CI/CD Pipeline for a sample project
Things to remember:
- Analyze the existing infrastructure and process
- Find the best places/situations to automate in small chunks.
- Brainstorm & plan the processes thinking about the cost, time, quality, quantity in delivery.
- Combine all the micro steps and make the delivery pipelines seamless.
- Actions should not break current system, so it should increase the efficiency.
High level workflow of a CI/CD pipeline for a web-based trading system for a financial institution:
- Focus on all the environments.
- Development
- QA
- UAT
- Staging/Pre-Production
- Production
- Upgrade the OS, apply patches continuously.
Use the latest stable (LTS) versions/AMIs (Images)
- Segment the existing application architecture in to micro services.
- Integrate Continuous integration tools. Create an application build pipeline (having multiple jobs) and make it seamless.
- Jenkins/Hudson
- Build tools - Ant, Maven, Gradle
- Replay stock exchange price feeds
- Setup trade simulators
- Version Controlling - Subversion, Git, Github, Bitbucket etc.
- Artifact Repositories - Nexus, Apache Archiva, Artifactory
- Unit/Integration/Coding standard Testing tools - PMD, Cobertura, Rspec, Behat
- Quality Control Tools
- Alerting tools
- Integrate Continuous Delivery/deployment tools. Create a delivery pipeline for the trading platform (having multiple jobs) and make it seamless.
- Identify the sequence of deployment at which frequency
- Configuration Management - Chef/Puppet/Ansible
- Infrastructure Automation/IAAS/PAAS - AWS Cloudformation/Local cloud flavour
- Monitoring Tools
- Log rotating & Management Tools
- Blue Green Deployments
- Implement/Integrate Security Management Tools
- Multiple security layers
- Multiple VPCs, VPC Peerings
- API Gateways, Micro services
- Encryption
- Bastion Hosts
- Port opening/Closing documents
- Updated diagrams for existing and proposing enterprise architecture
- Firewalls, VPNs, VPGs if necessary
- Active Directories or Citrix etc.
- Enhance the compliance to best practices
- Documentation (Api, Code, Infrastructure, SLAs)
- Implement Non Disclosure Agreements (NDA)
Systems that are on premise:
- Can setup jenkins to build and deploy in local test environments.
- Implement proper service access procedure and IT policies
- Implement data protection policies to prevent manipulations and unauthorized access to sensitive data
- Implement firewalls/VPNs if connect/allow access from/to remote locations/home etc.
- Local data centre hardware/software needs to be encrypted and use keep updating password sensitivity or password life cycle.
Systems that are on AWS:
- Blue-Green deployment plans to reduce deployment related risks
- Have proper roll back plans
- Implement extra security measures
- Implement password management tools/Key management tools etc.
- Implement good AWS governance.
thank you, as a project manager without a technical background on the subject matter this type of schematic is great to have an idea of what must happen.
Dear All, this is just a draft idea formulated by me. I really appreciate if there are any suggestions, so that I can improve the article.