DevOps Choices (a Plethora)

You gotta have one of each. Or several.

                       

Overview

• Governance
• Implications
• Development environment:
  • Development process
  • Developer laptop
  • Microservice management
  • Single-Sign On Authentication / User Management
  • Input formats
  • Input cloud locations
• Servers
  • VPN (Virtual Private Network)
  • Cloud environment
  • Load Balancer
  • Content Distribution Network
  • Server Operating System
  • Source repository
  • Bit and Image Repository
  • Task runner CI
  • Build Tool
  • Specifications repository
  • Programming Languages
  • Integrated Development Environments
  • Static Code Scanner
  • UX Design Tools
  • Graphics Processing
  • Mobile platforms
  • Mobile testing
  • Unit & Functional testing
  • Performance testing
  • Defect Management (ALM)
  • Logging and log management
  • Data Visualization
  • In-Memory Databases
  • Back-end Databases
  • Geographic Databases
  • Message queuing
  • Notifications
  • Email & SMS
  • REST API management
  • Machine Learning
  • Other technologies
• More on DevOps

This page is one of a series on DevSecOps.

There are many choices of specific technologies within each category:

1. Governance
2. Development process

3. Developer laptop

4. Microservice management
5. Single-Sign On Authentication
6. Input formats

7. Input locations

8. VPN
9. Cloud environment
10. Load Balancer
11. Content Distribution Network
12. Server Operating System
13. Source repository
14. Bit and Image repository
15. Continuous Integration Task Runner

16. Build tool

17. Specifications repository
18. Programming Languages
19. Integrated Development Environments
20. Static Code Scanner
21. UX Design Tools

22. Graphics Processing

23. Mobile platforms
24. Mobile testing
25. Unit/Functional testing
26. Performance testing

27. Defect Management (ALM)

28. Logging and log management
29. Visualization
30. In-Memory Databases
31. Back-end Databases

32. Geographic Databases

33. Message queuing
34. Notifications
35. Email & SMS
36. REST API management
37. Machine Learning
38. Other technologies

---

Governance

What is it about forcing manual approval from “executive” level personnel?

Is it to encourage (force) more participation from them?

If so, what do we want them to do before approving or disapproving each request?

How often are those actions actually performed (versus perfunctory approval)?

Since approvals may cause some delay, is the price of such delays worth the actual security increase?

Can those actions be automated to ensure that they actually get done, every time, with less delay?

That is the basic question asked by DevSecOps.

Implications

So many choices lead to integration nightmares as many of the pieces don’t all work together easily.

There is wasted time learning a technology to later learn that it can’t be used (such as Windows Mobile).

Too many choices lead to conflict among people.

There are two extremes in how organizations cope with so many choices:

• limit fragmentation (and costs) by enfocing available choices

• allow for individual experimentation for creativity.

Which really yields the fastest speed to market and quality?

Which yield a fragile environment?

---

Development environment:

Development process

Boards, burn-down charts.

• Scrum
• Kanban
• Lean
• Atlassian JIRA
• etc.

Developer laptop

• Apple Macintosh OSX
• Microsoft Windows 7
• Microsoft Windows 10
• Tablet?

Microservice management

• Docker
• Vagrant (on Macs)
• Mesos (open source)
• Marathon
• Docker Swarm
• Kubernetes
• VMWare vRealize suite (vRA, vRO)
• etc.

Single-Sign On Authentication / User Management

• Forgerock (federated)
• Okta
• LDAP
• ASP.Net Identity
• PKI/encryption CA server
• OAuth0 (SaaS)
• OAuth1 (PKI certificates)
• OAuth2 (SHA1)
• etc.

Input formats

• CSV, JSON, XML, YML, config
• Google Sheet (online)
• Excel .xlsx, .xls (Microsoft Office, Office365)
• Word .docx, .doc (Microsoft Office, Office365)

Input cloud locations

• Dropbox
• Box
• Google Drive
• Microsoft OneCloud
• etc.

Servers

• HP
• Dell
• IBM

VPN (Virtual Private Network)

• Cisco
• etc.

Cloud environment

• AWS is the most popular, most expensive
• Microsoft Azure
• Google Cloud
• Heroku (runs in AWS)

• Rackspace (runs in AWS)

• HP private cloud
• Red Hat OpenStack
• Oracle
• etc.

Load Balancer

• F5
• etc.

Content Distribution Network

• GitHub Issues (free)
• Amazon EC2 (subscription)
• Google (subscription)
• etc.

Server Operating System

• Shell scripts
• CentOS (open source)
• Ubuntu (open source)
• RedHat Enterprise Linux (licensed)
• etc.

Source repository

• GitHub (the most popular, supported by AWS CodePipeline)
• Bitbucket
• Stash (Atlassian)
• Subversion
• Mercurial (hg)
• Perforce
• Assembla
• BeanstalkApp
• Codebase
• Gitlab
• Gitorious
• ProjectLocker
• Kiln
• Solano (supported by AWS CodePipeline)
• CodeCommit in AWS cloud
• etc.

Bit and Image Repository

• Artifactory (open source)
• Nexus
• etc.

Task runner CI

• Jenkins (licensed Cloudbees SaaS)
• CircleCI
• TravisCI
• Concourse (from )
• Fabric
• CodeShip.com
• CruiseControl
• Bamboo from Atlassian (licensed)
• TFS from Microsoft (licensed)
• TeamCity from JetBrains (licensed)
• Wercker (pronounced like worker)
• AppVeyor
• BuildForge

Build Tool

• Ant for Java
• NAnt for .NET
• Phing for PHP
• Rake for Ruby based on haml files.
• Maven
• Grunt, Gulp (for Node)
• ActionScript (Mac)
• etc.

Specifications repository

• Swagger
• RAML
• WADL
• etc.

Programming Languages

• Scala is the new darling

• Java continues to dominate

• C# (ASP.NET or MVC) from Microsoft

• Python
• Perl

• PHP

• Clojure
• Go (popular within Google)
• etc.

Integrated Development Environments

• JetBrains
• Eclipse (favored by Java)
• Visual Studio with ReSharper, TestDriven.Net
• etc.

Static Code Scanner

• custom for the language
• SonarQube
• Persoft
• etc.

UX Design Tools

• Axure
• Photoshop PXD
• etc.

Graphics Processing

• Adobe Photoshop
• Sketch (Mac)
• etc.

Mobile platforms

• Desktop (GitHub Electron)
• Google Android (Java) native
• Apple iOS native
• Hybrid Web (Sencha and others based on Apache Cordova)
• Generators (React Native from JavaScript v6)
• etc.

Mobile testing

• Appium (Java)
• Perfecto (mobile device cloud)
• SauceLabs
• Amazon Device Cloud
• etc.

Unit & Functional testing

• Karma with Jasmine
• Selenium (Java, JavaScript, .NET, etc.)
• RedwoodHD
• Mocha
• etc.

Performance testing

• JMeter (Java)
• SOASTA (cloud subscription)
• etc.

Defect Management (ALM)

• FogBugz
• etc.

Logging and log management

• Logstash / ElastiSearch (open source)
• AppDynamics

• NewRelic

• SumoLogic (subscription)
• AWS (subscription)
• Splunk
• etc.

Data Visualization

• Kibana (from Elastisearch)
• Tableau
• Qlik
• PowerBI
• etc.

In-Memory Databases

• Redis
• SQLite (mobile)

• HTML5 local storage

• Varnish
• Memcached
• etc.

Back-end Databases

• Cassandra
• CouchDB
• Neo4J graph database
• MongoDB

• SparkDB

• PostgreSql
• MySQL (local and in Amazon)
• Microsoft SQL Server
• Oracle
• DynamoDB
• etc.

Geographic Databases

• Google Maps
• Bing Maps
• ESRI
• Route optimization (machine learning)
• etc.

Message queuing

• ZeroMQ
• Kafka
• ActiveMQ
• Amazon
• MSMQ
• TIBCO
• etc.

Notifications

• PagerDuty
• Zapier
• etc.

Email & SMS

• Microsoft Exchange
• Microsoft Sharepoint
• SMS gateway server
• Fax gateway server
• etc.

REST API management

• Mulesoft
• Mashery (Intel)
• etc.

Machine Learning

• Tensorflow (Google)
• Semantic Analysis
• Recommender
• etc.

Other technologies

• Text to speech
• Computer vision (XBox)
• Drones
• Gaming (Unity)
• GLib, Maya (motion graphics)
• etc.

More on DevOps

This is one of a series on DevOps:

1. DevOps_2.0
2. ci-cd (Continuous Integration and Continuous Delivery)
3. User Stories for DevOps

4. Enterprise Software)

5. Git and GitHub vs File Archival
6. Git Commands and Statuses
7. Git Commit, Tag, Push
8. Git Utilities
9. Data Security GitHub
10. GitHub API

11. TFS vs. GitHub

12. Choices for DevOps Technologies
13. Pulumi Infrastructure as Code (IaC)
14. Java DevOps Workflow

15. Okta for SSO & MFA

16. AWS DevOps (CodeCommit, CodePipeline, CodeDeploy)
17. AWS server deployment options

18. AWS Load Balancers

19. Cloud services comparisons (across vendors)
20. Cloud regions (across vendors)

21. AWS Virtual Private Cloud

22. Azure Cloud Onramp (Subscriptions, Portal GUI, CLI)
23. Azure Certifications

24. Azure Cloud

25. Azure Cloud Powershell
26. Bash Windows using Microsoft’s WSL (Windows Subsystem for Linux)

27. Azure KSQL (Kusto Query Language) for Azure Monitor, etc.

28. Azure Networking
29. Azure Storage
30. Azure Compute

31. Azure Monitoring

32. Digital Ocean

33. Cloud Foundry

34. Packer automation to build Vagrant images
35. Terraform multi-cloud provisioning automation

36. Hashicorp Vault and Consul to generate and hold secrets

37. Powershell Ecosystem
38. Powershell on MacOS

39. Powershell Desired System Configuration

40. Jenkins Server Setup
41. Jenkins Plug-ins
42. Jenkins Freestyle jobs

43. Jenkins2 Pipeline jobs using Groovy code in Jenkinsfile

44. Docker (Glossary, Ecosystem, Certification)
45. Make Makefile for Docker
46. Docker Setup and run Bash shell script
47. Bash coding
48. Docker Setup
49. Dockerize apps

50. Docker Registry

51. Maven on MacOSX

52. Ansible
53. Kubernetes Operators

54. OPA (Open Policy Agent) in Rego language

55. MySQL Setup

56. Threat Modeling

57. SonarQube & SonarSource static code scan

58. API Management Microsoft

59. API Management Amazon

60. Scenarios for load
61. Chaos Engineering

---