Continuous Integration – Move fast and don’t break things

Continuous Integration is an increasingly popular topic in modern software development. Across many industries the companies acknowledging the importance of IT and delivering value to their customers through great software prevail against their competitors. Many reports indicate that Continuous Integration is one of the major contributing factors to developing high quality software with remarkable efficiency. There are many excellent articles, talks and books explaining the principles of CI in theory. During the lecture System Engineering and Management, we had the opportunity to apply our abstract knowledge and gain our own experience by creating and operating a CI pipeline in an accompanying project. The following article covers the approach, major challenges and most important the lessons learned of our Continuous Integration endeavor. By pointing out relevant issues we want to raise awareness on our misconceptions and mistakes we committed so you can avoid them in the first place.

Continue reading

Microservices – Legolizing Software Development IV

Welcome to part four of our microservices series. If you’ve missed a previous post you can read it here:

I) Architecture
II) Caching
III) Security
IV) Continuous Integration
V) Lessons Learned

Continuous Integration

Introduction

In our fourth part of Microservices – Legolizing Software Development we will focus on our Continuous Integration environment and how we made the the three major parts – Jenkins, Docker and Git – work seamlessly together.

Continue reading

Exploring Docker Security – Part 2: Container flaws

http://i.dailymail.co.uk/i/pix/2010/08/10/article-1301858-0ABD7881000005DC-365_964x543.jpg

Now that we’ve understood the basics, this second part will cover the most relevant container threats, their possible impact as well as existent countermeasures. Beyond that, a short overview of the most important sources for container threats will be provided. I’m pretty sure you’re not counting on most of them. Want to know more?

Continue reading

MirageOS

mirage-header4

Introduction

MirageOS is a new and rising trend when it comes to talking about cloud computing. More and more services are being relocated into modern cloud infrastructures, due to a lot of advantages like i.e. reduced costs, maximum flexibility and high performance. Todays services normally depend on big virtual machines (like i.e. Ubuntu Xenial with a size of ~1,5 GB) with a lot of software on it. The service which is running on these virtual machine only needs a very small subpart of the whole software and dependencies which are installed. Also the unneeded additional software running on the virtual machines offers a huge attack surface for hackers. Since data often is a highly valuable asset for a company and exposing it would lead to a huge profit collapse, security gains more and more importance. MirageOS is a minimalistic approach to kick out all unneeded layers and dependencies and deploy as less code as possible. This approach is highly efficient and fits in perfectly in modern microservice-architectures. If MirageOS will be accepted by users in the future, it could possibly replace modern approaches like i.e. Docker or classic virtual machines in the context of cloud-environments.

Continue reading

Exploring Docker Security – Part 1: The whale’s anatomy

http://imagenes.4ever.eu/data/download/animales/la-vida-acuatica/ballena-de-alas-largas-240873.jpg

When it comes to Docker, most of us immediately start thinking of current trends like Microservices, DevOps, fast deployment, or scalability. Without a doubt, Docker seems to hit the road towards establishing itself as the de-facto standard for lightweight application containers, shipping not only with lots of features and tools, but also great usability. However, another important topic is neglected very often: Security. Considering the rapid growth of potential threats for IT systems, security belongs to the crucial aspects that might decide about Docker (and generally containers) being widely and long-term adopted by software industry.
Therefore, this series of blog posts is about giving you an overview of the state of the art as far as container security (especially Docker) is concerned. But talking about that does not make so much sense without having a basic understanding of container technology in general. This is what I want to cover in this first part.
You may guessed right: Altogether, this will be some kind of longer read. So grab a coffee, sit down and let me take you on a whale ride through the universe of (Docker) containers.

Continue reading