What is DevOps

DevOps ( Development and Operation )

DevOps is a set of practices that combines software Devlopment (Dev) and Information
technology Operation (Ops) which aims to shorten the system development life
cycle and provide continuous development with high software quality.
its a software development phrase that means an agile relationship between development
and IT operations.

The goal is to improve better relationship and understanding between 
two business unit.
With devops enterprise can bring hundreds of changed to their software each day.

Tools and Terminology


1. CI / DC ( Continuous Integration / Continuous Delivery )

 Constantly making changes. there is shared repository that coders are sharing theircodes several times a day. an automated build will check the codes and detect problems.


2. CI Server (Continuous Integration)

- Jenkins
- CircleCI
- Bamboo
these tools automate testing before new code is pushed into the source repository. They pull down any code that has changed from your version server.


if the code has any problem the person who pushed the code, will be notified and he will fix and then it will be passed to production server


3. Configurations Management


It enable  the configuration of infrastructure to be done as code.

 

if you have lot’s of machines in multiple zones, so they use same code.



Configuration management tools:

 

4. Tool & Secrets
 

DevOps tolls need to store secrets to communicatewith each others.
since the secretes are not rotating (static), this mechanism creates security issues.


The best way to overcome this issue, there should a central repository to keep the
secrets or passwords. 





  1. Source Code Management



These tools repositories stores projects to keep track of any and all changes.
these tools can be both public and private.

Github is the most popular SCMs for those who develop and share codes.
remember not to hardcode the password in the software which you are pushing
it into the github  because it will be public and if you delete the code, github
still has the copy of that source code which includes the secrete key.

Github keeps versions and which is the best selling point of it.

so the best practice
is to avoid hardcoded secretes in source code from the beginning.


6.    PaaS (Platform as a Service)


A PaaS provider delivers hardware and software tools. for those who needed for application development.
A PaaS provider hosts the hardware and software on its own infrastructure.


7. Containers 

Another technology which is being adopted by DevOps is containers. Suppose you have 3 servers. Domain controller, Web Server and Database Server so these three server has its own separate hard drives, Operating systems and etc.

 
Then Hypervisors or virtual machines came with the concept of putting all these
machines into one Operating System to avoid resource and hardware waste.



But even VMs waste resources because each VM requires its own operating system,
each with its own files and processes.

This is where containers come in
instead of deploying 3 separate OS and VMs containers deploy on one OS and
share all the underlying files and still we have 3 segmentation of container instances.

As a result container run a specific service but wont have unused resources.
because it uses the resources of main Operating System.


instead on 3 windows C folders, 3 explorer.exe processes, theres one of each that
container gonna access.

In container nothing is stored it just delivers the processes
which an Instance asks for.

Developers love to use Container because it makes
the development process more efficient and faster compared to using VMs.



8. Docker

Docker is an open-source technology used mostly for developing, shipping, and
running applications. With it, you can isolate applications from their underlying
infrastructure so that software delivery is faster than ever. Docker’s 
main benefit is to package applications in “containers,” so they’re portable 
for any system running the Linux operating system (OS) or Windows OS.


you don’t need to re-architecture anything, you can immediately transfer your 
application or services to another platform.

Docker images file run on 
every cloud provider or PaaS platform that supports a Docker Engine.



9. Container Orchestration Platfroms

Containers orchestration engines allow users to 
- hen container
start and stop 

- Group them in clusters 

- Coordinate all of the
process that
   composes an application.

- Automate updates


10. Microservices

Are a suite of small services that are independently deployable each running 
its running process that are independently deployable. 
They Typically deployable on containers.

Microservices need to communicate 
with each other and thus they need to establish a secure connection.


Secret allows one entity to authenticate to another.  



11. Secrets

Microservices interacts via API to interact with each other and they use secrets 
establish trust. For security reasons the secrets should not be
hardcoded in source code.
 

Conclusion:

DevOps enables an Organization to deliver with maximum speed and inovation.
it brings technical benifits such as:
 
- Continuos software delivery
- Less complexity to manage
but DevOps can create serious security risks if the credentials and secretes are 
not safe.
The solution is to take secrete out of source code, changes secrets based 
on policy, rotates them, encrypts secret in transit and when stored, and provides 
tamper-proof audit records.

Comments

Popular posts from this blog

Solving Computer Forensics Case Using Autopsy

Pentesting - Exploitation Guide Metasploitable 1

The Main Cyber Threats Facing the Aviation Industry