Lifecycle Matters

 

In the paper, almost all companies have an SDLC(Software Development Lifecycle), which nowadays is a form of Scrum and Safe. I know Governance is often a bad word and is attached to bad practices and dated methods. However, at Scale, software needs to be managed. Complexity needs to be managed down. Lifecycle matters because it allows you to execute the right strategy and take the most out of your software assets. When you have hundreds of tousands of services, things get out of control. It takes a lot of work to keep track of what's going on. I'm a big fan of explicit comunication about the state of affairs. For instance, Netflix has the OSSMETADATA file in the github telling the lifecycle moment of the service/lib. This might sound silly but it is actually pretty powerful because you can communicate the company's intentions toward that piece of software and execute the right strategy. I believe that having a clear map of your services is a great tool for prioritization and leveraging the future initiatives that your company might have.

Deliberation on Reduced Scope 

At scale, it's really important to find ways to reduce scope. You just can't fix it all at once, all the time. There must be reasonable criteria to reduce the scope of projects and actions. However, If you need to know the state of affairs, how can you reduce the scope? You can't, and you probably won't. Lifecycle works well with evaluations via code analysis. They are necessary in order to avoid waste.

Avoiding Waste

How many times did you perform migrations on services or internal shared libs that was dead? This is common because library owners need to ensure the consumers are up-to-date, especially when old software is being decommissioned. Missing a consumer can be fatal sometimes, implying outages, data loss, or even financial loss. Because of that risk, teams tend to migrate everything. No matter if it is used or not.

Proper Lifecycle Classification

Having a proper lifecycle classification helps a lot to understand what's going on with a specific piece of software and allows you to plan accordingly what to do next. For instance, consider if you had the following piece of metadata in every single github repository:

  • Domain: Part of the business domain that your software is part of. 
  • Owners: List of slack handlers of all answers of a piece of software.
  • Type: Type of the resource. Ie: Frontend, Backend Service, Customer Facing API, Serverless Function, Batch Job, etc...
  • Lifecycle status: Where the software is in tour SDLC. Ie: Active, Mantainence-Mode, To-Be-Decomissioned, Decommissioned.
  • Link to Other resources: Links to useful components related to this software. ie: Jenkins Jobs to release software, Prometheus Dashboards for Observability, Pager Duty or Ops-Genie Alers, AWS links like S3 Buckets, Lambdas, SQS/SNS queues, Kafka/Kinesis topics, etc...

If you have all this information in hand is much easier to plan the future steps in regard to this asset for components that are decommissioned or about to be decommissioned.:

  • Avoid doing feature PRs
  • Avoid non-essential migrations
  • Avoid Big Refactorings 
Know the domain and if the component is active, allow other possibilities like:
  • Conscient re-use (within the same domain boundaries)
  • Deliberation of Split/Merge with other components
  • Feature PRs and Improvements, knowing the software will not die soon
  • Migrations with higher benefits and impact
This is very important because it's common to have migrations happening all the time and cross-domain features requiring collaboration with multiple teams. PRs need to be made across a bunch of different teams. Lifecycle metadata allows you to better make sense of your services and make more assertive decisions.

Cheers,

Diego Pacheco

Popular posts from this blog

Kafka Streams with Java 15

Image
Kafka Streams is a Streaming library similar to Spark and Flink which works with Apache Kafka. Kafka stream can be useful to process historical and near-real-time big data workloads but also for non-realtime analytical computations at scale for the online world as well. Kafka-Streams is elastic, highly scalable, fault-tolerant, and fully integrated with Kafka. You can use Kafka Stream with Java, Scala, Kotlin JVM applications and also have exactly-once processing semantics. Kafka-Streams is being used by the New York Times, Pinterest, Line, Trivago, Zalando, and many other companies. Today I want to share a video of Kafka-Streams running with Kafka 2.6 and Java JDK 15. So Let's get started. 
read more »

Rust and Java Interoperability

Image
Rust does not stop for one second to amaze me. It looks like Rust was designed to talk to every other language so easily. No kidding, it's clear way Web Assembly and rust have lots in common. Java is never an easy lang to interop with. Today I will show how easily we can interop Java & Rust. In order to do so, we will need to use the Java and Rust compilers. For Java, we will not require any other lib than the standard JDK. For Rust, we will need to create a lib project in cargo and we will need to use the crate JNI. I love this feature because java does not allow low-level code on the main language. So if we need to do something low level, efficiently Rust is my first choice, not only for safety reasons but because is really fast.  Let's get started.
read more »

HMAC in Java

Image
In 2018 AWS CTO(Vogels) said : "Security is everyone's job". For the last 2 years, there was so many famous and big data leaks and breaks that made that statement be very true more than ever. Security often could mean worst performance and worst user experience so in order to get it right you really need to think about the designs before jumping into to code and consider performance and user experience has main requirements.  I was thinking about writing about how to do HMAC in Java for a while and recently Redis 6.0.0 come out and to my surprise, there was a refactoring on the password part in order to use HMAC.  Security easily could scare engineers often because it is not something well spread yet but I believe this will change soon. It does not matter if you have to deal with PII Data or not, security is super relevant because everybody is running their workloads at the cloud or with IoT and Edge devices which means more distribution, more code, more points of fail
read more »