SlideShare a Scribd company logo

Patterns and Antipatterns for Software updates

Download as PPTX, PDF
D
DISHAMESWANIA

The document discusses the importance of continuous software updates within the DevOps framework, highlighting various vulnerabilities and the need for rapid identification, fixing, and deployment. It emphasizes the necessity of implementing over-the-air updates and continuous software integration to prevent costly issues, particularly in IoT environments. Furthermore, it underscores the significance of frequent updates and automated processes to enhance reliability and reduce deployment risks.

Technology
1 of 36
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
DevOps Patterns and Anti-Patterns of continuous Software Updates What can possibly go wrong?!
Why software updates?
How frequently?
Patterns and Antipatterns for Software updates
“As every company becomes a software company, Security vulnerabilities are the new oil spills” IDENTIFY FIX DEPLOY
Vulnerabilities which can be identified sooner, but can take years for fixing and deploying Hardware Vulnerabilities ● “63% of organizations face security breaches due to hardware vulnerabilities” - Techrepublic article IDENTIFY Immediately FIX Months DEPLOY Years
- The register, UK https://www.theregister.co.uk/2017/05/12/nhs _hospital_shut_down_due_to_cyber_attack/
Vulnerabilities which have moderate time for all the 3 steps, yet affect the industry much higher Security Vulnerabilities that led to data breaches ● “Proactive work that we do through defense in depth, that's great, but you've got to be prepared to react and respond when something doesn't go right.” - Brad Arkin, CSO, Adobe IDENTIFY Weeks FIX Weeks/Days DEPLOY Weeks/Months
Patterns and Antipatterns for Software updates
Vulnerabilities which have faster times for all the 3 steps, yet affect the industry much much higher Vulnerabilities in components that affect every industry ● Vulnerabilities in Micro-processors IDENTIFY ASAP FIX ASAP DEPLOY ASAP
Which systems are affected by Meltdown? Technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). Which systems are affected by Spectre? Almost every system is affected by Spectre: Desktops, Laptops, Cloud Servers, as well as Smartphones.
Patterns and Antipatterns for Software updates
In a span of 6 years, with over 31000 survey responses, a report on the adaptation of DevOps and categorisation brings light to the spectacular results!
Patterns and Antipatterns for Software updates
Obviously, this is not a new idea! ❏ XP: Short feedback ❏ Scrum: Reduce cycle time to absolute minimum ❏ TPS: Decide as late as possible and Deliver as fast as possible ❏ Kanban: Incremental change ❏ And now, our vision is Liquid software - Updates as fast as possible
Patterns and Antipatterns for Software updates
So, which version of Java are we on? How much have we upgraded since mid-2017?
How do we Update?
Maybe, we don’t trust the QA!
It does depend on other factors
So, is this a solution?
Also, that’s when we have an option or if we care! What if, we don’t? ❏ Your Browser ❏ Your Smartphone ❏ Smartphone applications (for most of us) ❏ Twitter or alike applications in our devices
So, here’s a pattern for both - of course proven! ❏ Problem: Updates went terribly wrong and is affecting the current deployments ❏ Solution: Local rollbacks, Have a previous version saved on the device prior to update. Rollback in case problem occurred ❏ Have a Plan B!
An Era of IoT
And, in this era of IoT, software updates play a crucial role
To avoid such update costs and risks, OTA updates needs to be continuous ❏ Problem: Physical recalls are costly. Extremely costly. Also, you can’t force an upgrade. ❏ Solution: Implement over the air software updates, preferably, continuous updates. ❏ Basically, DevOps for IoT
Well, we thought our problems are hard Things under your control Server-side Updates IoT (Mobile, Automotive, Edge) Updates The availability of the target ✓ ✕ The state of the target ✓ ✕ The version on the target ✓ ✕ The access to the target ✓ ✕
So, a number of things can go possibly wrong - A Knight- mare ❏ 1 out of 8 servers was not updated ❏ New system reused old APIs ❏ New clients sent requests to machine contained old code ❏ Engineers undeployed working code from updated servers, increasing the load on the not-updated server ❏ No monitoring, no alerting, no debugging
Lessons learned ❏ Humans are bad at repetitive tasks - we need to Automate everything ❏ Seldom deployments generate anxiety and stress, leading to errors - we need to update frequently in order to develop skill and habit ❏ Target state can affect the update process and the behavior of the system after the update - we need to know the Target state before upgrade, reverting might not be a Solution based on the target state
And things are different when it comes to social media
What can we do to avoid such a mass-outage? ❏ Let’s not impact all the users by a bug in release, release to a small number of users first effectively reducing the blast radius and observe. If a problem occurs, stop the release, revert or update the affected users ❏ Progressive delivery ❏ We cannot rely on feedback only - Implement tracing, monitoring and logging ❏ Rollbacks is not an option for some deployments, feature flags can save us from such huge issues - Embed 2 versions of the features in the app itself and trigger them with API calls
Long time to update is no more acceptable ❏ We will probably lose all the users if we take weeks/days to update in this age ❏ We need to ensure Zero downtime upgrades in order to be User friendly as well as Enterprise ready
Thus, we gain the missing trust with all the proven Continuous updates patterns
3434 24/7 Dedicated Support + DevOps Acceleration Service Arm THE JFROG PLATFORM BUILD TEST RELEASE DEPLOY Continuously integrate automate & deploy Clear security and compliance issues Distribute to production site Control and monitor the flow On Premises & Multi Cloud Store and manage all types of packages ACCESS FEDERATION Authentication, ACLs SSO, Access Tokens
“Our goal is to transition from bulk and rare software updates to extremely tiny and extremely frequent software updates; so tiny and so frequent that they provide an illusion of software flowing from development to the update target” We call it the Liquid Software vision
Thank You

More Related Content

PPTX
Antithesis of dev ops
Avi Cavale
 
PDF
DevOps Explained
Richard Seroter
 
PPTX
KEYNOTE | WHAT'S COMING IN THE NEXT 10 YEARS OF DEVOPS? // ELLEN CHISA, bolds...
DevOpsDays Tel Aviv
 
PPTX
DevOps Transformations
Ernest Mueller
 
PPTX
The Devops Handbook
Harish Kamugakudi Marimuthu
 
PPTX
DevOps Friendly Doc Publishing for APIs & Microservices
Sonatype
 
PPTX
The Human Side of DevSecOps
Jules Pierre-Louis
 
PPTX
Empowering Automation for Everyone 05/29/2019
Puppet
 
Antithesis of dev ops
Avi Cavale
 
DevOps Explained
Richard Seroter
 
KEYNOTE | WHAT'S COMING IN THE NEXT 10 YEARS OF DEVOPS? // ELLEN CHISA, bolds...
DevOpsDays Tel Aviv
 
DevOps Transformations
Ernest Mueller
 
The Devops Handbook
Harish Kamugakudi Marimuthu
 
DevOps Friendly Doc Publishing for APIs & Microservices
Sonatype
 
The Human Side of DevSecOps
Jules Pierre-Louis
 
Empowering Automation for Everyone 05/29/2019
Puppet
 

What's hot (20)

PDF
DevOps for the Discouraged
James Wickett
 
PPTX
Introducing Puppet Remediate™
Puppet
 
PPTX
Five Ways Automation Has Increased Application Deployment and Changed Culture
XebiaLabs
 
PPTX
Puppet + Diaxon: Getting to the next stage of DevOps evolution
Puppet
 
PPTX
SRE in Enterprise - Local Journey DevopsDays Galway
Kevin Connaughton
 
PDF
Top 5 Challenges in Scaling DevOps in Brownfield Environments
Deborah Schalm
 
PPTX
DevOps 101
Ernest Mueller
 
PPTX
Making Security Agile - Oleg Gryb
SeniorStoryteller
 
PPTX
Road to DevOps ROI
Cloudmunch
 
PPTX
DevOps Shangri-La: Mystical Claims of Paradise
XebiaLabs
 
PPTX
Why Everyone Needs DevOps Now: 15 Year Study Of High Performing Technology Orgs
Gene Kim
 
PPT
What the Fuck is DevOps?
James Turnbull
 
PPTX
DevOps State of the Union 2015
Ernest Mueller
 
PDF
Bjorn Rabenstein. SRE, DevOps, Google, and you
IT Arena
 
PPTX
The Next Wave of Reliability Engineering
Michael Kehoe
 
PDF
A beginners guide to scaling DevOps
Eficode
 
PDF
Discovery delivery agiletour-xian
Qiao Liang
 
PDF
DevOps not a Toolbox
DevOps Indonesia
 
PDF
Chaos engineering intro
Shantanu Deshpande
 
PPTX
Har du en DevOps i ditt team?
Solidify
 
DevOps for the Discouraged
James Wickett
 
Introducing Puppet Remediate™
Puppet
 
Five Ways Automation Has Increased Application Deployment and Changed Culture
XebiaLabs
 
Puppet + Diaxon: Getting to the next stage of DevOps evolution
Puppet
 
SRE in Enterprise - Local Journey DevopsDays Galway
Kevin Connaughton
 
Top 5 Challenges in Scaling DevOps in Brownfield Environments
Deborah Schalm
 
DevOps 101
Ernest Mueller
 
Making Security Agile - Oleg Gryb
SeniorStoryteller
 
Road to DevOps ROI
Cloudmunch
 
DevOps Shangri-La: Mystical Claims of Paradise
XebiaLabs
 
Why Everyone Needs DevOps Now: 15 Year Study Of High Performing Technology Orgs
Gene Kim
 
What the Fuck is DevOps?
James Turnbull
 
DevOps State of the Union 2015
Ernest Mueller
 
Bjorn Rabenstein. SRE, DevOps, Google, and you
IT Arena
 
The Next Wave of Reliability Engineering
Michael Kehoe
 
A beginners guide to scaling DevOps
Eficode
 
Discovery delivery agiletour-xian
Qiao Liang
 
DevOps not a Toolbox
DevOps Indonesia
 
Chaos engineering intro
Shantanu Deshpande
 
Har du en DevOps i ditt team?
Solidify
 
Ad

Similar to Patterns and Antipatterns for Software updates (20)

PPTX
DevOps - Understanding Core Concepts
Nitin Bhide
 
PDF
Shift Happens - Rapidly Rolling Forward During Production Failure
IBM UrbanCode Products
 
PDF
Strategies on How to Overcome Security Challenges Unique to Cloud-Native Apps
VMware Tanzu
 
PPTX
Intro To Continuous Delivery
Bhanu Musunooru
 
PPT
Quality Software Development
Srinivasan Hariharan
 
PDF
3. introduction to software testing
Chandra Maddigapu
 
PPT
Continuous Integration
Preetam Palwe
 
PPTX
DevOps - Understanding Core Concepts (Old)
Nitin Bhide
 
PDF
2021-10-14 The Critical Role of Security in DevOps.pdf
Savinder Puri
 
PPTX
One trunk one pipeline one truth
Paul Boocock
 
PDF
Continuous Delivery in a Legacy Shop—One Step at a Time
TechWell
 
PPTX
Why Software Maintenance is Essential for Business?
Albiorix Technology
 
PPTX
Devsec ops
VipinYadav257
 
PPTX
Fundamentals of Testing - Andika Dwi Ary Candra
And11ka
 
PDF
Executing Deployment & Release Strategies
OpenSense Labs
 
PPTX
Data Engineer's Lunch #68: DevOps Fundamentals
Anant Corporation
 
PDF
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
NathanDjami
 
PPTX
Measure Your DevOps Success: Using Goal-based KPIs to Drive Results and Demon...
XebiaLabs
 
PDF
DataOps, DevOps and the Developer: Treating Database Code Just Like App Code
DevOps.com
 
PDF
Top DevOps Best Practices for a Successful Transition in 2023
SofiaCarter4
 
DevOps - Understanding Core Concepts
Nitin Bhide
 
Shift Happens - Rapidly Rolling Forward During Production Failure
IBM UrbanCode Products
 
Strategies on How to Overcome Security Challenges Unique to Cloud-Native Apps
VMware Tanzu
 
Intro To Continuous Delivery
Bhanu Musunooru
 
Quality Software Development
Srinivasan Hariharan
 
3. introduction to software testing
Chandra Maddigapu
 
Continuous Integration
Preetam Palwe
 
DevOps - Understanding Core Concepts (Old)
Nitin Bhide
 
2021-10-14 The Critical Role of Security in DevOps.pdf
Savinder Puri
 
One trunk one pipeline one truth
Paul Boocock
 
Continuous Delivery in a Legacy Shop—One Step at a Time
TechWell
 
Why Software Maintenance is Essential for Business?
Albiorix Technology
 
Devsec ops
VipinYadav257
 
Fundamentals of Testing - Andika Dwi Ary Candra
And11ka
 
Executing Deployment & Release Strategies
OpenSense Labs
 
Data Engineer's Lunch #68: DevOps Fundamentals
Anant Corporation
 
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
NathanDjami
 
Measure Your DevOps Success: Using Goal-based KPIs to Drive Results and Demon...
XebiaLabs
 
DataOps, DevOps and the Developer: Treating Database Code Just Like App Code
DevOps.com
 
Top DevOps Best Practices for a Successful Transition in 2023
SofiaCarter4
 
Ad

Recently uploaded (20)

PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Encapsulation theory and applications.pdf
gurumoop
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Cloud computing and distributed systems.
kkkkkhan
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Approach and Philosophy of On baking technology
30anthuong17
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 

Patterns and Antipatterns for Software updates

  • 1. DevOps Patterns and Anti-Patterns of continuous Software Updates What can possibly go wrong?!
  • 5. “As every company becomes a software company, Security vulnerabilities are the new oil spills” IDENTIFY FIX DEPLOY
  • 6. Vulnerabilities which can be identified sooner, but can take years for fixing and deploying Hardware Vulnerabilities ● “63% of organizations face security breaches due to hardware vulnerabilities” - Techrepublic article IDENTIFY Immediately FIX Months DEPLOY Years
  • 7. - The register, UK https://www.theregister.co.uk/2017/05/12/nhs _hospital_shut_down_due_to_cyber_attack/
  • 8. Vulnerabilities which have moderate time for all the 3 steps, yet affect the industry much higher Security Vulnerabilities that led to data breaches ● “Proactive work that we do through defense in depth, that's great, but you've got to be prepared to react and respond when something doesn't go right.” - Brad Arkin, CSO, Adobe IDENTIFY Weeks FIX Weeks/Days DEPLOY Weeks/Months
  • 10. Vulnerabilities which have faster times for all the 3 steps, yet affect the industry much much higher Vulnerabilities in components that affect every industry ● Vulnerabilities in Micro-processors IDENTIFY ASAP FIX ASAP DEPLOY ASAP
  • 11. Which systems are affected by Meltdown? Technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). Which systems are affected by Spectre? Almost every system is affected by Spectre: Desktops, Laptops, Cloud Servers, as well as Smartphones.
  • 13. In a span of 6 years, with over 31000 survey responses, a report on the adaptation of DevOps and categorisation brings light to the spectacular results!
  • 15. Obviously, this is not a new idea! ❏ XP: Short feedback ❏ Scrum: Reduce cycle time to absolute minimum ❏ TPS: Decide as late as possible and Deliver as fast as possible ❏ Kanban: Incremental change ❏ And now, our vision is Liquid software - Updates as fast as possible
  • 17. So, which version of Java are we on? How much have we upgraded since mid-2017?
  • 18. How do we Update?
  • 19. Maybe, we don’t trust the QA!
  • 20. It does depend on other factors
  • 21. So, is this a solution?
  • 22. Also, that’s when we have an option or if we care! What if, we don’t? ❏ Your Browser ❏ Your Smartphone ❏ Smartphone applications (for most of us) ❏ Twitter or alike applications in our devices
  • 23. So, here’s a pattern for both - of course proven! ❏ Problem: Updates went terribly wrong and is affecting the current deployments ❏ Solution: Local rollbacks, Have a previous version saved on the device prior to update. Rollback in case problem occurred ❏ Have a Plan B!
  • 24. An Era of IoT
  • 25. And, in this era of IoT, software updates play a crucial role
  • 26. To avoid such update costs and risks, OTA updates needs to be continuous ❏ Problem: Physical recalls are costly. Extremely costly. Also, you can’t force an upgrade. ❏ Solution: Implement over the air software updates, preferably, continuous updates. ❏ Basically, DevOps for IoT
  • 27. Well, we thought our problems are hard Things under your control Server-side Updates IoT (Mobile, Automotive, Edge) Updates The availability of the target ✓ ✕ The state of the target ✓ ✕ The version on the target ✓ ✕ The access to the target ✓ ✕
  • 28. So, a number of things can go possibly wrong - A Knight- mare ❏ 1 out of 8 servers was not updated ❏ New system reused old APIs ❏ New clients sent requests to machine contained old code ❏ Engineers undeployed working code from updated servers, increasing the load on the not-updated server ❏ No monitoring, no alerting, no debugging
  • 29. Lessons learned ❏ Humans are bad at repetitive tasks - we need to Automate everything ❏ Seldom deployments generate anxiety and stress, leading to errors - we need to update frequently in order to develop skill and habit ❏ Target state can affect the update process and the behavior of the system after the update - we need to know the Target state before upgrade, reverting might not be a Solution based on the target state
  • 30. And things are different when it comes to social media
  • 31. What can we do to avoid such a mass-outage? ❏ Let’s not impact all the users by a bug in release, release to a small number of users first effectively reducing the blast radius and observe. If a problem occurs, stop the release, revert or update the affected users ❏ Progressive delivery ❏ We cannot rely on feedback only - Implement tracing, monitoring and logging ❏ Rollbacks is not an option for some deployments, feature flags can save us from such huge issues - Embed 2 versions of the features in the app itself and trigger them with API calls
  • 32. Long time to update is no more acceptable ❏ We will probably lose all the users if we take weeks/days to update in this age ❏ We need to ensure Zero downtime upgrades in order to be User friendly as well as Enterprise ready
  • 33. Thus, we gain the missing trust with all the proven Continuous updates patterns
  • 34. 3434 24/7 Dedicated Support + DevOps Acceleration Service Arm THE JFROG PLATFORM BUILD TEST RELEASE DEPLOY Continuously integrate automate & deploy Clear security and compliance issues Distribute to production site Control and monitor the flow On Premises & Multi Cloud Store and manage all types of packages ACCESS FEDERATION Authentication, ACLs SSO, Access Tokens
  • 35. “Our goal is to transition from bulk and rare software updates to extremely tiny and extremely frequent software updates; so tiny and so frequent that they provide an illusion of software flowing from development to the update target” We call it the Liquid Software vision