The 4 focus areas of DevSecOps.

DevOps will make systems more secure. In opposite to what many think, adopting DevOps, with its fast release cadence, will result in hardened systems which are fully compliant with security guidelines and which can stand the modern hackers. Summary.Teams must follow, must inject, secure guidelines and practices in their way of working. This way of working needs to be highly automated, supported by machine learning and role playing. Fast, flexible, innovative, cheap, compliant and secure are the common requirements the business has on systems. In the past these requirements where a tradeoff from each other. Fast, flexible and innovative never went hand in hand with compliant and secure. With ... [More]

How to setup a VSTS pipelines for Azure Service Fabric and its containing services

Sven wrote a detailed How To covering the creating of a release pipelines for a secure Azure Service Fabric cluster and the containing services, based on a project we did together. These posts with the sources on GitHub provides some great information.The posts: Create and import the certificates Register SF Application in AAD and create AppKey Generate encrypted AppKey Lookup the service principles Create the Key Vaults with ARM Adjust the SF Application settings Upload certificates to Key Vault Register the Service Fabric System Applications Install SF Cluster with ARM Install the SF Application(s) with ARMThe sources: [More]

Test Windows applications with Appium and JavaScript.

A sample implementation is available on GitHub.Appium is an opensource test framework for validating [More]

Use Azure availability tests and load tests to analyze the decoupling needs of your system (handson).

Azure load testing can set load on your system from any location around the world. Azure availability tests can monitor and analyze the responsiveness of your system anywhere in the world.Interesting capabilities even more interesting when you combine them in an investigation of your system. When you put some load on one part of your system and monitor the availability of another part you can analyze if that load impacts the availability of the other part. When the analytics are positive, there is an impact, it is a candidate for decoupling so the parts can scale independent. PaaS services, Containers or a CDN to the rescue.The scenarioThe sales of PartsUnlimited is expanded to Asia. Due to ... [More]

Application configuration settings guidelines and practices.

Handling configuration settings for environments/ development stages is not always easy and straight forward. Application characteristics, platform capabilities, business and security requirements are different per system you build and release. Although all application differ it is always good to have guidance. Guidance in the form of guidelines, practices and opinions that worked and are adopted in projects will provide a consistent, flexible and secure way of working. On GitHub an example implementation with Net Core can be found at: (Level 2, look at the ARM templates)Levels.Following general guidelines and common practices will help to keep systems... [More]

ASP Net Core AAD User and Groups Manager on GitHub.

Just put our AAD User and Groups Manager Application on GitHub. A WebApp for end users to control AAD entries in an easy, comfortable and still controlled way. The WebApp is built with ASP Net Core 1.0, Google Material Design Lite, Azure Automation Runbooks and the AAD Graph API. The App separates responsibilities during the creation of AAD Users and Groups in two areas. The front office triggers the creation or editing of a user and assigns groups via the App. the Backoffice, AAD administrators, controls the steps and details needed for the creation of the user or group. Cloud ResourcesThe Web App uses several Cloud resources.Azure Web App, for the end user.Create, edit, delete users and gr... [More]

Small tip for Win10 Ubuntu and access GIT local repo with Visual Studio Code

Installing Ubuntu on Windows 10 is pretty easy now it is available as an app in the Store. Too bad for all non insiders, the App store version is only available for insiders Win10 environments. Still no problem ,you only have to install it the old way. Something that recently has changed on the installation is that the Linux file is hidden in your AppData folder. And it is highly recommended not to though it. When you want to control your GIT repo from this Ubuntu installation you have to do some extra steps if you want to work from Visual Studio Code or any other development environment. By default when you simply do a GIT Clone or GIT Init, the GIT repo is created in the Linux file system…... [More]

on Digital

Everybody all companies from big to small, from consultancy firm to product and tool vendor is pushing the word 'Digital' for everything they sell to their customers. It really reaches the level of ‘overkill’. There are enormous amount of ad campaigns, reports, whitepapers, workshops and quick starts for digital transformation, digital collaboration, digital disruption, digital enterprise, digital done different, digital innovation, chief digital officer (pdf), and more. Digital, in its basic meaning usually refers to something using digits, particularly binary digits (wiki). Duh Do you remember your first digital watch? All those reports and tools basically trying to tell us that we need to... [More]

Provision AWS Resources with a VSTS release pipeline.

Infrastructure as Code is one of the many practices teams have to fulfill the needs of modern systems. The provisioning of resources for systems in an automated versioned way supports also the need of consistent environments across different stages of system development, making it much more comfortable to develop, validate and test systems. Keep development, staging, and production as similar as possible.See also the Dev/prod parity practice of the 12 factor methodology. The principles of a pipeline also fit on pipelines which provision infrastructures. The artifacts should be versioned, validated, automated and more, see pipelines principles. Visual Studio Team Services and Amazon AWS VS... [More]

CICD for a cloud native services based system on Azure.

A flexible, cheap and innovative business are goals companies have. Moving to the cloud, change the way of working and make the systems more flexible are 3 drivers to reach this goal. Three forces are pushing the continues DevOps evolution: The Cloud Platform force, The System Architecture force and the Collaboration Force. 3 forces and 5 tips to stay relevant on changing DevOps. The 12-factor methodology describes practices for realizing and running cloud native systems. Practices described are supporting these business goals. … a triangulation on ideal practices for app development, paying particular attention to the dynamics of the organic growth of an app over time, the dynamics of... [More]

Şarkı Sozleri