4. PAGE4
DEVOPS INDONESIA
Systems Engineer| Middleware
Developer | Web Programmer
Alexander Marcel
Systems Engineer| Middleware
Developer | Solution Architect
Hendra Tanto
5. PAGE5
DEVOPS INDONESIA
5
10Years Challenge
Requirement Gathering Analysis & Design Construction Testing Deployment Baby Sitting & Maintenance
Waterfall Methodology
• End Users do not know what they want
• Architect may not be aware of future challenges
• Change is very costly !
• Quality of testing is very low
9. PAGE9
DEVOPS INDONESIA
Background
Business
Development teams Operations/ IT
1. Ask Network team for Resources
2. Ask Server team for Resources
3. Ask Storage team for Resources
4. Procure required hardware
5. Finally build/deploy App and test
10. PAGE10
DEVOPS INDONESIA
Infrastructure as code (IaC) is the concept of deploying
and configuring IT infrastructure in an automated way
by using machine-readable blueprints rather than
manually fiddling with physical hardware or the cloud
providers’ UI consoles.
Enter IaC
11. PAGE12
DEVOPS INDONESIA
Why IaC
• Less errors - No Manual Configuration less human error
• Faster to Deliver - Everything is automated through scripts
• Code is documentation – With Iac, the code itself represents the documentation of the infrastructure and will always up to date
• Standardization – Every deployment is automated using templates and scripts, configuration cannot be different than what is defined.
• Scalable and Immutable Infrastructure – Provides the ability for additional resources to be provisioned during burst periods (horizontal scaling)
17. PAGE18
DEVOPS INDONESIA
1) User upload new Webapps
- User has develop new webapps
- User push the source code to GIT
2) Webhook
- GIT Webhook trigger jenkins 4) Notification To Approver
- Notification to approver for test results
5) Approval from Approver
- Approver approve the request
6) Provisioning Web Apps – NGINX
- Trigger ansible NGINX playbook
7) Provisioning Application Services – F5
- Trigger ansible F5 playbook
10) Configuration Testing
- Automated Testing to make sure deployment
and application is function properly
8) Run Ansible Playbook for NGINX
- Provision new NGINX instances (2 instance)
- Deploy new website to NGINX instances
1 2
3
4
5
6 & 7
9
8
Users
Attackers
Bots
9) Run Ansible Playbook for F5
- Create new Virtual Server on F5
- Assign NGINX Pool to F5
- Assign load balancing method to pool
- Assign WAF Policy to Virtual Server
10
Sample Use Case
18. PAGE19
DEVOPS INDONESIA
How to Get Started
• Find something easy to automate - low effort, low risk
• Set the right expectations – experimentation is necessary
• Choose the right tools
• Prove that it works – show the time savings and effort needed
• Don`t be shy about it – advocate
• Do it again
26. PAGE27
DEVOPS INDONESIA
Security Challenge with API’s
Transfer
InvestRequest
Account
Management
S
Authentication & Authorization
Session Management
Single SignOn
Bots, Payload Check, etc.
SSSS
This is not the way to go !