How to manage feature flags in ASP.NET Core apps with Azure?
No matter how simple or complex an application is, choosing the right configuration provider right at the start will mak...
The turn of the year was filled with technology news. From big-ticket IPOs like Snowflake or Airbnb, through large-scale acquisitions (Salesforce and Slack), to Silicon Wars, and many more in between.
This trend continued pretty much all year. NFTs and web 3.0 took over the media by storm, as did the Metaverse. What’s ahead of us?
It’s definitely worth keeping an eye on what’s happening and orienting yourself around it, so you don’t get caught by surprise later.
Back in February, Kubernetes was that crazy buzzword that made everyone want to jump on the bandwagon, regardless of whether they actually needed it or not.
So far – not much has changed. But there is also some good news.
While k8s may not be the answer to everything, when you need to build at scale, it can give the speed and agility you need to iterate fast.
One of our clients has recently started using an enterprise-scale Kubernetes platform, speeding up their work big time. It wasn’t easy though, as it took a lot of time, effort, and knowledge, which isn’t always available.
Containers have not yet come so far as to become a commodity, but they are being used more and more. There are still skill and personnel shortages, but organizations are starting to invest in building them.
So, the point still stands. For small-scale projects – maybe think again or come back to it later. For enterprise-scale – make sure you know what you’re in for.
A good example of where this part of the industry is heading and where to focus is the recently released Azure Container Apps service. All benefits from a containerized app, without the struggle with K8s infrastructure, paid per-use. What to not like about it?
A fire in one of the large data centers last spring pushes to draw your attention to two facts:
1. The cloud is not the same as backup.
While vendors constantly work on improving and maintaining service availability, SLAs still apply.
When you use cloud software, you need to know what the expected downtime can be and plan accordingly.
Sometimes, it means paying a little more to make sure your services keep running when nothing else does.
2. #HugOps matters as much as any other “Ops”.
Yes, system downtime is an inconvenience. But it also puts enormous strain on teams that have to work under pressure of time and public scrutiny to pick up the pieces.
Stuff can happen – and probably will happen – to us all, so let’s look out for each other.
Stuff happens at any scale – good example is recent AWS downtime. No vendor is down-time prone here. Be prepared for it.
With technology, it’s easy to give in to the “move fast and break things” trend. It’s one of the reasons that preview features are not always trusted. It’s not necessarily a bad thing.
Preview features are not 100% finished, so there may (and usually will) be some limitations in performance, functionality, or security. With that being said, they can often add long-awaited functionalities to your services.
For example AAD Connect will soon feature multi-tenant sync in preview. With it, you’ll be able to sync one object to multiple tenants in the same or different environments.
This is good news as it’s something that has long been missing in many testing scenarios.
Still, the disclaimer stands – if you want to use something in preview, you need to be able to accept a degree of risk.
World Password Day seemed like a good time to talk about secure authentication and the importance of covering the basics when it comes to endpoint security.
Since then, Microsoft has released a new edition of their Digital Defense Report. And I am strongly encourage you to review it.
The good news is that simulation training can reduce the risk of falling for a phishing attempt by 50%.
Even so, there is no magic cure for breaches. But the best prevention is always the same: take care of the essentials.
If you want to have a single document to refer to in next year keep this one handy – Microsoft Cybersecurity Reference Architecture.
It is a good point to educate yourself, even if you are not on Microsoft stack.
Staying on the topic of security for a moment, an important trend that emerged this year is the Zero Trust security approach.
As per this report from Okta, identity is still the key point of focus for adoption.
No need to tell that it’s good news or that it’s a good place to start.
But to make it effective, you need to extend the zero trust approach (and mindset) to your entire environment.
Here is where organizations are now:
It’s not just about the endpoints. You also need to protect your devices, communication systems, and security systems from manipulation.
Speaking of security systems – don’t forget to close your security feedback loop!
As with anything, prevention is better than a cure. As developers, we need to look after our code security.
But to be truly safe, we need to monitor environments at scale – aggregating signals of all events that are happening, whether identity- or network-related, and highlighting any anomalies.
One way to do it is to plug your DevOps pipelines into a SIEM/SOAR system. It can analyze all events and send you signals automatically when anything of concern happens, so you can react fast.
Shameless plug here – you could take advantage of a Managed SOC service deployed in less than an hour, and be sure that your resources have 360 security coverage.
Below is the video about automation in Managed SOC, where our security expert Konrad, explains how he uses DevOps practices in the security services to make them more reliable.
Where is the power of SOC powered by a cloud? Here it is – 220 new playbook templates to respond to incidents release for free.
Anyone who is not using Sentinel needs to build them. Here you have them, can build and deploy automatically. Think about it.
The biggest problem here is usually getting started.
The market keeps changing, competition seems to be speeding ahead, and it’s easy to default back to standard practices.
In the long-term, this approach won’t work. Not just from a business point of view, but also considering your people.
Developing your teams and giving them a chance to build up their skills is essential if you don’t want to watch them leave for other opportunities.
The good news is, you don’t need to start with a revolution. Take it in small steps, make small improvements to everyday processes, and scale up when you’re ready.
Another shameless plug – we can help you with that. Whether you’re just starting out with DevOps or are more advanced and need some help to go further, we’ve got an option for you.
And if you want to have an educated opinion in the upcoming battle of Azure DevOps vs GitHub here is a webinar from our DevOps Lead Brett on the subject.
As the multicloud approach gains popularity, understanding different cost models becomes more and more important.
In spite of this, many organizations (over 40% according to the latest FinOps report) are still only beginning to understand how to manage cloud costs.
The need for it won’t go away. If you want to make sure you’re getting the right return on your investment, consider shifting costs management left – and add it as a function of your IT teams:
Forget about manual data analysis. The time of people poring over spreadsheets for days is over.
With the volume of data increasing every day and eventually predicted to reach critical mass, DataOps is not an option but a necessity.
Think about your data flows and start looking for ways to standardize and automate them.
It’s definitely an area of growing importance, and I will keep coming back to it next year.
In the meantime, take care of the most important aspect – your people. You need specialists who know the business and at the same time, know how to change data into information and predictions.
They need to be technical experts who know how to use new tools and technologies and get information from modern data sources (cloud systems, social, unstructured data).
The whole book about DevSecOps can be written and still it wouldn’t cover the entire topic.
The key takeaway here is that application or infrastructure security won’t take care of itself, and we need to make sure it’s built in from the start.
The Ultimate DevSecOps library is highly recommended as a reference guide, whether you’re getting started with it or are looking to improve your current practices.
Two tools now dominate the DevOps landscape: Azure DevOps and GitHub. Both are owned by Microsoft.
It doesn’t take insight knowledge to presume that eventually, one of them will be taken over by the other.
At the same time, both of them are heavily in use, so neither will be going away any time soon.
Which one should you be using? All signs seem to be pointing towards GitHub.
Still, it doesn’t yet provide all the functionalities that ADO has, so if you’re developing apps at scale, you’re probably better off sticking with it for a while:
Well, that’s it – 12 key lessons from 12 months of 2021. Have you got any lessons or tips of your own? Let me know and I’ll share them with the community.
Have a happy 2022!
Read similar articles