From 50714df4c57726324344e77fb3ef1b0e07a18f21 Mon Sep 17 00:00:00 2001 From: gimhan rajapaksha <it21048500@my.sliit.lk> Date: Sat, 9 Nov 2024 21:24:53 +0530 Subject: [PATCH] asdasUpdate note --- note | 255 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 247 insertions(+), 8 deletions(-) diff --git a/note b/note index 5a0c350..a8642e1 100644 --- a/note +++ b/note @@ -1,10 +1,249 @@ -A CI/CD (Continuous Integration/Continuous Deployment) pipeline automates the process of integrating code changes, testing, and deploying applications. It enables developers to deliver updates more frequently and reliably. +INTRODUCTION TO CLOUD COMPUTING +Traditional it process -> decision to go ahead , issued purchase order , HW implementation , Software implementation , Go market 

Cloud better alternative->provision environments(server , network , storage , database) , pay as you go , add/remove capacity , destroy and stop . +Why need cloud-> Business Agility , Customer Experience , Cost +Before cloud ->every company have own data centers , expensive implementations ,and maintains , had maintain specialized engineers to maintain to data center +With cloud ->no need to maintain datacenter , consumer resource as u wish and pay for what u consume , no need to buy datacenter , network also . +Cloud computing->Cloud computing is a model that allows convenient, on-demand access to shared computing resources (like networks, servers, storage, and applications). These resources can be quickly provisioned or released with minimal management or involvement from service providers. +Characterize of cloud -> On-demand Self-service ->Consumers can provision computing resources , Virtual servers, Network, storage ,Can be provisioned do on-demand , No interaction with the service provider is needed .Resource Pooling-> Providers computing resources are pooled , Dynamically assigned and reassigned to demand , Customer has no knowledge over exact location , May specify location at a higher level. Rapid Elasticity -> Ability to elastically provision and release , May happen automatically inline with the demand , Broad networks access-> Capabilities are available over the network , Access is through standard mechanism for heterogenous clients Measured Service-> Automatically control and optimized resources using metering capability , Pay-per-use basis , Resources usage can be monitored, controlled and reported +Cloud is not technology , cloud can be , business model , delivery model . +IAAS ->provider create networking , storage , servers , virtualization. Provider manage underlying physical cloud infrastructure and the virtualization layer. Consumer want create applications , data and os. Compute Content Delivery Networks Storage Service Management Backup and Recovery. +PAAS ->providers create os , virtualizations , servers , storage , networking . Consumer does not manage infrastructure or application And do limited user specific application configuration changes. Email and Office Productivity CRM , Document Management Enterprise Resource Planning(ERP). +SAAS -> Use the providers application running on cloud , Consumer does not manage infrastructure or application , Email and Office Productivity Customer Relationship Management , Document Management Enterprise Resource Planning. +Cloud development model Publish cloud -> Provisioned for open use by the general public Operated by a service provider organization Located on premise of the cloud provider PUBLIC CLOUD Characteristics , Cost-effective, On-demand virtually unlimited scalability , Zero maintenance , Continuous up time , Low level of data security . +Private cloud -> Provisioned for exclusive use by a single organization Multiple business units may consume it Can be owned and managed by the organization, a third party or a combination May be located on or off premises. High data security , Less risky , Reliable ,Single tenant &compliance. +Community cloud -> consumers with shared concerns may be security, regulatory requirements, compliance etc. Can be owned, managed and operated by an organization in the community, a third party or a combination +Cloud service providers –> Amazon Web Services (AWS) , Microsoft Azure , Google Cloud Platform (GCP) , IBM Cloud , Alibaba Cloud , Oracle Cloud Infrastructure (OCI) +CLOUD CORE SERVICES AND GLOBAL INFRASTRUCTURE +Cloud Global Infrastructure -> provide how they design and build there environment with flexible, reliable, scalable, and with high-quality global network performance. +Benefit of Cloud Global Infrastructure ->security availability performance scalability flexibility +Main component of Cloud Global Infrastructure -> region , availability zone , data enter +Core cloud services ->Compute , Network , Storage. +AWS services -> foundation services , application services , deployment and management +Azure services platform -> media & CDN , application platform , data , integration , compute services , developer services , analysis & IOT +Shared responsibility model -> in cloud computing domain , we have each and every cloud service providers have shared responsibility model. Security of the Cloud , Security in the Cloud. +AWS – customer – customer data , platform , applications , identify , Operating system , network & firewall configuration . providers – software ( compute , storage , network) +Hardware (regions , availability zone , edge locations) +How do you pay for cloud services providers ->pay for what u use , pay less you reverse , play less when u use more. +Services limits ->Default quotas , Quota is region specific , Soft limits – can be increased upon requests Hard limits – cannot be increased , Limit potential excessive charges Limit overuse of resources by a single entity. + +CLOUD COMPUTE + +Virtualization –> application , dependencies , guest os , have hypervisor , hardware Containerization –> container , application xyz , app dependencies, have docker engine , host os , hardware +Software define compute ->Software-defined compute virtualizes and abstracts computing functions from hardware, allowing workloads to be distributed across multiple processing units. It uses generic, industry-standard hardware, making it easy to expand resources as needed. +Cloud Compute ->Amazon EC2 AWS’s offering of virtual machines in cloud, Provided as an IaaS ,Pre-configured templates (AMI) , Per second billing +Azure VM : Microsoft’s offering of virtual machines in cloud ,Provided as an IaaS ,Pre-configured templates (marketplace) ,Per minute billing +Instance Types ->General Purpose , Compute Optimized , Memory Optimized , Storage Optimized, accelerated Computing , Burstable Instances +Tenancy -> Default / Shared , Dedicated Instances , Dedicated Hosts +Purchasing options->On-demand Instances, Reserved Instances ,Spot Instances, Savings Plan +Placement Groups -> AWS (Cluster Placement Groups, Partition Placement Groups , Spread Placement Groups) , Azure (Proximity Placement Groups) +Software defined storage->a storage architecture that abstracts data storage resources from its underlying hardware. +Types of Storage -> Block Storage , File Storage , Object Storage +Block Storage -> Manages data as blocks within sectors and tracks, Set of blocks can be organized as a file system , Suitable for structured data (file systems, databases, logs) , optimized for block level performances , Performance measured in IOPS , AWS –Elastic Block Storage , Azure –Azure Disks (Page Blob Storage) +File Storage ->Manages data as a file hierarchy , Storage managed the underlying data on disk , Storage server uses block storage with a local file system Protocols supported , Network File System (NFS) Server Messaging Protocol (SMB) , AWS –Elastic File System (EFS) , Azure –Azure Files (File Storage +Object Storage ->Manages data as objects , Each object consists of 1.Data 2.Metadata 3.Globally unique, identifier Clients can access through HTTPS or APIs or SDKs , AWS –Simple Storage Service (S3), Azure –Azure Blobs +Object storage features->versioning , encryption (Client side ,Server Side(Versioning, Service Managed Keys, Customer Managed Keys, Customer Provided Keys) , web hosting , immutability (time based retention , legal hold) +Object storage tiers ->CSPs offer different access tiers designed for different use cases(Standard Intelligent Tiering, Infrequent Access , Glacier) , Azure (Hot , Cold , Archive) +Other Important Aspects of Cloud Storage -> Archiving and Backup , Hybrid Storage, Bulk Data Transfer +Cloud Networking +Network Function Virtualization (NFV) -> NFV is a network architecture that decouples physical network functions (PNF) from proprietary hardware appliances. +Cloud-native Network Functions (CNF) ->CNF is the successor of VNFs. It is a software implementation of a PNF that runs inside a Linux container. +Advantages of CNF -> Auto-scaling ( speed , flexibility , efficiency) , Deployment (supports DevOps and CI/CD) , Security , monitoring +SDN vs. NFV +Similarities ->Both use network abstraction. , Both rely on virtualization. +Differences:->SDN separates control from forwarding functions; focuses on overall infrastructure. , NFV abstracts network functions (like firewalls) from hardware; focuses on specific functions. +Virtual Networks-> Isolated cloud network with IP ranges and subnets. , Supports peering if IPs don’t overlap. Examples: AWS VPC, Azure VNet +Virtual Network Interfaces ->Logical network components representing Network Interface Cards (NICs).Allows instances to communicate with others or the internet. +Features->Attaches to compute instances. ,Can have both public and private IPs. , Multiple interfaces can attach to one instance. + Examples AWS-> Elastic Network Interface (ENI) , Azure: Network Interface Card (NIC) +Access Controlling ->Implements a simple firewall functionality to control inbound and outbound traffic to a subnet / virtual network interface. +ACL Rules Include-> Rule number, Protocol , Port ranges , IP ranges , Action. +Usage-> AWS Security Groups ( For EC2 instances) , AWS NACL (Network Access Control Lists) For subnets. , Azure NSG (Network Security Groups) For subnets and network interfaces. +Stateful vs Stateless Rules +Stateful Rules ->Only need to specify the security rule for the request, no need to specify a security rule for the response. +Stateless Rules->Need to specify security rules for the request as well as the response. +Implementations-> AWS SG: Stateful , AWS NACL: Stateless , Azure NSG: Stateful. +Network Gateway Services -> Internet Gateway , NAT Gateway , VPN Gateway , Network Transit Gateway +Internet Gateway (IGW) ->Connects your cloud network to the internet. No bandwidth limits, scales automatically. Used in AWS; Azure uses default gateways for internet access. +NAT Gateway - > Allows private servers to access the internet while blocking inbound traffic from outside. Must be set up in a public subnet. +Implementations ->AWS NAT Instance, AWS NAT Gateway , Azure Virtual Network NAT +VPN Gateway ->Creates encrypted tunnels over the internet for secure communication between cloud and on-premises networks. Examples: Azure VPN Gateway , AWS Virtual Private Gateway +Two types of VPN services +Site-to-Site VPN: Connects a cloud network with on-premises networks. Point-to-Site VPN: Connects individual devices (like laptops) to a cloud network using special software. +Azure: Supports both Site-to-Site and Point-to-Site. , AWS: Site-to-Site via Virtual Private Gateway , Point-to-Site via AWS Client VPN. +Network Transit Gateway ->A service that connects multiple virtual networks and on-premises networks using a central hub. Architecture: Uses a hub-and-spoke model for efficient connectivity. Examples: AWS Transit Gateway , Azure Virtual WAN +Network Peering ->Connects and allows communication between two virtual networks. , Can connect multiple virtual networks, even across different accounts/subscriptions. , Each network can peer with multiple others. +Limitations-> No transitive peering: If VNet A is peered with VNet B, and VNet B is peered with VNet C, A cannot communicate with C directly. Implementation: Available on both AWS and Azure platforms. +Bastion Hosts -> securely connects to private servers without exposing them to the internet, using a public IP in a public subnet.) How it works->Connects to private servers without exposing them to the internet. , Must be set up in a public subnet and given a public IP. + +Hybrid Connectivity ->Ways to connect cloud networks with on-premises or remote users. +Connecting Remote Users->Options include direct internet access or VPNs (e.g., Azure Point-to-Site, AWS Client VPN) Connecting Remote Networks-> ptions like Site-to-Site VPN, Azure ExpressRoute, and AWS Direct Connect for secure, dedicated connections. +Private Access to Cloud Services +Private Links->Securely connect to PaaS services without using the public internet. ,Private Endpoints->Assign an IP in your virtual network for secure access to services. Azure Service Endpoints->Provide optimized access to Azure PaaS over a private network but still uses the public endpoint for traffic. +Network Flow Logs->Capture information about IP traffic going in and out of your network interfaces in the virtual network +Benefits->Logs are collected without affecting network performance ,Useful for troubleshooting, security monitoring, and compliance. +Examples-> Azure: Logs from NSGs, VPCs, and subnets. , AWS: Flow logs for VPCs and network interfaces. + +Cloud High Availability & Disaster Recovery +Downtime->Refers to a period when a system is unavailable (offline)) + Planned Downtime->Planned / scheduled downtime Maintenance, patches, reboots. , Unplanned Downtime-> Unplanned / unscheduled downtime Hardware, software, network failures, or security breaches +High Availability (HA) ->Ensures systems remain operational for long periods. Eliminate Single Points of Failure, enable reliable crossover, and detect failures quickly. +Redundancy ->Duplication of system components to increase reliability +Passive Redundancy-> Extra capacity for failures. , Active Redundancy->Automatically switches to backups +Failover & Failback +Failover-> Switch to standby systems upon failure. , Failback->Restoring to the original system after recovery. +Replication(Sharing information so as to ensure consistency between redundant resources, such as software or hardware components, to improve reliability, fault-tolerance, or accessibility.) Active Replication: Process on all replicas. , Passive Replication: Process on one replica and sync to others. +High Availability Clusters ->A group of computers ensuring continued service when components fail. +Node Configurations-> +Active/Active: All nodes actively handle requests. Active/Passive: One node is active, while others are on standby. Node Reliability: Storage (disk mirroring, redundant SANs), Network , Electricity +Load Balancing ->Efficiently distributes network traffic across multiple servers. +Algorithms-> Round Robin, Least Connections, least time , IP Hash. +Business Continuity ->Ensures a company can keep delivering products/services during disruptions. +Business Continuity Planning (BCP)->Involves creating strategies for prevention and recovery. +BCP Analysis->Business Impact Analysis ,Business Threat Analysis , Business Impact Scenarios +Disaster Recovery (DR) ->Part of BCP to restore systems after disasters (natural or human-made). +Key Elements->DR Team: Responsible personnel. , Risk Evaluation: Assess potential threats., Business Critical Asset Identification: Prioritize vital assets. ,Backup Strategy: Plan for data backups. , Testing & Optimization: Regular tests to ensure readiness. +Backup Strategy ->A copy of data stored elsewhere to restore after data loss. +Backup Methods->Full Backup: Complete copy of all data. , Incremental: Only changes since the last backup. , Differential: Changes since the last full backup. Near Continuous Data Protection: Almost real-time backups. +Disaster Recovery (DR) Tiers -> Tier 0: No off-site data backup. ,Tier 1: Data backup without a hot site. , Tier 2: Data backup with a hot site. , Tier 3: Uses electronic vaulting., Tier 4: Point-in-time copies for recovery.,Tier 5: Ensures transaction integrity. ,Tier 6: Minimal or zero data loss., Tier 7: Fully automated, business-integrated recovery solution. +Recovery Objectives -> RTO (Recovery Time Objective): How quickly you need to get systems running again after a disaster. RPO (Recovery Point Objective): How much data loss is acceptable (measured in time). RCO (Recovery Consistency Objective): How much data inconsistency you can tolerate after recovery. +Cloud Security & Monitoring +Software-defined security (SDS)->is a type of security model in which the information security in a computing environment is implemented, controlled and managed by security software.) +Key Features-> Automates controls like intrusion detection, network segmentation, and access management using policy-driven software. +Principle of Least Privilege (PLOP)->A security concept where users/processes get only the permissions needed to do their job. Purpose: Minimizes risk by limiting access to only what's necessary. +Identity and Access Management ->IAM enforces the Principle of Least Privilege. It’s a framework of policies to control access to resources. Purpose: Identifies, authenticates, and authorizes users to ensure they have the right access. +IAM Components ->Logical Organization: Defines boundaries for users/processes. Users-> Individuals or services needing access. Have credentials but no default permissions. Groups-> Collections of users without their own credentials. Policies->Set permissions to allow or deny actions. Roles->Collections of policies for temporary access. Used in Role-Based Access Control (RBAC). + +Multi-Factor Authentication (MFA)->means using two or more ways to verify who you are before giving access Factors->What you have: Security token, smart card. ,What you know: Password, PIN. , What you are: Biometrics (fingerprint, face). , Where you are: GPS location. +Federated Identity & Single Sign-On (SSO) +Federated Identity->Links a user’s identity across multiple systems so they don’t need separate logins. +Single Sign-On (SSO)->Lets users log in once and access multiple systems without needing to re-enter credentials. Two Types:->Enterprise Identity Federation: For internal company systems., Web Identity Federation: For online platforms and services. +Types of Encryption-> Symmetric Key: Uses one key for both encryption and decryption. ,Asymmetric Key: Uses a pair (public and private keys) for encryption and decryption.,Hashing: Converts data into a fixed-size value, irreversible. +Stages of Data Encryption->Data in Use: While data is being processed. ,Data in Transit: While data is being transferred over networks. ,Data at Rest: While data is stored. +Client-Side vs Server-Side Encryption-> Client-Side: Data encrypted before sending to the server. ,Server-Side: Data encrypted once it reaches the server. +Cloud Security Risks & Threats ->Poor Access Management: Weak controls over user permissions can lead to unauthorized access. ,Data Breach/Leak/Loss: Sensitive data might be exposed or stolen. ,Misconfiguration: Incorrect settings can leave systems vulnerable. ,Insecure APIs: Weak APIs can be exploited by attackers. ,Account Hijacking: Attackers gaining control of cloud accounts. ,Lack of Visibility: Difficulty in monitoring and tracking cloud activities. , DoS/DDoS Attacks: Overloading cloud services to disrupt access. +Monitoring in Cloud +Cloud Monitoring->Tracks and manages cloud operations to ensure everything runs smoothly. Methods-> Manual or automated checks to confirm websites, servers, and apps are working correctly. Example Services: Datadog, AppDynamics , Azure Monitor , Amazon CloudWatch +Metrics, Events & Logs ->Metrics: Raw data on resource usage (like CPU, memory). Useful for monitoring performance. ,Events: Notifications triggered by system actions (like updates or errors). Capture details on what, where, and when something happened. ,Logs: Detailed records of system activity, essential for troubleshooting and analysis. +Alerts -> Triggered by changes in metrics, events, or logs to respond to issues. +Types of Alerts->Threshold-based: Activated when a metric crosses a set limit., Anomaly Detection: Alerts on unusual patterns., Heartbeat Alerts: Triggered if regular status signals stop. +Output Types-> Notifications: Inform users via email or SMS. Automated Actions: Systems take corrective measures automatically + + + +Cloud database and analytics services +Database Models +Relationl/SQL -> Highly structured table organization, Rigidly defined formats, Dependencies among tables, Enforce ACID (Atomicity, Consistency, Isolation, Durability), Ex: MS SQL, MySQL, Oracle, PostgreSQL, Amazon RDS +Non-relational/No-SQL -> Document oriented, Large and complex queries, Supports rapidly changing design, Ex: MongoDB, Cassandra, CosmosDB, Redis, CouchDB, Aurora +Database Workloads +Online Transaction Processing (OLTP) – comparison -> Focus is on operational data, Transaction processing, Small and simple ad-hoc queries, Response in milliseconds +Online Analytical Processing (OLAP) – comparison -> Focus is on historical data, Data analysis and reporting, Large and complex queries, Responses times from seconds to hours +Different types of database models and workloads -> [Relational / OLTP (Online Transaction Processing) - Examples: Oracle, PostgreSQL, MS SQL, MySQL], [Relational / OLAP (Online Analytical Processing) - Examples: Oracle, PostgreSQL, MS SQL, MySQL], [Non-relational / OLAP - Examples: Hadoop, HDInsight, Non-relational / OLTP - Examples: MongoDB, Cassandra, Riak] +Non-relational / No-SQL Database +Key-value store - Data is stored as indexed key-value pairs, Ideal for session data and shopping carts, Flexibility: High, Complexity: None (very simple to use), Performance: High, Scalability: High, Best suited for simple, fast data retrieval scenarios. +Column store - Optimized for retrieving entire columns of data rather than rows, Commonly used in Content Management Systems (CMS) and blogging platforms, Flexibility: Moderate, Complexity: Low, Performance: High, Scalability: High, Great for analytical queries, especially on large datasets. +Document store - Stores data in documents (like XML, JSON) which are schema-less, Useful for e-commerce applications and analytics where flexible data models are needed, Flexibility: High, Complexity: Low, Performance: High, Scalability: Variable (can be high), Ideal for handling semi-structured data with dynamic schemas. +Graph database - Represents data as interconnected nodes (graphs) focusing on relationships, Best for applications where understanding relationships is crucial, such as social networks, Flexibility: High, Complexity: High, Performance: Variable (depends on the use case), Scalability: Variable, Best used where relationships and connections between data are a primary focus (e.g., social networks). +CAP Theorem -> Consistency – All clients see the same view of data, even right after update or delete, Partitioning – the system continues to work as expected, even in presence of partial network failure, Availability – All clients can find a replica of data, even in case of partial node failure. +Database Caching is a buffering technique that stores frequently accessed data in temporary memory. It improves data access speed and reduces the workload on databases. Ex: Redis, Memcached +Comparison Redis and Memcached +Radis -> Open source;in-memory;key-value data store, Sub-millisecond response times, Supports various data structures (strings, lists, sets etc.), Persistent – cache survives reboots, Supports read replicas, atomic operations, backup/restore, HA +Memcached -> Open source; in-memory; object store, Sub-millisecond response times, Supports strings and objects, Not persistent – cache does not survive reboots, Supports scaling out, multithreading +Data warehouse +A data warehouse management system is designed to support business intelligence (BI) and analytics. +Primarily used for querying and analyzing large amounts of historical data. Stores structured, processed data for specific business needs. +Data is collected from various sources like application logs and transaction systems. +Data Loading Approaches -> ETL (Extract, Transform, Load): Data is transformed before loading, ELT (Extract, Load, Transform): Data is loaded first, then transformed. +Data Lake +A storage repository that holds large amounts of raw data in its native format until needed. +Unlike data warehouses, which store data in a hierarchical structure (files/folders), data lakes use a flat architecture for data storage. +Comparison DW and DL +DW (Processed data, Data currently in use, Used by business professionals) +DL (Raw data, Purpose of data not determined yet, Used by data scientists) +Real Time Data Processing (Stream Processing) +It is a fast processing technique that handles data immediately upon input, ensuring quick and accurate outputs. +Requires a constant stream of incoming data for continuous, ongoing processing. +Cloud Migration +Cloud Migration is the movement of a meaningful portion of your organization’s existing IT assets to the cloud. +Migration Process +Opportunity evaluation -> reasons to move resources to cloud : Hardware reaching end-of-life, Expiring data center leases, Boosting productivity, Supporting global expansion, Mergers & acquisitions, Standardizing architectures +Portfolio discovery and planning -> What is in your current environment?, What are the interdependencies?, Which systems should you migrate first?, How will you execute the migration?, Tools: AWS Discovery Service, Azure Migrate Service, and third-party migration tools. +Application design (iterate) +Migration and validation (iterate) -> Testing & Decommissioning: Run parallel environments temporarily if needed, Gradually switch traffic and users to the new cloud system, Perform a full cutover once the cloud environment is stable. +Operate -> Modern operating models: Devops, Noops, FinOps, SecOps +Cloud Migration strategies +Gartner’s 5 R’s strategy (Rehost, Refactor, Revise, Rebuild, Replace) +Azure’s 4 R’s strategy (Rehost, Refactor, Re-architect, Rebuild) +AWS’s 6 R’s strategy (Rehost, Re-platform, Repurchase, Refactor/ Re-architect, Retire, Retain) +Rehost -> Known as lift-and-shift, Does not require application / code changes, migrate applications as-is to cloud, Optimize, re-architect applications once they are in cloud +Re-platform -> Known as lift-tinker-and-shift, Migrating to a different platform without changing the core architecture of the application, Ex: Migrating web sites from VMs to PaaS (i.e. Azure App Service, Amazon Elastic Beanstalk etc.), Migrating databases from VMs to PaaS (i.e. Amazon RDS, Azure SQL etc.), Changing the platform of databases (i.e. from Oracle to PostgreSQL etc.), Changing the platform of application logic (i.e. from Oracle WebLogic to Apache Tomcat etc.) +Repurchace -> Moving to a different platform, mainly to a SaaS platform, Ex: Moving a CRM to Salesforce.com, Moving an HRIS to Workday, Moving a CMS to SharePoint +Refactor/Re-architect/Rebuild -> Re-imagine the application using cloud-native features for better optimization, Enhancing cloud-native features like performance, scalability, agility, and business continuity, Involves migrating monolithic apps to microservices or serverless architectures, Most expensive migration strategy +Retire -> Get rid of applications that are no longer useful and can be turned off, Ex: More attention to important applications, Reduce the security risks, Cost savings. +Retain -> Revisit migrating these applications later, or do nothing for now, Ex: Recently purchased / upgraded applications that cannot be migrated at this point, Sunsetting applications, Low priority applications +Cloud Migration Challenges +Cost of migration -> Focus on planning, Follow an incremental adaptation process, Use a hybrid cloud approach +Resistance to Adapt ->Get the leadership buy-in, Choose intuitive tech solutions +Shortage of Skills -> Invest in expert training and resources, Build a culture of continuous learning, Get help from vendors to skill up in-house resources +Cloud Native Applications +Monolithic Architecture +Traditional way of building applications, Built as a single and indivisible unit, Usually contains(A client-side UI, A server-side application, A database, A middleware) +Strengths -> Less cross-cutting concerns (i.e. handling functions like logging, caching, monitoring etc.), Easier debugging and testing, Simple to deploy, Simple to develop +Weaknesses -> Too complex to understand, Challenging to make changes, Cannot scale components independently, Difficult to apply new technologies / features. +Microservices Architecture +Break down an application into smaller, independent units called microservices, Each unit performs a specific process as a separate service, Built as independently deployable modules, Services communicate through predefined APIs, Each service can be updated and scaled independently. +Strengths -> Independent components, Easier understanding, Better scalability, Flexibility in choosing the technology, Higher level of agility +Weaknesses -> Extra complexity of a distributed system, Cross-cutting concerns, Harder to debug and test. +Comparison of monolithic and microservices +Monolithic -> Contains all functionality in one unit, organized by layers (web, business, data), Scales by duplicating the entire app on multiple servers/VMs/containers. +Microservices -> Breaks functionality into smaller, independent services, Scales by deploying each service separately across servers/VMs/containers. +State in monolithic and microservices approaches +Monolithic -> single monolithic Database, tiers of specific technologies +Microservices +Stateless - Do not maintain internal state; data can be retrieved externally. Ex: Web frontends, protocol gateways, Azure Cloud Services. +Stateful - Maintain persistent data, such as databases, documents, user profiles. Ex: workflows, shopping carts, etc. +Cloud-native computing +A modern approach to build scalable, resilient applications leveraging cloud capabilities, Pioneered by companies "born in the cloud" like Netflix, Spotify, Uber, and Airbnb +Cloud Native Computing Foundation (CNCF) promotes cloud-native practices everywhere, focusing on containerization, Enabling applications to run in dynamic environments (public, private, hybrid clouds). +12 factor app -> A set of principles for building scalable, resilient, and performant enterprise applications, Complements the principles of microservices architecture, Developed by engineers at Heroku. Ex: codebase, dependencies, config, port binding +Cloud native tools -> Cloud Delivery Model (Manages provisioning, consumption, and resource management), Containers (Enhances application manageability, scalability, and security), Microservices (Breaks down functionality into smaller, specialized services), Service Mesh(Manages service-to-service communication for scalability and security), Orchestration(Automates deployment, operation, and scaling of microservices.) +Cloud native practices +Devops -> integrates Development, IT Operations, and Quality Assurance (QA) to streamline software delivery, Continuous loop of planning, coding, building, testing, releasing, deploying, monitoring, and feedback. +SRE -> A model defined by Google as a set of best practices for ensuring digital business reliability, Monitoring, incident response, root cause analysis, capacity planning, testing, and release management, Focuses on combining software engineering with IT operations to enhance system reliability. +NoOps -> DevOps practitioners are freed from managing operations and can focus entirely on software development, Achieved through full automation of operational tasks, eliminating the need for manual intervention. +CI (continuous integration) -> Automates the integration of code changes from multiple contributors into a single project, Developers frequently merge code into a central repository, Automated builds and tests ensure code correctness before integration. +CD(continuous delivery and deployment) +Continuous Delivery: Automates testing to ensure code changes are stable for deployment. Requires manual approval for release. +Continuous Deployment: Automatically deploys code changes to production once tests pass, without manual intervention. +CICD tools -> Jenkins, gitlab, github, bitbucket, CircleCI, TeamCity, Bamboo, Travis CI +CICD Services -> Azure Devops Services (Azure Boards, Azure Pipelines,Azure Repos, Azure Test Plan, Azure Artifacts), AWS DevOps Services (AWS CodePipeline, AWS CodeBuild, AWS CodeDeploy, AWS CodeStar), Google DevOps Services (Cloud Build, Artifact Registry, Binary Authorization, Tekton, Spinnaker, Operations Suite) +Application Modernization -> Involves refactoring, repurposing, or consolidating legacy software to better align with current business needs. To generate new business value from existing applications. +Application modernization journey -> Rehost(Traditional app), Refactor(Existing app hosted as container or executab), Rearchitect(Existing application + new microservices), Rearchitect(Parts of existing application rearchitected), Rearchitect/rebuild(Transformed microservices application) +Introduction to Containerization, Container Orchestration and Infrastructure as Code (IaC) +Containerization is a software deployment method that packages an application’s code along with all necessary files and libraries, enabling it to run consistently across different environments. +Containers vs VMs +Containers -> Shares the host operating system's kernel, More portabl, Faster to start up and shut down, Uses fewer resources, Good for portable and scalable applications +VM s -> Has its own kernel, Less portable, Slower to start up and shut down, Uses more resources, Good for isolated applications +How Containers Work (layered structure) +Hardware: At the bottom, includes CPU, disk, and network interfaces. +Host OS & Kernel: Acts as a bridge between software and hardware. +Container Engine: Sits atop the Host OS, managing containers. +Containers: Run on top, containing application code, binaries, and libraries, isolated in user spaces. +Benefits of containerization -> Portability, Scalability, Fault tolerance, Agility +Containerization tools -> docker, podman, LXC, Amazon elastic container registry +Container Orchestration -> A technology that automates the management of containers +Needs of container orchestration -> Manages multiple containers across various hosts, Ensures uptime, load balancing, and scalability, Solves challenges of manual scaling and deployment. +Benefits of Container Orchestration -> Enables automatic starting, stopping, and management of containers, Helps developers scale cloud applications accurately, reducing human errors, Ensures containers are deployed with the right resources. +Container Orchestration tools -> Kurbernetes, Docker swarm, AWS ECS, Mesos, Nomad +Infrastructure as Code (IaC) -> automates the provisioning and management of infrastructure using code rather than manual processes, Reduces errors and time consumption, especially when managing applications at scale. +Benefits of IaC -> Easily duplicate an environment, Reduce configuration errors, Iterate on best-practice environments +How IaC Works -> IaC describes system architecture using configuration files (e.g., YAML, JSON, HCL), Treats infrastructure as code, similar to application development, Can be written in languages like Python or Java, Supports integrated development environments (IDEs) for error checking, Managed under version control, with changes tracked via commits. +IaC Tools -> Terraform(Cloud-agnostic IaC tool), Aws cloud formation (AWS-native solution), Pulumi( Cloud-agnostic IaC tool), Ansible, Puppet, Chef (Configuration management with IaC capabilities) +Barriers for it innovation -> time – time to market , cost – cost of converting idea into reality , risk – risk of false + + + + + + -**Key Steps in a CI/CD Pipeline:** -1. **Code Integration:** Developers push code to a shared repository. Tools like GitLab or GitHub trigger the pipeline automatically upon each commit. -2. **Build:** The code is compiled and dependencies are installed to create an executable version of the software. -3. **Testing:** Automated tests (unit, integration, etc.) are run to verify the code's functionality. -4. **Deployment:** If tests pass, the code is automatically deployed to staging or production environments. -5. **Monitoring:** After deployment, the application is monitored to ensure stability. -This pipeline helps to catch issues early, reduce manual efforts, and improve the overall quality of the software release process. \ No newline at end of file -- 2.24.1