If you’ve been in IT for a while, you will be able to recall a time when a patch was installed on Friday and then brought down a production system on Monday. Stakeholders are often surprised when developers tell them that a software update is necessary. Most stakeholders believe it’s better for current software versions to be maintained than to risk a production catastrophe. Unfortunately this if-it-ain’t-broke-don’t-fix-it mentality can lead to serious software deprecations, and result in steep technical debt.
This precarious situation can be alleviated with cloud technology, specifically continuous integration (CI). We will be discussing four methods for applying software patches and updates. These are guaranteed to be as seamless and seamless as possible.
Method 1: Production vs Quality vs Development
The most popular update method is from development to QA to production. P-Q-D allows you to apply software to multiple versions of the same application. Let’s say, for example, you were developing a new bank app and needed to update its front-end Angular framework.
The update would be applied by a software developer to the development environment. He would also run smoke-tests and create automated tests to find bugs. The developer would then promote the code to QA if there are no issues.
Learn how to become a security expert with SPOTO’s Cybersecurity Training
Get started training. The QA environment should be as close as possible to the production environment. Companies often have a staging environment. It is important to note the similarities between these environments. Because if a patch fails in one environment it will fail in the other. The developer encourages the update to QA, and the quality-assurance specialists get to work.
The QA tester runs a variety of tests and discovers that JQuery code is broken in the front end. Perhaps the autopay functionality on Internet Explorer’s banking app stopped working. This means that if the bug was in production, customers wouldn’t have been able to pay their bills due to us. This is not good!
This was caught by the quality-assurance specialist, who will be able kick it back to the developer for additional work, saving everyone a lot of headaches.
This P-Q-DCI methodology can also be applied to non-cloud infrastructures. Each of the major cloud providers has its own version.
Azure–Pipelines
AWS–CodePipelines
Google Cloud–Cloud Build
Jenkins, a popular CI framework, will be integrated with all the major cloud providers in addition to the proprietary pipelines. This method of patch application could be the subject of an entire article. However, let’s focus on a safer, rolling update method.
Method 2: Rolling updates
A rolling update means that servers are updated incrementally rather than all at once. This is especially useful when the business needs to have their application up and running at all times. This would be useful if a critical production problem was discovered during peak hours. After all, loss of uptime equals loss revenue.
Let’s say, for example, that you own a clothing website. This website is visited by around 10,000 people per hour. It’s load balanced between five servers. This is called load balancing, which means that traffic is routed equally among the five servers to reduce latency or load times. The whole thing is going well until someone notices a serious problem: the BUY button has become grayed out. This bug was not noticed by anyone during the last deployment.
One solution is to update all servers at once. Unfortunately, this would mean that all servers would restart simultaneously. This means that 10,000 potential customers won’t be able to access the site.