2. Rahul Kumar Gupta
• 23 yrs. of experience.
• Sr Directory Tech, Publicis Sapient.
• Technologist by Heart and Role
• Engineering Lead for Microservice
based project.
• Executed > 30 projects for client across
Americas, APAC, Europe
• >15 Publications.
• > 10 certification.
3. Modern Applications are high performing,
high scalable applications which help
organizations in accelerate their DIGITAL
BUSINESS TRANSFORMATION (DBT)
journey and make them FUTURE READY
by bringing in high AGILITY to adopt new
things , deliver them FAST , reduce TCO all
by bringing the best of breed
ARCHITECTURE, TECHNOLOGIES and
PROCESS together.
4. NoSQL API Mgmt. SecDevOps SRE
Reactive Programming Polyglot Data lakes PWA ELT
AGILE Zero Trust Architecture FDD GraphQL GitOps Event Programming
Cloud Microservices
Micro frontend
DevOps Cognitive Containerization BizDevOps NewSQL
SAFe Serverless AI /ML Chaos Engineering BDD IoT Infra as a
Code Domain Driven Design Canary Deployments BFF
5. Internal
Systems
External
Systems
Integration Layer
Desktop site Mobile Site
CORE Commerce
MobileDesktop
Front End
CMS
Front End
CMS
Search Product
Price Inventory
Cart Customer
Order Checkout
Monolithic Architecture
Mobile /TabletDesktop
CORE Commerce
Search Product
Price Inventory
Cart Customer
Order Checkout
Experience ( Mobile / Desktop )
Assemble
Component
Library
Front
End
Service API (JSON)
Internal
Systems
External
Systems
Integration layer
Headless Architecture
or
Internal Systems External Systems
Integration Layer
Mobile
/ Tablet
Desktop
Experience
Assemble
Component
Library
API GATEWAY
Product
Chatbot Voice
Security
Caching Logging
Aggregation
Modern Application Architecture
Social
Price Cart Order CUST
Backend for frontend
Product
µ FE
Price
µ FE
Cart
µ FE
Order
µ FE
CUST
µ FE
PWA
MonetizationRouting
Modernization Journey
11. 88% growth in application
vulnerabilities over two years.
-The state of open source security report 2019 , SYNK
37% of open source
developers don’t implement
any sort of security testing
during CI
-The state of open source security report 2019 , SYNK
54% of developers don't do
any docker image security
testings
-The state of open source security report 2019 , SYNK
78% of vulnerabilities are
found in indirect dependencies
-The state of open source security report 2019 , SYNK
60% of Organizations Suffered a
Container Security Incident in 2018
- CyWare
In 2018, more than 70 million
records were stolen or leaked from
poorly configured S3 buckets
-Symantec
14. ● Separate Repository for Application & DevOps , Infrastructure
code .
● Secured access to Repository.
● Encryption and decryption of files in a git repository
● Use of Vaults for secret Key and Rotate keys
● Don’t write credentials into your source code & docker files
● Don’t pass secrets using environment variable, Use kubernet
Secret objects.
● Use Encryption Before Persisting sensitive Data
Start Doing
15. ● Static and Dynamic Application Scan
● Security scans for Open source library.
● Cloud Configuration scanning
● Blocking Non Compliant pipelines
Start Doing
DevSecOps. - Integrate Application,
serverless and Opensource Code security
scanning as part of CI Pipeline
17. ● Create docker images using base image.
● Use Certified docker images after Verification.
● Keep data , SSH key, tokens outside the container.
● Package a single application per container.
● Stop running containers as a Root User.
Start Doing
18. ● Self Healing - Kill Container when it misbehaves.
● Regularly update patches in all required PODS
● Scanning Containers and Docker Images.
● Container Sandbox Escaping protection.
Start Doing
DevSecOps. - Integrate VM and
docker container scanner as part of
CI/CD Pipeline
Aqua security
Anchore
Engine
20. ● Never trust, Always verify- Define Access policy for all
resource
● Use Multi-factor Authentication, wherever required.
● Define Network Policy
● Define SecCom Policy.
● VPC Service Control to restrict Cloud SaaS Service /
Outbound traffic
● TLS Everywhere
● Use Web App Firewall as a Service to Restrict entries.
Start Doing
21. ● Create Availability Zones,
● Define API Topology.
● Use OpenID or OAuth 2.0
● Centralising authentication and Authorization. Use API
Gateway Pattern
● DDOS -Limit the no of request to be served by resources
Start Doing
USE Service Mesh
Amazon
Cognito
22. DNS
CDN
Cloud Public IP
– Load balancer
Firewall
API Gateway
Private Subnet
Load balancer API Gateway
Public Subnet
fn
fn
fn
fn
External
Systems/ API
Sys1
Sys2
Ap1
Ap2
VPC
https https
https
https
https
https
23. 78% of more than 100 firms recently surveyed
are not reconfiguring their security tools when
migrating to the cloud.
- Mckinsey
25. As Monolithic Architecture is
turned into Microservices , So
the local transaction in the
monolithic system is
now distributed into multiple
services.
.
28. ● Try avoiding Transactions across Microservices, if possible.
● One Microservice should not change the data of other Microservice.
● Use Event Programming and Avoid Orchestration.
● Use of workflows/ BPM engine in transactions for multiple systems or
endpoints.
● Use CQRS pattern for Read and write.
● Apply Back-Pressure mechanism in building distributed systems or
will a failure can bring down whole system
Start Doing
30. ● Instead of Rollback trigger Delete operation.
● Idempotency is Important to Distribution Transaction.
● Use correlation-id between Micro Services involved in transaction
● Improve logging to include POD, Region, etc.
● Tools to trace the each transactions.
Start Doing
31. Two-Phase Commit Protocol using LIXA
LIXA is a transaction manager
that implements the two-phase
commit and supports the XA
specification
Source :https://dzone.com/articles/microservices-and-
distributed-transactions
33. • Standardize Techstack and toolset for project.
• Don’t trust anyone.
• Keeping business knowledge clean with API Gateway + Service Mesh +
Kubernetes components in the architecture.
• Make LEFT SHIFT as much as Possible in DevOps
• Monitor , Monitor & Monitor - Build observability - Metrics, Logs & Traces.
• Automate, Automate & Automate – Build & Deployment , IaaS, Autoscaling,
Auto healing, Vulnerability Scanning.
• Systems will fail - Embrace failure as a natural occurrence.
Few points