerability Assessment and Penetration testing (VAPT)

• Nessus

Log management

• Splunk
• SumoLogic
• ELK (Elasticache, Logstash, Kibana)

Data backup

• AWS Storage Gateway (Cloud based backup solution)
• Zetta (Cloud based backup solution)

Incident Management, Ticketing and Resolution

• PagerDuty
• FreshDesk
• JIRA
• Redmine

References

• http://cloudnewsdaily.com/wp-content/uploads/2015/03/cloud-security-companies.png
• http://www.crn.com/slide-shows/security/300079531/the-20-coolest-cloud-security-vendors-of-the-2016-cloud-100.htm?itc=refresh
• https://www.owasp.org/index.php/Appendix_A:_Testing_Tools
• https://www.owasp.org/index.php/Category:Vulnerability_Scanning_Tools
• https://www.indusface.com/index.php/products/indusguard-web
• http://www.softwaretestinghelp.com/most-popular-web-application-testing-tools/

Originally published at https://www.linkedin.com on September 11, 2016.