Software delivery practices guide: deployment and development

In our practice, we receive many requests from clients who would like to ask for advice on organizing their delivery process. UppLabs’s team decided to collect all those questions and share our abiding expertise. What should you monitor to ensure that your product works stable and does not have any missed issues? How can you save your data from DB crashes? What DevOps tools can you use?

This article reveals our best practices for project development and deployment, offers the checklist of the infrastructure and application security policies, and answers all potential questions.

1. Monitoring system

Monitoring is the start point for any software development process. Our monitoring system includes such steps:

Health checks – a check for every possible issue like database connection, disk space, etc.;
Error logs – running a particular service alongside your application to discover errors in CPU or memory use;
Latency logs – identifying and fixing the latency problems and gaps;
Warnings logs – applying security measures to the warning logs.
Resource usage – creating lists for each task’s resource and the whole performance.

The additional monitoring system may include authorization monitoring and audit logs.

Ask UppLabs about monitoring systems

2. Basic Infrastructure & Application security policies

No surprise that attackers’ first targets are personal data and credentials. To prevent this to happen, we have several security practices to apply:

User authorization;
Automatic log off;
Data encryption and decryption;
Passwords policies;
Actual users and groups access
Two-factor authentication
Network segmentation. VPNs and private networking;
Application patch management / updates management;
The latest software and operating systems
Firewall and antivirus software;
SSH key authentication;
Regularly check for vulnerabilities;
Backup data.

3. Regular data backups

Every database software needs the process of backing up the operational state, architecture, and stored data. Data backup ensures creating a duplicate instance in case of database crashes or corruptions. It also serves as protection and a guarantee to restore a database.

There exist such types of backup, as:

Full or regular backups – all data is copied to another location;
Incremental backups – backups of the information that was changed since the last backup;
Differential backups – backups of all changed data since the last full backup every time it is run;
Daily backups – every day regular backup.

4. DevOps Security

More criminals perform cyber threats in cyberspace, trying to breach an information system and steal data or money. In this case, we need to implement DevOps Security that includes expertise both in operations and security. A practical DevSecOps approach requires consideration of six major components:

Analysis of code
Change management
Monitoring compliance
Investigating threats
Vulnerability assessment
Training

Ask UppLabs about each component of the DevOps Security approach!

5. Continuous Integration, Delivery (CI/CD)

Developers use continuous integration to merge their changes to the main branch. Continuous Integration (CI) implies testing automation that checks the application and its integration into the main branch. Continuous Delivery (CD) is a development of continuous integration that deploys all code changes to a production environment. This stage includes such checks as:

Test coverage
checks and measures the amount of testing performed;
Code standard
checks your source code;
Unit testing
checks individual units and components of a software;
Integration testing
checks individual software modules in various combinations;
End-to-end (automation) testing
checks an application flow from start to end;

6. DevOps tooling

The primary purpose of DevOps Tools is to bring in a new flow across the Software Development Life Cycle and automate the process chain using such features as Build, Test, Deploy, and Release. Depending on the specific requirements, DevOps tools usually are categorized into three main types:

Measurement Tools – analyzing, measuring, and conducting auditing processes.
Tools for Continuous Testing – evaluating software quality at every stage of the Continuous Delivery process by testing early and often.
Tools for Continuous Delivery

7. Infrastructure as code (IaC)

Infrastructure as code (IaC) is one of the tools you need to automate your infrastructure. The IaC uses configuration files and can be integrated with CI/CD tools. With the right setup, the code can automatically move app versions from one environment to another for testing purposes.

Infrastructure as Code allows businesses to add any infrastructure component they want, such as networks, databases, virtual machines, load balancers, and connection types. This process gives quick results as it enables teams to manage the required cloud setting and test their applications quickly. The IaC solves such three main challenges as high prices for each IT environment setup, less time for setup, and environment inconsistencies.

IaC Best Practices include:

Define specifications and parameters in configuration files;
Version control all configuration files;
Always test and monitor environments before pushing any changes to production;

Divide your infrastructure into multiple components and then combine them through automation.

Download Best Delivery practices checklist by UppLabs

8. Testing

Performance testing focuses on how a system processing the system works under a particular load, fixes the possible bugs, and provides the developers’ diagnostics. QA engineers fulfill an important mission in the project. They prevent mistakes and are responsible for the quality of the development process and the project results. There are different testing types like load, stress, soak, spike testing, etc. The main rules for performance testing are:

Test as early as possible in development.
Performance testing isn’t just for completed projects.
Conduct multiple performance tests to ensure consistent findings.
Applications often involve multiple systems such as databases, servers, and services.
Google page speed.

These rules are thoroughly followed by the UppLabs team.

9. DevOps Automated testing

In a Continuous DevOps process, change is continuous from Development to Testing to Deployment. The code is continuously tested, developed, delivered, and deployed. The best advantages of using automation testing in the CI/CD pipeline are:

Faster bug closing (Issue Finding -> Issue Fixing-> Issue Closing).
Efficient utilization of comprehensive resources in hand.
Ability to execute tests in parallel.
Consistency in test planning and execution.
Minimum requirement of technical skills required for automated test-case execution.

10. Coding standards

Every company creates its coding standards. We do it as well. These standards can be useful in case of code refactoring. They are also helping the developers to rely on some general ground and learn from each other.

Meet the coding standards of UppLabs:

Agree with your team code practices to follow.
List the libraries and components to use.
SOLID (five main principles of object-oriented design),
DRY (Don’t Repeat Yourself Principle),
KISS Principles (systems work better if they are kept simple rather than be complicated).
Pair programming/code review.
Name the tech leads who are responsible for code quality and will be doing PR reviews.
Understand and minimize your technical debt.

Download the full UppLabs checklist of software delivery practices for your project!