DEVOPSdigest

Artistic swimming, formerly known as synchronized swimming or water ballet, seems like it should be nearly impossible for humans: a synchronized, choreographed routine, accompanied by music, involving many people who are often fully or partially submerged under water. Yet it has existed as a form of competition since it debuted in 1891 in Berlin, Germany. To successfully combine dancing and swimming as a whole team, the swimmers must work together seamlessly and wordlessly on a global stage, in and under the water. It requires each person to trust their teammates to do the right thing at the right time, without looking to make sure it happens. Sound familiar? That's the ideal product development lifecycle as well.

Source: Los Angeles Times

Complex Coordination Challenges

Modern application development teams usually use an agile (or agile-adjacent) methodology for the development lifecycle to help ease the pain of coordinating across all the teams involved in shipping an application out to the world. These cross-functional teams must communicate clearly and consistently to bring everyone — developers, testers, user interface (UI) and user experience (UX) designers, security, platform engineering, and project managers — together to build and deploy applications.

Building and deploying applications can be challenging even when everyone is sitting in the same room. But even with some RTO policies, many teams remain distributed, whether working from home or from different office locations, adding a layer of complexity to already-complex communications. Even the best asynchronous communication tools and practices aren't enough to make up for misunderstandings, missed information, and context-switching between teams. So, while the goal is to have perfectly choreographed communication and deployment, the reality is that instead of looking like synchronized swimmers, they often look more like a bunch of five year olds playing near each other in a pool.

Deploying Apps Is Getting More Complex

The issue is not that these individual team members aren't smart, thoughtful, or capable in their roles. The reality is that new technologies, frameworks, and tools emerge all the time, and keeping up with it all is really hard! Moving to microservices, containers, and Kubernetes enables scalability and modularity, but also increases challenges related to managing dependencies, ensuring API compatibility, and adjusting to more ephemeral environments and different infrastructure requirements.

In addition, modern apps frequently integrate multiple services, databases, and application programming interfaces (APIs) to build more complex applications, as well as integrating with more 3rd party APIs. That complexity requires careful design, development, and testing to make sure everything works well together. And the unfortunate reality is that the threat landscape is also growing, with malicious actors ready and able to take advantage of vulnerabilities and misconfigurations to steal sensitive data and infiltrate infrastructure. That means that security considerations must be an integral part of the product development life cycle as a whole.

Everything is moving too fast; applications are changing all the time to keep up with what users are doing, the universe of APIs is constantly expanding, and security threats continue to evolve. All these teams need to keep up with a changing world while operating within a coordinated product development lifecycle where each group has a distinct set of motivating factors. Trying to share that context across teams in a straightforward way that enables coordination and seamless deployment isn't just difficult, it seems as impossible as communicating underwater.

Bridge the Gap Between Teams

Right now, there are many solutions that offer important capabilities, but trying to make sure they all work together and each team understands what they're for and why they're important is difficult. What we need is to develop tools that make it easier for individual teams to trust that while they're doing their moves, everyone else is in sync and doing exactly what they need to do as well. The only way to do this is to put the application at the center of the tooling or processes in use.

There's a long history of building applications and services, and it's gotten (much) more complex in recent years. Like the synchronized swimmers, though, whose goal it is to deliver a seamless and beautiful performance, the goal of DevOps, engineering, and security is to deliver a scalable, available, and secure application. All tools and methodologies created to date help with that process, but they haven't focused on the application itself. It's time for tooling that puts the application at the center of everything and building the infrastructure and security around the application's needs.

One example of new tooling that does this is Infrastructure from Code (IfC), which analyzes application code to identify dependencies, core infrastructure, APIs, and ingress/egress requirements, then generates the deployment architecture and the infrastructure as code (IaC), ensuring that the application and infrastructure adhere to relevant security, privacy, and coding standards. This application-centered infrastructure enables individual teams to trust that everyone around them is doing exactly what needs to be done concurrently to deploy securely and quickly.

Make Provisioning Infra and Deploying Apps Easier

Putting applications out into the world is getting more complicated and difficult, whether you're deploying to the cloud or to on-prem environments. There are multiple security, hardware, scalability, and uptime requirements that cross-functional product development teams need to meet. Programming for all these dependencies is hard, particularly for teams who must also overcome increasingly challenging communication burdens. To address those challenges, organizations should move to application-centered infrastructure to improve communication, automatically build in security and ensure best practices are followed, and enable teams to more easily provision infrastructure and deploy applications. Putting the application at the center enables application development teams to deliver their infra and apps as gracefully and seamlessly as synchronized swimmers, all without having to poke their heads out of the water.