Blog de Joe Freeman

Software moves through different phases on its way to production. It starts as raw software that becomes more refined as it is tested and then moved to production.  Partner teams often need to test their current code against your new code to make sure there were no breaking changes.  Software versions currently in production must be available to other teams so that they can test their changes against your code that will be in production when their new changes are actually deployed.  Some companies can get by with as few as 3 environments. Others can have over 7 or 8. Click to expand The Video Walkthrough The Development Track This is the normal promotion process from development through test and into production. There can be some orchestration through shared environments or through environments that are integrated with other teams.  The development and ...

A zero-patch environment is one in which we redeploy our applications with updated dependencies as part of our normal Continuous Deployment process.  This is part of You Build It - You Own It We need to create a repeatable cadence for bringing in Operating systems, containers, application patches, and binary updates.  We can reduce some of our work by pushing as much of our workload as possible onto PaaS, serverless, and cloud services. Three Month Cycle Example This is a prototypical 3-month update cycle where an application is redeployed with security and bug fix updates at least every quarter. Click to enlarge The Image team identifies required operating and container image updates.  Application teams identify CVE library updates via automated scanners. The application teams start integrating library updates.  T...

In-place patching is an anti-pattern for cloud-native applications that originates from the data center with low levels of automation for infrastructure and application management. The shift-left movement pushes ownership to the development teams that are best served by applying all changes via their CI/CD pipelines. This goes for infrastructure, containers, serverless, code, et al. Video Slides used in video The talk did not cover zero-day emergency patching.  Sometimes a mass update must be applied to all like systems.  In that case, patching may be supported with a full redeployment as soon as possible after that. Created 2022 03

Video Presentation This is really talking about different types of software environments and how they are used during the various phases of software development, integration, and support.   Environments are the touchpoints between your system and other teams operating on their cycles and timelines. They configuration tuning points where control is incrementally applied or where access is restricted based on the sensitivity of the data in that environment and its distance from production or development. System Complexity The number of system environments (sandboxes) required depends on your system complexity, your tolerance for defects, your level of Ops and DevOps automation, and the needs of other systems that yours integrates with. This diagram shows a couple application components that integrate with 4 different partner teams and 3 data stores.  Each partner team has its own release cycle and testing needs. We aim for loose testing coupling but that is often imposs...