Wilson Mar bio photo

Wilson Mar

Hello. Hire me!

Email me Calendar Skype call 310 320-7878

LinkedIn Twitter Gitter Instagram Youtube

Github Stackoverflow Pinterest

You gotta have one of each. Or several.

US (English)   Español (Spanish)   Français (French)   Deutsch (German)   Italiano   Português   Cyrillic Russian   中文 (简体) Chinese (Simplified)   日本語 Japanese   한국어 Korean

Overview

This page is one of a series on DevSecOps.

There are many choices of specific technologies within each category:

  1. Governance
  2. Development process
  3. Developer laptop

  4. Microservice management
  5. Single-Sign On Authentication
  6. Input formats
  7. Input locations

  8. VPN
  9. Cloud environment
  10. Load Balancer
  11. Content Distribution Network
  12. Server Operating System
  13. Source repository
  14. Bit and Image repository
  15. Continuous Integration Task Runner
  16. Build tool

  17. Specifications repository
  18. Programming Languages
  19. Integrated Development Environments
  20. Static Code Scanner
  21. UX Design Tools
  22. Graphics Processing

  23. Mobile platforms
  24. Mobile testing
  25. Unit/Functional testing
  26. Performance testing
  27. Defect Management (ALM)

  28. Logging and log management
  29. Visualization
  30. In-Memory Databases
  31. Back-end Databases
  32. Geographic Databases

  33. Message queuing
  34. Notifications
  35. Email & SMS
  36. REST API management
  37. Machine Learning
  38. Other technologies

Governance

What is it about forcing manual approval from “executive” level personnel?

Is it to encourage (force) more participation from them?

If so, what do we want them to do before approving or disapproving each request?

How often are those actions actually performed (versus perfunctory approval)?

Since approvals may cause some delay, is the price of such delays worth the actual security increase?

Can those actions be automated to ensure that they actually get done, every time, with less delay?

That is the basic question asked by DevSecOps.

Implications

So many choices lead to integration nightmares as many of the pieces don’t all work together easily.

There is wasted time learning a technology to later learn that it can’t be used (such as Windows Mobile).

Too many choices lead to conflict among people.

There are two extremes in how organizations cope with so many choices:

  • limit fragmentation (and costs) by enfocing available choices

  • allow for individual experimentation for creativity.

Which really yields the fastest speed to market and quality?

Which yield a fragile environment?


Development environment:

Development process

Boards, burn-down charts.

  • Scrum
  • Kanban
  • Lean
  • Atlassian JIRA
  • etc.

Developer laptop

  • Apple Macintosh OSX
  • Microsoft Windows 7
  • Microsoft Windows 10
  • Tablet?

Microservice management

  • Docker
  • Vagrant (on Macs)
  • Mesos (open source)
  • Marathon
  • Docker Swarm
  • Kubernetes
  • VMWare vRealize suite (vRA, vRO)
  • etc.

Single-Sign On Authentication / User Management

  • Forgerock (federated)
  • Okta
  • LDAP
  • ASP.Net Identity
  • PKI/encryption CA server
  • OAuth0 (SaaS)
  • OAuth1 (PKI certificates)
  • OAuth2 (SHA1)
  • etc.

Input formats

  • CSV, JSON, XML, YML, config
  • Google Sheet (online)
  • Excel .xlsx, .xls (Microsoft Office, Office365)
  • Word .docx, .doc (Microsoft Office, Office365)

Input cloud locations

  • Dropbox
  • Box
  • Google Drive
  • Microsoft OneCloud
  • etc.

Servers

  • HP
  • Dell
  • IBM

VPN (Virtual Private Network)

  • Cisco
  • etc.

Cloud environment

  • AWS is the most popular, most expensive
  • Microsoft Azure
  • Google Cloud
  • Heroku (runs in AWS)
  • Rackspace (runs in AWS)

  • HP private cloud
  • Red Hat OpenStack
  • Oracle
  • etc.

Load Balancer

  • F5
  • etc.

Content Distribution Network

  • GitHub Issues (free)
  • Amazon EC2 (subscription)
  • Google (subscription)
  • etc.

Server Operating System

  • Shell scripts
  • CentOS (open source)
  • Ubuntu (open source)
  • RedHat Enterprise Linux (licensed)
  • etc.

Source repository

  • GitHub (the most popular, supported by AWS CodePipeline)
  • Bitbucket
  • Stash (Atlassian)
  • Subversion
  • Mercurial (hg)
  • Perforce
  • Assembla
  • BeanstalkApp
  • Codebase
  • Gitlab
  • Gitorious
  • ProjectLocker
  • Kiln
  • Solano (supported by AWS CodePipeline)
  • CodeCommit in AWS cloud
  • etc.

Bit and Image Repository

  • Artifactory (open source)
  • Nexus
  • etc.

Task runner CI

  • Jenkins (licensed Cloudbees SaaS)
  • CircleCI
  • TravisCI
  • Concourse (from )
  • Fabric
  • CodeShip.com
  • CruiseControl
  • Bamboo from Atlassian (licensed)
  • TFS from Microsoft (licensed)
  • TeamCity from JetBrains (licensed)
  • Wercker (pronounced like worker)
  • AppVeyor
  • BuildForge

Build Tool

  • Ant for Java
  • NAnt for .NET
  • Phing for PHP
  • Rake for Ruby based on haml files.
  • Maven
  • Grunt, Gulp (for Node)
  • ActionScript (Mac)
  • etc.

Specifications repository

  • Swagger
  • RAML
  • WADL
  • etc.

Programming Languages

  • Scala is the new darling
  • Java continues to dominate

  • C# (ASP.NET or MVC) from Microsoft

  • Python
  • Perl
  • PHP

  • Clojure
  • Go (popular within Google)
  • etc.

Integrated Development Environments

  • JetBrains
  • Eclipse (favored by Java)
  • Visual Studio with ReSharper, TestDriven.Net
  • etc.

Static Code Scanner

  • custom for the language
  • SonarQube
  • Persoft
  • etc.

UX Design Tools

  • Axure
  • Photoshop PXD
  • etc.

Graphics Processing

  • Adobe Photoshop
  • Sketch (Mac)
  • etc.

Mobile platforms

  • Desktop (GitHub Electron)
  • Google Android (Java) native
  • Apple iOS native
  • Hybrid Web (Sencha and others based on Apache Cordova)
  • Generators (React Native from JavaScript v6)
  • etc.

Mobile testing

  • Appium (Java)
  • Perfecto (mobile device cloud)
  • SauceLabs
  • Amazon Device Cloud
  • etc.

Unit & Functional testing

  • Karma with Jasmine
  • Selenium (Java, JavaScript, .NET, etc.)
  • RedwoodHD
  • Mocha
  • etc.

Performance testing

  • JMeter (Java)
  • SOASTA (cloud subscription)
  • etc.

Defect Management (ALM)

  • FogBugz
  • etc.

Logging and log mangement

  • Logstash / ElastiSearch (open source)
  • AppDynamics
  • NewRelic

  • SumoLogic (subscription)
  • AWS (subscription)
  • Splunk
  • etc.

Data Visualization

  • Kibana (from Elastisearch)
  • Tableau
  • Qlik
  • PowerBI
  • etc.

In-Memory Databases

  • Redis
  • SQLite (mobile)
  • HTML5 local storage

  • Varnish
  • Memcached
  • etc.

Back-end Databases

  • Cassandra
  • CouchDB
  • Neo4J graph database
  • MongoDB
  • SparkDB

  • PostgreSql
  • MySQL (local and in Amazon)
  • Microsoft SQL Server
  • Oracle
  • DynamoDB
  • etc.

Geographic Databases

  • Google Maps
  • Bing Maps
  • ESRI
  • Route optimization (machine learning)
  • etc.

Message queuing

  • ZeroMQ
  • Kafka
  • ActiveMQ
  • Amazon
  • MSMQ
  • TIBCO
  • etc.

Notifications

  • PagerDuty
  • Zapier
  • etc.

Email & SMS

  • Microsoft Exchange
  • Microsoft Sharepoint
  • SMS gateway server
  • Fax gateway server
  • etc.

REST API management

  • Mulesoft
  • Mashery (Intel)
  • etc.

Machine Learning

  • Tensorflow (Google)
  • Semantic Analysis
  • Recommender
  • etc.

Other technologies

  • Text to speech
  • Computer vision (XBox)
  • Drones
  • Gaming (Unity)
  • GLib, Maya (motion graphics)
  • etc.

More on DevOps

This is one of a series on DevOps:

  1. DevOps_2.0
  2. ci-cd (Continuous Integration and Continuous Delivery)
  3. User Stories for DevOps

  4. Git and GitHub vs File Archival
  5. Git Commands and Statuses
  6. Git Commit, Tag, Push
  7. Git Utilities
  8. Data Security GitHub
  9. GitHub API
  10. TFS vs. GitHub

  11. Choices for DevOps Technologies
  12. Java DevOps Workflow
  13. AWS DevOps (CodeCommit, CodePipeline, CodeDeploy)
  14. AWS server deployment options

  15. Cloud services comparisons (across vendors)
  16. Cloud regions (across vendors)
  17. AWS Virtual Private Cloud

  18. Azure Cloud Onramp
  19. Azure Cloud
  20. Azure Cloud Powershell
  21. Bash Windows using Microsoft’s WSL (Windows Subystem for Linux)

  22. Digital Ocean
  23. Cloud Foundry

  24. Packer automation to build Vagrant images
  25. Terraform multi-cloud provisioning automation
  26. Hashicorp Vault and Consul to generate and hold secrets

  27. Powershell Ecosystem
  28. Powershell on MacOS
  29. Powershell Desired System Configuration

  30. Jenkins Server Setup
  31. Jenkins Plug-ins
  32. Jenkins Freestyle jobs
  33. Jenkins2 Pipeline jobs using Groovy code in Jenkinsfile

  34. Docker (Glossary, Ecosystem, Certification)
  35. Make Makefile for Docker
  36. Docker Setup and run Bash shell script
  37. Bash coding
  38. Docker Setup
  39. Dockerize apps
  40. Docker Registry

  41. Maven on MacOSX

  42. Ansible

  43. MySQL Setup

  44. SonarQube static code scan

  45. API Management Microsoft
  46. API Management Amazon

  47. Scenarios for load