Rail is becoming more and more popular among passengers, and railway systems have been in existence for decades. They are a highly cost-effective technique for delivering freight. Rail systems that have a sizable legacy operational technology (OT) footprint are only now starting their journey toward digital transformation.

By introducing cutting-edge technology and operational intelligence to rail transportation, greater efficiencies can be generated while safety is increased. Sensors supply the information needed to create a complete picture of operations that are represented by a digital duplicate of the train network. The movement of rolling stock can be automatically and most effectively coordinated using the data’s intelligence. This blog post examines how Alstom transformed railroad operations using Red Hat edge technology.

Alstom is a market leader that creates and distributes mobility solutions, including turnkey systems, services, infrastructure, signaling, and digital mobility. These solutions include high-speed trains, metros, monorails, and trams. The business has activities in 70 different countries, with its headquarters in France.

Climate changes make it difficult to supply dependable solutions in places like Kazakhstan, necessitating extensive testing of the components. With the help of edge processing and data collected from sensors, Alstom’s signaling solutions improve capacity, reliability, and safety.

Over the next ten years, rail firms’ need for cutting-edge solutions is projected to rise because of the rising demand for quicker, more environmentally friendly transportation options and the unpredictable cost of gasoline. The following difficulties were overcome by Alstom’s rail network solutions using Red Hat technologies:

1. Hardened Cybersecurity: Security is a must since transportation is a vital resource, and a hacker taking over OT systems might have disastrous effects. Vendors of railway systems need thorough testing and total control over hardware and software.
2. High-availability devices: An end-to-end Internet of Things (IoT) solution necessitates durable built-for-purpose devices because rolling stock and railway lines are situated in regions with various climatic extremes, from desert to sub-zero temperatures.
3. Limited connectivity: Devices must be able to function independently in remote locations with minimal to no connectivity. In these settings, edge solutions are perfectly suited to provide essential functionality.
4. Integration: A trustworthy message service with guaranteed delivery and integrated security is required for the integration of current legacy OT systems with the current container technology of IT systems.

Here is an illustration of the Alstom solution’s components:

On the Red Hat website, you can find out more about each component, such as Red Hat Enterprise Linux (RHEL) and Red Hat Ansible Automation Platform. Here, we’ll outline the advantages of using open source components in an implementation of an edge solution:

1. Agility: There could be thousands of computers running software, depending on the size of the rail network. In an edge architecture, the patching of these apps and the underlying operating system software must be automated.
2. Security: Hackers routinely target vulnerable targets, such as the IT infrastructures of small enterprises. Hacking a country’s infrastructure is very alluring because it requires total command over all hardware and software throughout a railway network. The risk of cybercriminals taking control of the hardware and software stack is decreased by internal management and ownership of the software supply chain pipeline.
3. Response time: In a rail network with hundreds of roadside devices, processing constant communications from rolling stock requires a quick response time to events. A low-latency environment meeting the needs of an edge solution is made possible by cloud-native technology using containers executing applications on bare metal.

The following are some examples of how an edge solution used in rail networks adds to the bottom line:

Energy efficiency: Information about the fixed rail network is used by railroad operators to arrange freight and passenger traffic. The energy utilization of rolling stock can be optimized using sensor data by continuously adjusting schedules in real-time.

Inscreased usage infrastructure: Trains may travel with closer spacing between them thanks to automation using discrete data from the rail network. By reducing wait times without requiring additional capital investment in infrastructure, the increased capacity accelerates freight transportation and improves the passenger experience. Increased use of railroads for transportation due to dependability and regularity reduces carbon footprint.

Security and safety: Combining IT and OT may make it possible for malicious actors to affect enhance efficiency, which could have negative effects. Stronger IT security requires using operating systems that prevent the inclusion of new software outside of the image-creating process and getting upgrades to the edge to close known vulnerabilities. The infrastructure is protected from cybersecurity threats by using fewer vendors and a stack of open-source software that is regularly updated.

Customer safety and experience: Real-time scheduling modifications enhance overall punctuality. A train network can proactively alert users of delays by gathering detailed data.

Predictive maintenance: The ability to predict impending problems using data from sensors that monitor variations in vibration and sound helps to increase uptime while lowering the cost of maintaining rolling stock. Unexpected delays can be decreased by improving equipment uptime and dependability.

Other industries that combine IT and OT at the edge

Alstom’s use of an edge solution is a creative application of open source container technology that integrates IT and OT to produce commercial value. Such solutions can be used in the following sectors as well:

Local governments: Utilize in-vehicle data and sensor data to reroute traffic in real-time throughout a municipality to improve transportation systems. The efficiency of transportation can be increased by integrating data with nearby cities. To improve customer satisfaction and reduce vehicle breakdowns, metro bus networks can integrate sensors for predictive maintenance. Information from surveillance cameras and gate sensors could be used for crowd control at stadiums.

Shipping services: To reduce its carbon footprint, trucking can use vehicle data to plan and improve crew scheduling as well as trip routing.

Manufacturing plants: Predictive maintenance can lower the cost of equipment operation while improving production efficiencies. Using data from sensors displayed in a digital twin of a manufacturing plant, they may also optimize operations.

Public utilities: Data from sensors can be used by 5G technology to proactively route repair personnel to the most suitable sites and identify water leaks.

Commercial buildings: By integrating natural air with artificial heating or cooling systems, air conditioning systems can be improved to provide a constant climate experience throughout a facility. Boost energy efficiency by using intelligence derived from information gathered by sensors both inside and outside the building.

Modernizing edge environments should result in much higher efficiency. Enterprises can transition to being completely digital companies by fusing OT and IT. An example of a group of open source programs that contribute to the innovation from the core to the cloud to the edge is Alstom’s implementation of an edge solution.

The Alstom solution enhances the passenger experience and increases freight efficiency without requiring the addition of expensive physical infrastructure. The solution satisfies the critical infrastructure’s requirements for security and high availability. Businesses should employ tried-and-true architectural frameworks, like those used by Alstom, to hasten the digital transformation process for cutting-edge innovation in the future.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

A clear comprehension of the syntax of the language you are using plus some structural and logical reasoning is all that is needed to write a computer program, which isn’t all that difficult for most people.

But adding a layer of complexity to the process of developing software with a higher security posture is something that not all developers can do or comprehend. Open source is beneficial. Your code can be viewed by open-source programmers, security analysts, and auditors, who may even help you find and fix issues.

This essentially implies that the developers now have a higher obligation to produce high-quality code that is free of known vulnerabilities. It does not imply, however, that they are allowed to design insecure software with the expectation that users will fix the bugs or errors for free.

In terms of open-source development and software security, Red Hat occupies a special position. Many of our products rely on upstream open source initiatives. While Red Hat participates directly in many significant projects—either through upstream developers who work for Red Hat or through other direct and indirect contributions—other initiatives are completely independent.

This creates a special challenge, but it also offers a chance to see if using business open source software from a provider like Red Hat helps reduce risk and achieve compliance with relevant U.S. government guidelines for best practices in information security.

What do we provide for our customers?

During software development, secure software development practices are important. Before the code is built and delivered to users, design and code validation can be helpful post-developmentally. Before actually delivering software to our customers, Red Hat performs some processes, including:

• Code scanning: Before it is compiled, source code is scanned in this procedure to more effectively find security holes and weaknesses. This helps in the early detection and correction of problems. This procedure can identify problems with the way code is written, but it cannot identify logical or design errors. Red Hat believes that early identification is crucial since it helps to protect not only our customers but also the entire open source community because security fixes are sent upstream so that everyone may take advantage of the repair.
• Threat modeling: Potential risks, design flaws, and other higher-level concerns not addressed by code scanning or code audits are found using this technique. This helps us evaluate the software security controls an application needs to set effective defenses against potential threats. This aids in the cost-effective early problem resolution and security posture improvement of any application.
• Software bill of materials  (SBOM): Knowing exactly what you are delivering is crucial in determining the security posture of open source goods because they typically consist of numerous smaller projects. This aids Red Hat Product Security in managing vulnerabilities effectively.

6 tips for open source developers

There are some things you can do as an open-source software developer or project leader to contribute to the creation of better safe software.

1. Learn everything you can

A smart place to start is by learning about security and secure coding practices. Online, there are some resources, the majority of which are free (in the genuine open source spirit), including:

• Secure Software Development Fundamentals Courses from OpenSSF is an excellent starting point.
• You’ve Got Microservices from Red Hat Developers… Let’s Protect Them! discusses protecting microservices and provides links to additional secure code instructions.
• If you’re interested in learning about linguistic peculiarities, etc., the Fedora project defensive coding guide is a great place to start.
• Check out the CVE database of previously discovered security weaknesses as well. These usually have references linked to them, which makes them useful for learning how the vulnerabilities were created in the first place.

2. Get your code peer-reviewed

• The good news is that if you work on a development team, your coworkers can already peer-review your code before you commit.
• If you are a sole developer, no problem! It should be OK to request assistance on public forums or mailing lists. Simply have a second set of eyes go at your code—it always helps!

3. Use free security tools

• On the internet, there are several free security analysis tools to choose from. You could use anything from free source code scanners to threat modeling tools to binary analysis tools from this list.
• Even those that give away the very minimum of functionality for free can offer valuable insights into your project.

4. Have a process to respond to vulnerabilities

• Secure software development involves not only finding defects early but also fixing problems that are found after code has been sent to clients and users.
• Make sure this is appropriately promoted on the project page and have a way where security issues can be reported (perhaps an email address). Think about how you want to handle this because some journalists only prefer to send encrypted emails.
• Be prompt in your responses to reporters. Customers and users should be informed whether their version of the product is vulnerable or not by security advisories that are converted from any issues fixed and placed on the project page.

5. Network and keep yourself updated

• Doesn’t this hold in all situations? Spend a few additional cycles keeping up with the most recent attacks and tools available as a developer you keep yourself informed with the newest technology or even languages. It should all be worthwhile in the end!

6. Understand your weakest links

The saying “A chain is only as strong as its weakest link” is well known. The same is true for the creation of secure software. Although you as a developer take every precaution to make your code as secure as you can, there are still additional considerations. Here are a few things to remember.

• How secure is the build toolchain you use? How secure are your compilers, linkers, and other build toolchain elements if you are releasing pre-built binaries with your code? When building, are the proper flags being used?
• What server hosts your source code? Who else has access to the code if it is a cloud-based git repository, and how secure are your login credentials?
• Do your source-code tarballs have signatures? Use any contemporary tools, such as sigstore, to assure transparency.

Conclusion

It takes time to train developers and reviewers to have the proper mentality for this process of thinking about securely constructing your code. However, a thorough approach ultimately benefits both the creators and the code’s users. If you’re a developer, there is a ton of support available; all you need to do to get started is master the appropriate techniques and tools.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

To create attractive use cases for AI Integrated Communications (AIC) and Cyber-Physical Systems, the Innovative Optical and Wireless Network (IOWN) Global Forum is creating the next generation of data-centric infrastructure overall photonics networks (APN) (CPS). In the age of the green transformation, the strategy of the IOWN Global Forum will have a significant impact on the media, entertainment, and telecom sectors, among others.

RDMA over APN and Area management security use case PoC

The goal of this post is to show how RDMA over APN makes it possible for use cases in the forum to communicate across great distances without encountering any difficulties. The area management security use case in CPS for huge sensor data aggregation and ingestion is illustrated in the following PoC based on the IOWN reference implementation model, with RDMA over APN technology to boost data velocity for AI-inference. This IOWN reference implementation model will assist AI/ML users in increasing end-to-end data processing speed by utilizing IOWN technology, even if the existing Open Data Hub framework does not contain a solution to boost data velocity at the ingestion step in the data pipeline. Using data processing units (DPUs) or RDMA-capable network interface cards (NICs), which are required for this PoC, OpenShift supports GPUdirect RDMA and RoCEv2 (RDMA over Converged Ethernet v2).

Figure 1:  RDMA over APN in the context of Area management Security use-case

APN PoC-based 5G mobile front haul network

This PoC wants to show the advantages and viability of APN as a fronthaul solution. It is anticipated that the acceptance of mobile fronthaul over APN as a workable and promising solution would promote IOWN-related technologies and motivate service providers from all over the world to participate. The network’s ability to handle elastic load balancing and high availability services is seen in the following figure. The active and dynamic steering of radio access network (RAN) components, including the radio unit (RU) connections to a group of (virtual) distributed units (DUs), is referred to as elastic load balancing. This steering is based on the actual load. APNs’ ability to change wavelength lines dynamically enables them to reroute computing resources at the destination by the volume of traffic and other factors. The ability for service providers to dynamically allocate and deallocate DU computing resources can thus be achieved with the help of APNs. In phase 2 of the PoC, the forum focuses on the vDU deployment on top of the logical service node, which may be running on the full COTS (Commercial Off-The-Shelf) server or the entire DPU/IPU (Infrastructure Processing Unit). Multiple vDU cloud-native network functions (CNFs) from our CNF-certified partners could be run on DU servers that are used as a logical service node and running OpenShift.

Figure 2: vDU mobile front haul network over APN

Data-Centric Infrastructure-as-a-Service PoC

The proof-of-concept for data-centric infrastructure as a service is last (DCIaaS). The IOWN technology’s DCIaaS basis allows for the deployment of the IOWN data hub (IDH) and the IOWN mobile network (IMN), as well as CPS and AIC deployment for 6G (under development), multi-access edge computing (MEC), and 5G RAN. The goal of the DCIaaS PoC is to show the benefits of the open all photonics network across customer sites, regional edge sites, and core sites by showcasing a concept of a logical service node (see figure 3), which is composed dynamically of allocatable hardware device resource pools (CPU, GPU, DPU/IPU, etc.) to realize each use case in CPS and AIC. On a bare metal host with an x86 CPU, OpenShift can create a Kubernetes base logical service node (or virtualization environment). In this DCIaaS PoC, OpenShift can run on the DPU as an upgraded logical service node in addition to an x86 CPU base logical service node.

Figure 3: OpenShift base Logical Service Nodes in Data-Centric Infrastructure

Collaboration with Open Programmable Infrastructure project

It was discovered through forum activity that creating a network, security, or storage task requires a completely customizable open infrastructure paradigm across software stacks and DPU/IPU-like hardware devices. The Open Programmable Infrastructure (OPI) project aims to investigate and broaden the notion of programmable infrastructure using open ecosystems for next-generation architectures and frameworks based on DPU/IPU-like technologies that are standards-based, community-driven, and driven by community standards.

The original members, which included Red Hat, formed the OPI as a Linux Foundation project this summer. Both communities may benefit from the continuous cooperation between the IOWN Global Forum and the OPI project to achieve their shared objectives, with Red Hat and other ecosystem partners serving as catalysts for technological advancement and the investigation of new use cases.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Red Hat was fortunate to have Lee Jourdan and Shuchi Sharma participate in Red Hat Coffee Hour’s discussion of diversity, equity, and inclusion (DEI). We discussed what it is, why it is important for modern organizations and the best ways to implement it at work.

After holding the position of Chief Diversity and Inclusion Officer (CDIO) at Chevron, Lee Jourdan is an accomplished advocate for diversity, equity, and inclusion at the executive level. Jourdan first noticed the lack of persons of color in decision-making positions at the top of his business early in his career. His main goal was to influence the company’s culture for the better.

Vice President and Chief Diversity, Equity, and Inclusion Officer of Red Hat is Shuchi Sharma. Sharma, an immigrant from India, was raised to value hard work, saving money, and giving back to society despite racism and other difficulties. She was motivated to work for social justice in her own life by her grandpa, a freedom warrior for India’s independence.

The following six important points from this discussion with Jourdan and Sharma can assist your company in effectively incorporating DEI.

1. Focus your business on inclusion and purpose

Becoming a purpose-driven organization—a company that focuses and takes action on something broader than its goods and services—is a great way to structure your approach to DEI. When DEI is one of an organization’s guiding principles, it prioritizes its stakeholders and concentrates on involving communities with all kinds of various affinities. Such a company must make sure that everyone is treated with respect, is made to feel at home, and is allowed to voice their opinions.

Increased productivity, better interpersonal connections, and greater business potential can all be achieved by incorporating a sense of purpose into everything your company does. Leaders in such a group should take great care to ensure that no affinity is excluded, not even unintentionally. As people are more driven to perform better and be more engaged when they feel included, inclusion is a great method to offer value. You may enhance your employees’ satisfaction and output by making sure they feel included.

2. Learn why you want to increase DEI

Any DEI endeavor should clearly state its “why.” Employees will feel empowered to make decisions when the reasons for embracing DEI are understood and effectively communicated inside your organization, and the culture of diversity and inclusion will start to take on a life of its own. You want individuals to recognize the advantages of their actions. Inclusion and equity are moral requirements that are important in creating a better culture and even better society. But there are other practical reasons for supporting DEI.

Here is a useful example. Sharma believes that experiencing diversity is like listening to an orchestra, where each instrument has its unique tone, rhythm, and personality. However, the pieces come together to form something more than the sum of their parts. In this approach, bringing together individuals from different backgrounds results in special combinations of the characteristics that make us human. This combination of skills can accomplish things that have never been done before.

Diversity can give you a competitive advantage as well. Your employees’ sense of learning, collaboration, and agency can be inspired by moving in the direction of a more important goal. As a result, there will be more innovation as people with different perspectives work together to develop solutions.

3. Because the task is leader-driven, engage senior leader commitment

Senior leadership is responsible for setting DEI goals, sharing data, bringing the organization together, and promoting responsibility. It’s important to be aware of who can be overlooked, to fill in any organizational blind spots, and to take your company hierarchy into account.

It can be important to remove those hierarchical obstacles to ensure that top leaders are well-informed on issues that might not affect their day-to-day experience. Jourdan advises “mutual mentorship,” also known as “reverse mentorship,” which pairs a leader with a worker from a different background so they can both learn from and understand each other’s adventures.

4. Be mindful about including everyone

Your workplace will not experience inclusion by mistake. It needs to be carefully encouraged. It is important to actively work to broaden the perspectives of your company’s employees, including everyone in discussions, and find and remove barriers for those who face them.

It can be important for people in positions of privilege to actively engage in study, seek out discourse, and change on an individual level. Step up, ask the tough questions, and don’t be scared to make a mistaken statement. Genuine change results from open discussions.

Organizations should talk about what needs to change, but it can be equally vital to share success stories. Celebrating DEI accomplishments is an excellent approach to keeping motivation and focus.

5. Prioritize data transparency

Organizations looking to enhance DEI should think about enhancing data transparency related to representation and promotion. Employees can contribute to more fair workplace patterns by being given access to specific data. To ensure there is no disparity in promotion rates between gender, race, or other affinities, some organizations provide promotion data in addition to representation data.

Making ensuring that these concerns are well-lit and that information is easily accessible will help keep this topic on the front, ensure that the organization’s commitment to change is supported by facts, and ensure that real progress is accomplished.

6. Encourage your staff to fulfill their potential

A purpose-driven business helps its people to embrace their identities, which is one of its advantages. We may all become more productive at what we do when we know that we are loved for who we are. An organization that welcomes workers from all backgrounds and connections gains access to a far wider and more diverse talent pool.

Jourdan presents an excellent example of a project he worked on that tried to rewrite the history of neurodiversity by fostering a work atmosphere that was accepting of people with autism spectrum disorders. This program helped them realize their potential by seeing to their needs, and several of the interns were ultimately hired on a full-time basis.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Many of us have laptops, tablets, and phones in our Internet-connected homes. With a few servers and associated storage devices, some of us may even have home labs. We’re also more likely to have things connected to the Internet of Things in the future (IoT).

What is the Internet of Things?

Devices like smart TVs, security cameras, thermostats, smart lamps, game consoles, DVRs, and other items are included in the Internet of Things. Your refrigerator, washer, and dryer, as well as kitchen scales, blenders, sous, vide cookers, and outdoor grills, may all be connected household appliances.

At the very least, we should change the factory default credentials and create secure passphrases when installing these devices. But many of us forget to keep updating our gadgets’ software once they’re up and running. We’re all busy, and if we care to check at all, it’s so simple to click “Remind me later.”

These linked gadgets may not immediately come to mind as targets for cyber assaults, but they can serve as ports of entry for hackers to enter other systems, putting your data and privacy at risk.

Examples of IoT at the office

How does the Internet of Things work at work? In addition to connected security cameras, DVRs to record video footage, smart locks and badge-reading devices, environmental controls, and fire suppression systems, smart TVs may be employed as digital signs.

Consumer-grade IoT gadgets may also show up in our networks and businesses. When they brought in Pat’s streaming stick to watch the big game on the big screen in the conference room last spring, it was a big hit. Brenda’s treasured toaster and Steve’s smart kettle might be in a break room near you right now!

What is shadow IT?

Shadow IT refers to the use of information technology by people or groups outside of the main IT department of a company. These unofficial systems are usually established as a result of real or imagined flaws in centralized information management systems.

We don’t usually encounter questionable individuals when we look at cases involving shadow IT. Instead, we select intelligent, hardworking individuals who genuinely want to solve issues and contribute to their fields of endeavor. Workers occasionally lack knowledge of available options and offerings that might satisfy their demands.

Shadow IT examples

The colloquial “server beneath the desk,” cloud provider accounts, and productivity applications like chat, file-sharing, and note-taking programs are all examples of shadow IT. When time constraints, frustrations, and the need for flexibility collide, employees, resort to Shadow IT. When deadlines are approaching, it seems unworkable to wait for the IT department to deploy a new program (much alone go through the contract negotiation process).

Take tech professionals as an example who frequently need to cooperate in close to real-time.

Most of them have advanced technical skills, and some of them are roadies who frequently travel to work with their clients. They want a chat app that works on both their PCs and phones, doesn’t require a VPN connection, enables lengthy discussions, and meets their technical feature needs. Their preferred threading experience in group conversations, APIs that enable them to design chatbots that interface with other tools, and a variety of ways to express oneself beyond text are all must-have features.

They are aware that they have some options if they are unsatisfied with the company’s current chat program, including setting up their chat server, using personal messaging services or social media accounts, or registering for a free Software as a Service (SaaS) option online.

Shadow IT consequences

What possible effects could pursue shadow IT have? In the given case, our tech staff members’ chat software might not use end-to-end encryption, passing their conversations in clear text. It might lack a reliable authentication system and most likely won’t be included in the business’ SSO.

Who will oversee the accounts, add new workers when they come on board, and more importantly, remove them as they depart? Old accounts that were abandoned without being checked on might still have access to all chat history and could be compromised and used for corporate espionage or other illegal acts.

What would happen if the chat solution was later abandoned if business processes grew to depend on the service, such as ChatOps connectors with CI/CD pipelines?

What happens if only a part of the company uses the alternative chat program? This could result in scattered islands of various groups of workers, or even worse, overworked employees who must monitor talks across different platforms.

What information would be made public if the chat software was compromised? How could a potential compromise be explored if the chat solution has insufficient logging capabilities or the logs of a social media app or SaaS product are just not accessible to end users?

Did the team carefully study the terms and conditions of any services they paid for to comprehend the agreement they signed on behalf of their employer? They might have consented to the sale of their data or the provider’s exclusion from responsibility in the event of a data breach.

It may be devastating for their business if the conversations our tech workers have about their clients, their data, and their contracts are made public. A significant loss of customer information could lead to brand-damaging public disclosures and penalties under the GDPR and other privacy rules.

How to stop shadow IT?

In a perfect world, we would be able to stop shadow IT before it even gets off the ground by offering IT services that fully meet the requirements of our staff members and the training necessary for them to take full advantage of those services. However, it may be impossible to completely prevent shadow IT as the universe of possibilities continues to grow and our users’ needs get more specialized.

We may make decisions as IT professionals to lessen the risk posed by shadow IT. We can start by looking for the use of unauthorized systems. If we start with an accurate and current inventory of all of our hardware and software assets, this task will seem less difficult.

A complementary strategy might be to simply speak with our users to find out what demands aren’t being satisfied by the services provided by IT and how they get around such restrictions. These discussions may offer an opportunity to further inform our users on the features and capabilities of our current IT offerings. We might also find an unusually large number of existing shadow IT systems.

Managing existing shadow IT

The original reaction may be a strong urge to completely shut everything down when we do discover existing shadow IT networks. Instead, keep in mind that our users who took the time to build up shadow IT systems are trying to communicate with us, and we would be wise to take a moment to do so.

We may learn about the problems experienced by our employees and the limitations of our systems when we approach shadow IT with curiosity, and we can then develop a strategy to appropriately solve those problems. If we discover that our users aren’t making use of the current services, this gives us the chance to enhance our education programs. We can work with our users to suggest a strategy for switching to authorized systems.

Our strategy may involve collaborating with teams to bring their system in line with corporate IT and security requirements when our users’ shadow IT systems are unable to adequately answer a demand. The risk of compromise and data leaks can be reduced with the use of this kind of solution, which can also enable users of the system to have realistic expectations for system maintenance.

The ideal strategy may be to guide the teams managing the shadow IT systems through the “becoming legit” process, which can involve carrying out security and data protection assessments, negotiating an enterprise agreement with a service provider, and setting centralized authentication and logging. Our users will feel heard, believe that their IT team is attentive to their needs when we can bring a shadow IT system into the open as an official IT system, and the final product will likely be acceptable to all.

Shutting down shadow IT

We might need to pursue a shutdown if a Shadow IT system cannot be made compliant. Some of our users may find this upsetting and difficult to accept, but open and honest communication is helpful. Goodwill toward the IT department can be maintained or restored by explaining why a shutdown is unavoidable, defining expectations on sunset timescales, and defining our plans to address unmet needs with an alternate solution.

We choose inaction when we don’t move toward a managed risk strategy, the road to legitimacy, or a controlled shutdown. Not only does ignoring shadow IT encourage its growth and fail to address its risks, but it also communicates negative information about our IT organization. Whether or not our users understand our quiet as incapacity or indifference, it does not favor us. On the other hand, adopting constructive action along with openness and two-way communication results in the perception that IT is a trusted partner, not a burden.

What is a botnet?

A botnet is a group of computers that have been infected with software that enables remote control of the entire network without the owners’ knowledge or consent. To give orders to their hordes of machines, botnet controllers use covert channels. These orders tell the machines to transmit spam, click fraud, steal personal information, use password-cracking software, or launch Distributed Denial of Service (DDoS) attacks.

Botnets can be centralized, in which case new hacked devices connect to a central command and control (C&C) server to open a channel of communication. The C&C can then instruct its bots using this command channel. Other botnet organization strategies have emerged because a centralized C&C server is usually a single point of failure for a botnet (that is, knocking it down can minimize the effectiveness of the botnet).

Layers of various C&C servers may be present in tiered C&Cs. Decentralized or peer-to-peer botnet members act as C&C servers that issue commands to other botnet members as well as clients that receive commands. Some botnets even attempt to hide in by using public communication channels like Pastebin.

What is an IoT botnet?

IoT botnets function similarly to traditional botnets and are simply botnets made up of compromised IoT devices. While searching for open ports and default passwords, many IoT botnets also look for more devices to corrupt to attack as many as possible with their malware. Modern IoT botnets can scale up more than typical botnets that depended on infecting sensitive PCs and servers since thousands of similar-configured (and similarly vulnerable) IoT devices may be deployed at once.

Because IoT devices are often always on and linked, attackers find them appealing (think DVRs and security cameras). IoT botnets are particularly well-suited to launch powerful DDoS assaults because of their potential size. Some, like Mirai, have even generated more traffic than 1Tbps.

Malicious executable and linkable format (ELF) binaries, a file format usually present in the firmware of embedded systems, can target IoT devices that use Linux and Unix-based operating systems. By using the hardcoded default credentials (admin/admin) when these devices are directly linked to the public Internet, malware can be distributed quickly and easily using the SSH or telnet network protocols.

Exploiting security bugs in unpatched, factory-shipped firmware versions is one of the other possible strategies. Once a connection to an IoT device has been made, the malware payload is sent to finish adding the device to the botnet. To maintain control, attackers may then alter the default credentials, blocking access from the device’s owners (or other attackers).

Many infected IoT devices don’t show any performance decrease even when actively taking part in a DDoS attack and just carry on operating as planned. Because of this, their owners may never learn about the compromise or decide to fix it. Attackers can utilize IoT devices for weeks, months, or even years without being discovered because many of them aren’t kept up with regularly or constantly monitored.

How to avoid IoT malware?

Shadow IT and the IoT combined can have negative outcomes on IT and security teams, well-intentioned workers, and even the bottom line. The good news is that protecting yourself from IoT malware is rather easy:

• Any embedded device’s default credentials should always be changed, and a secure passphrase should be used in its place.
• To be protected from potential dangers, users should frequently check with the manufacturers of their devices for firmware updates.
• You can still minimize your exposure if a smart device is the best option to meet your needs. It is possible to disable the “smart” characteristics of some devices, such as televisions. Using different VLANs and firewall rules, you can take action to isolate these devices on your network. If the features aren’t required, you can also decide to avoid connecting the device to the network altogether.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

It is commonly known that SAP landscapes tend to be extremely complicated, in addition to being essential to the operation of multinational corporations. This is due to the high number of various programs that normally make up an SAP installation base (such as ERP, BW, GRC, SCM, and CRM), as well as the fact that these products frequently interact with other third-party applications to build a wide ecosystem.

A wide range of applications accesses this data since the SAP landscape includes information on HR, finance, supplier change, customer relationships, business warehouse, and many other areas. This results in heterogeneity, which developers and architects may find difficult to manage, particularly when they have to specify connections between the SAP estate and the apps that must connect to it.

The Enterprise Service Bus (ESB) or Enterprise Application Integration (EAI) patterns have always served as the foundation for the traditional method of developing and utilizing these integrations. Both models can be used to build integration platforms, however, one of their main problems is a lack of integration abstraction. Because of this, it is highly challenging to develop reusable components for various applications, leading to a view that is neither portable nor simple to maintain. These patterns are used by SAP’s classic integration platform, SAP PI/PO (formerly known as SAP XI).

Due to their nature, ESB and EAI patterns aren’t appropriate for working with cloud-based applications. The way businesses interface their applications with the SAP backbone needs to change because cloud-native deployment is an obvious developer trend. Additionally, microservices are becoming incredibly common since they offer a lot more modular approach and, because processes are divided into smaller, more manageable pieces, if one of them fails, the entire process will be discarded.

All of these qualities are covered by the API-First strategy to integration, which emphasizes reusability, abstraction, generalization, and portability. This starts by defining the APIs that will be used to call the necessary functions, and once that is done, the actual code is developed. Given that they are just given sets of APIs, this model is quite user and developer helpful. They only need to write calls from the application or code being written because the implementation details have been abstracted away. This improves portability between platforms, allowing us to use an integration on-premises or on a different cloud from the one it was originally built on without having to redefine it.

When taking into account the requirement to transition to SAP S/4HANA by 2027, the value of employing an API-first integration platform becomes even more apparent. One of its ideas is to “keep the core clean,” which refers to the idea that no custom code should be developed in the system’s core (what made the SAP version upgrades cumbersome). To adhere to this, users must transfer all of their existing installations outside (as well as create new ones outside), while continuing to connect to and communicate with the SAP core.

Even clients who haven’t started this migration yet can profit from removing their custom code from SAP (they’ll probably find a lot of stuff that they can get rid of because it’s no longer needed), and putting it somewhere else. As a result, migration may go much more quickly and simply.

A high-level representation of an API management platform for SAP is shown in Figure 1, along with some of the primary reasons for customers to build and make use of it.

Figure 1. API management platform for SAP

The different applications that use data from SAP are hosted on satellite systems, so they do not need to be aware of the specifics of the data’s or SAP systems’ structures.

Implementing the solution

Customers may move all of their legacy apps to Red Hat OpenShift using the integration platform, and they can deploy all of their new applications on Red Hat OpenShift clusters. This goes well with the requirement for application development modernization, another ongoing trend.

The collection of technologies that Red Hat Integration offers enables the integration of SAP and non-SAP applications. Red Hat Fuse, which is built on Apache Camel and features specific elements for SAP that utilize its main protocols, is one of the main technologies used in this solution (RFC, OData, iDocs, etc.). It performs the conversion between the formats used by various third-party programs and those used by SAP, as well as exposing the SAP functionalities and data structures as APIs.

Red Hat 3Scale, which acts as an API gateway and is the single point of contact for the apps that must communicate with SAP, is the second key component. Role-Based Access Control (RBAC) is added to ensure that only applications that are authorized to access the APIs will call them. It maintains an inventory of all the APIs required throughout the whole IT landscape. It also enables you to monitor how each API is being used.

Figure 2. Integration possibilities with Red Hat Fuse and Red Hat 3Scale

Some uses for the platform for managing APIs

Let’s analyze a few cases when an API-based integration platform has been used.

The first instance is when an application needs to use SAP to do a task, such as getting a purchase order’s specifics (PO).

The application will establish a connection with the API gateway and ask to utilize the API to get the PO’s data. If allowed, the API gateway (Red Hat 3Scale) will send the API request together with the application-provided parameters to the data integration component (Red Hat Fuse). Data integration will translate the application’s request into SAP format and establish a remote function call (RFC) connection with the SAP system. Executing a business API will then start the process to retrieve the PO (BAPI). Following that, the data will be returned to the calling application over the API gateway.

Figure 3. Application invoking an SAP function

An application that has to directly access a data structure in the SAP backend represents the second use case. It will connect to the API gateway and call the required API to accomplish this. The call will then be passed on to data integration, which will conduct another security check to determine whether the calling application has access to the SAP client from which it is attempting to access the data. If the application is permitted to use the API, it will then be passed on to data integration (to implement this check, an additional database with authentication tables has been deployed on Red Hat Openshift). If so, an OData conversion will take place before sending the query to SAP. Data integration will then use the API gateway to return the data to the calling application after it has been retrieved.

Figure 4. Application retrieving data from SAP

Applications that usually use data from an SAP BW system for business analytics are another interesting use case. Adding a cache functionality to avoid processing bottlenecks in the SAP backend is a smart solution because the queries used in this type of system are expensive and can result in performance concerns.

Another use case entails the exchange of files and messages across programs that are the source (non-SAP) and the target (SAP), like the one they have employed at Tokyo/TEL.

The apps make use of the JDBC/ODBC connector that comes with Red Hat Integration, which enables direct access to SAP systems by utilizing the Python OData library, in this scenario instead of the API gateway to demonstrate a simpler approach. If the desired data is already there in a caching PostgreSQL database that has been set up on the Red Hat OpenShift cluster, the application will first check that it is there before sending the request to the connector. If so, it will return the data to the application; if not, the query will be transmitted to the SAP BW system in OData format. The outcome is then returned to the program after being saved in the database.

Figure 5. The application used cached data from the SAP BW system

The usage of Red Hat Fuse to replace ad hoc, non-portable old batch procedures for file sharing is the last situation worth addressing. In this situation, Red Hat Fuse will handle all file manipulation required so that SAP and third-party apps can transmit and receive files in their native formats without the need for complicated logic that is only suitable with a small number of workflows.

Figure 6. Example of batch process to process invoices that can be transformed using APIs in Red Hat Fuse

Summary

For customers who are still using legacy SAP systems and are getting ready to migrate to SAP S/4HANA as well as for those who have already made the transition, integrating SAP and non-SAP apps is an important thing. In both situations, the SAP backend must communicate with numerous different apps, and given that this number is expanding quickly and that more flexible and agile deployment is required, they require a platform that is simple to maintain and can offer any kind of integration.

Both of these situations are covered by Red Hat Integration on OpenShift. Because it is built on APIs, it offers a mechanism to build reusable, simple-to-maintain connections between SAP and non-SAP applications. Additionally, it offers a platform for the creation and operation of all SAP-connected apps, enabling the adoption of cloud-native development practices and microservices. This will enable businesses to be much more flexible and shorten their development cycles.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

The cluster lifecycle component of Red Hat Advanced Cluster Management is now generally available in a standalone operator called the multicluster engine, and it’s supported as part of your OpenShift or Red Hat OpenShift Kubernetes Engine subscription. This is a significant game-changer for Red Hat OpenShift customers. Continue reading to find out how Red Hat has evolved to meet the problem of cluster lifecycle management and to find out more about the advantages the multicluster engine operator may provide your business.

The cluster lifecycle management dilemma

Controlling the lifespan of an expanding fleet is one of the biggest difficulties in scaling Kubernetes settings. It’s simple for cluster resources to grow out of control when new environments appear left and right to serve new teams, adhere to new limits or cover new geographies.

Red Hat has made significant investments in automating the OpenShift installation procedure, supporting installer-provisioned infrastructure for an expanding number of providers, and significantly streamlining the process of setting up new self-managed clusters. We’ve also worked with business partners to develop Software-as-a-Service (SaaS) versions of OpenShift over the past few years, such as Red Hat OpenShift Service on AWS (ROSA) and Azure Red Hat OpenShift (ARO).

But by making the construction of new clusters commoditized, we’ve made it harder for our clients to manage other lifecycle tasks for the clusters they build. Managing credentials, Terraform files, and other automation assets to support cluster start/stop, upgrades, or deletion can get very complicated, especially for customers whose IT landscape spans numerous infrastructure providers across clouds and data centers.

Enter Red Hat Advanced Cluster Management for Kubernetes

The IBM team had been working on an open source project called Open Cluster Management that was created to address these specific issues when Red Hat was acquired by IBM in 2019. Those tasked with managing Kubernetes clusters across dynamic and expanding IT ecosystems could greatly benefit from a centralized cluster management solution.

The Open Cluster Management project was relocated to Red Hat and then developed into Red Hat Advanced Cluster Management for Kubernetes as a result of the advantages it would provide to users of OpenShift and other Kubernetes distributions. Red Hat Advanced Cluster Administration, now a staple of the Red Hat portfolio, offers not only the aforementioned cluster lifecycle features but also solid governance and GitOps platforms that elevate cross-cluster policy and application management to a whole new level.

Multicluster engine: A happy medium

Since Red Hat Advanced Cluster Management was introduced, our hybrid cloud capabilities have never been more competitive. Building huge OpenShift environments didn’t have to come at the expense of having to struggle to maintain them because we knew we could give powerful cluster management for the lifecycle, policy, and application domains. The fact that many clients wanted a stand-alone cluster lifecycle management solution remained a challenge. These companies are fully dedicated to establishing a cluster lifecycle strategy, but they lack the time or resources to fully make use of Red Hat Advanced Cluster Management’s additional features.

Red Hat decided to include the cluster lifecycle feature set into its solution, the multicluster engine, to best serve the needs of its customers. It offers complete lifecycle capabilities for managed OpenShift clusters and partial lifecycle management for other Kubernetes deployments. It is available as a supported operator on OpenShift 4.8.2 and later. Multicluster Engine offers a management perspective that is fully integrated into the OpenShift Web Console, much like the corresponding component of ACM. Here’s a glimpse of how it appears:

We’re leveling the playing field for all OpenShift customers with the introduction of the multicluster engine. More than ever, we are enabling teams to lean into expanding ecosystems via

• uncontrolled cluster creation and destruction to control resource sprawl
• Managed clusters can be put into hibernation or resumed to reduce infrastructure expenditures.
• Remote upgrades are carried out to guarantee that managed clusters receive the newest features and fixes.

Visit the multicluster engine documentation right away if you’re an OpenShift user looking for a stylish cluster lifecycle management solution.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Simply described, edge computing is the processing of data that occurs at or close to the physical location of either the user or the data source, such as a device or sensor.

Users gain from faster, more dependable services and enterprises gain from the open hybrid cloud’s flexibility and agility by bringing computing services closer to these places.

Edge computing challenges

But as devices and services proliferate at edge sites, there is more to manage beyond the realm of conventional operations. Platforms are expanding well outside the data center, devices are proliferating and dispersing over broad distances, and on-demand services and applications are operating in vastly dissimilar and remote locales.

Organizations are facing new issues as a result of the changing IT landscape, including:

• ensuring that they are equipped with the knowledge to handle changing edge infrastructure needs.
• building capabilities that respond more securely and reliably with no need for human engagement.
• effectively scaling at the edge while taking into account a growing number of endpoints and devices.

Although there are many challenging obstacles to overcome, edge automation can help with a lot of them.

Edge automation benefits

In order to better take advantage of the advantages edge computing offers, automation at the edge can greatly reduce the complexity that results from extending hybrid cloud architecture.

Edge automation can benefit your business by:

• By applying configurations more consistently throughout your infrastructure and managing edge devices more effectively, you may increase scalability.
• By responding to shifting customer needs and employing edge resources only when necessary, you may boost agility.
• By automatically running updates, patches, and necessary maintenance without dispatching a technician to the site, you can focus on remote operating security and safety.
• By streamlining network administration and lowering the possibility of human error, downtime can be reduced.
• Improve performance and increase productivity by automating analysis, monitoring, and alerting.

7 examples of edge automation

Here are some use cases and examples that are industry-specific and show the value of edge automation.

1. Transportation industry

   Transportation businesses may effectively deploy software and application upgrades to trains, airplanes, and other moving vehicles with considerably less human participation by automating difficult manual device configuration operations. This can allow up teams to work on more valuable, innovative, and strategic projects by saving time and reducing manual configuration errors.

   Automating device installation and management is often safer and more dependable than a manual approach.

2. Retail – Setting up a new retail facility, including setting up computing resources throughout the store, configuration management of networked devices, configuration auditing, and getting its digital services online, can be challenging. Additionally, the IT focus switches from speed and scale to consistency and reliability once a store is established and open to customers. Retail stores can set up and maintain new devices more quickly and consistently thanks to edge automation, which also lowers human configuration and update problems.
3. Industry 4.0 – Industry 4.0 is characterized by the integration of technologies like the internet of things (IoT), cloud computing, analytics, and artificial intelligence/machine learning (AI/ML) into industrial production facilities and across operations. This includes everything from smart factories to supply chains to oil and gas refineries. The factory floor serves as one illustration of the importance of edge automation in Industry 4.0. Edge automation there can assist in finding flaws in manufactured components on the assembly line with the support of visualization algorithms. Spotting and warning workers of dangerous situations or forbidden conduct can also help increase the safety of production operations.
4. Telecommunications, media, and entertainment – There are many benefits edge automation may offer service providers, and one of them is a definite increase in the user experience. Edge automation, for instance, can transform the data that edge devices generate into insightful knowledge that can be applied to improve the user experience, such as automatically resolving connectivity difficulties.Edge automation can also speed up the supply of new services. Without the need for a technician to be present, service providers can send a device to a customer’s house or place of business that they can just plug in and use. In addition to enhancing the user experience, automating service delivery makes network maintenance more effective and may even result in cost savings.

5. Financial services and insurance

   More individualized financial services and tools that can be accessed from almost anywhere, including from consumers’ mobile devices, are in high demand from customers.

   Edge automation can help a bank scale the new service while also automatically meeting strict industry security standards without affecting the customer experience, for instance, if the bank launches a self-service tool to assist their customers in finding the right offering, such as a new insurance package, a mortgage, or a credit card.

   When combined with the dependability and scalability that financial service providers require, edge automation can assist deliver the speed and access that customers need.

6. Smart cities – Many municipalities are implementing cutting-edge technologies like IoT and AI/ML to monitor and address problems affecting public safety, citizen satisfaction, and environmental sustainability to enhance services while boosting efficiency. Early smart city initiatives were limited by the available technology, but with the rollout of 5G networks (and upcoming new communications technologies), data speeds have increased while also enabling the connection of additional devices. Smart cities must automate edge functions, such as data collecting, processing, monitoring, and alerting, to extend capabilities more efficiently.
7. Healthcare – Technologies have developed and multiplied to support these new surroundings as healthcare has long since begun to shift away from hospitals and into distant care treatment options like outpatient centers, clinics, and standalone emergency rooms. Based on patient data collected by wearables and several other medical devices, clinical decision-making can also be enhanced and customized. Clinicians can effectively transform this deluge of fresh data into insightful knowledge to assist improve patient outcomes while generating both financial and operational benefits through automation, edge computing, and analytics.

Red Hat Edge

Red Hat Edge-powered modern compute solutions can assist enterprises in extending their open hybrid cloud to the edge. Red Hat Edge embodies the company’s effort to implement edge computing in the open hybrid cloud. Organizations have the freedom they need to design platforms that can adapt to rapidly changing market conditions and produce differentiated services thanks to Red Hat’s sizable and expanding community of partners and open methodology.

With Red Hat Edge, you can implement a layered-security strategy for better risk management on-premises, in the cloud, and at the edge. Red Hat Edge is made up of a portfolio of dependable enterprise open-source software, including Red Hat Enterprise Linux, Red Hat Ansible Automation Platform, and more.

Customers can create adaptable solutions: by implementing Red Hat Edge technologies, using Red Hat’s vast partner ecosystem and its range of open source platforms;

• delivering a modern infrastructure that is more scalable and security-focused, from the edge to the core to the cloud.
• overcoming edge computing’s difficulties and promoting creative use cases.
• avoiding vendor lock-in and creating a platform that is more sustainable.
• creating a flexible edge platform that can change to meet changing market demands.
• modifying for market circumstances and creating competitive advantages.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

One of two options exists when it comes to updating an existing code base: either start from scratch (basically building an entirely new application) or put in the effort to refactor your current code and configuration.

Rewriting is a major decision that depends on the enterprise’s resources, including time, skill, and budget. There will be another post in this series about feedback loops and opinionated workflows to assist drive product development, which may be of interest if there is a push to rewrite.

Changing an existing code base will be the main topic of this article.

By this time, the modernization effort’s desired future state has been identified. Moving away from an outdated Java version, for instance, or switching to a less expensive application server is a couple of examples.

The following two tactics, if the code is being updated, can be very advantageous regardless of the desired future state:

• Write tests and improve the testability of the code.
• A more container-friendly update to the code and configuration is needed.

These can be done in any sequence. It might be simple and non-breaking to make the code more container friendly. On the other hand, the code can be in a condition that makes it difficult to add test coverage (perhaps because it is manually tested). In this situation, getting the code running in a container environment for better feedback loops might make sense before making it more tested.

These strategies’ overarching objectives are:

1. Ensure that the code may be changed without impacting functionality.
2. To encourage innovation, make the apps more “feedback loop” friendly, which entails making it simpler to deploy and get feedback (logs and metrics)

Investigate these points carefully. Don’t worry if you are unfamiliar with containers; an explanation is provided below. Additionally, hopefully, some of the discussion points here will be useful if your modernization aim IS to move the code into containers (or at least reinforce your own project goals).

Simplifying: A method for enhancing the present situation

Refactoring: Improving the Design of Existing Code by Martin Fowler is the standard text on the subject. We advise everyone with an interest in this topic to read this book.

“Change made to the internal structure of software to make it easier to understand and cheaper to modify without changing the observable behavior,” Fowler, defines refactoring.

If done correctly, making a code base more testable and container-friendly will make the code simpler to comprehend and less expensive to modify. This is highly desirable since we have decided to modernize, or transition from the existing condition to a positive future one.

Code that is cleaner and more modular will result from the drive to make it more testable. This translates to code that is simpler to modify and simpler for new engineers to understand. Having test coverage means you can make changes and quickly determine in lower-level environments whether the changes have broken anything without the need for expensive manual testing teams.

Some recommended practices for making the code easier to read and deploy are also required to make the code container friendly (see 12FactorApp practices below). The application will be able to run on a container platform after the code is made container friendly, which opens the door to some intriguing operational options (which we’ll get into later) as well as enhanced feedback loops.

The importance of testing

Modernization entails change, and because the changes are being made to an existing application, verification is necessary to ensure that nothing is being broken by the changes.

One strategy is to put the refactored program into a lower-level environment and hire a large group of human testers to hammer it, reporting back on what functions and what doesn’t. This tactic’s disadvantages include cost, slowness, and time requirements. You also miss out on a ton of advantages that come with improving the test coverage of the code.

Testing is organized in a hierarchy, with each stage offering advantages. We put a lot of emphasis on developing unit tests in these articles. These tests were created by the developers as part of the code base and can be self-executed during the build phase.

Mocking can help deal with entanglement

We strongly believe that any functionality involved with the operations of downstream services should be mocked. If you’re unfamiliar with the word “mocking,” it refers to the process of simulating an external reliance to test our classes and functions by creating objects that behave like the external dependency.

As much as possible, third-party dependencies should be mocked in the self-running test cases when they exist. Teams writing tests will have a lot of flexibility as a result.

We once got into a disagreement with someone who insisted that a database be spun up to run test suites against while creating an artifact for an application. They suggested that the application shouldn’t be created if there was a problem with the database logic. Putting efficiency aside, it makes sense why this person would be worried. However, their sense of assurance regarding a functioning test could be unfounded unless the database they were testing against was an exact duplicate of the one in use. Not to add, should the database it tests against experience problems, the build may become unstable. There is a situation where an external service can be incorporated into the test, but before introducing this, let’s talk about mocking.

The database can still blow up even if you mock every aspect of downstream service activities, including simulating both desirable and undesirable outputs; however, if you have done your mocking and testing correctly, you will at least know your code can manage it.

For this, initiatives like Mockito are especially useful. They offer simple ways to capture your logic and return when used with a framework like the Spring Framework or Quarkus.

• anticipated outcomes to examine the happy route,
• test the unhappy path using inaccurate data, and
• To test error handling and logging, use errors rather than outcomes.

To make sure that specific components are being called to run at the appropriate times, you can spy on them. Your tests can become portable and effective via mocking. To mock all the positive and negative answers from a third-party service, though, might be a lot of work.

Test Containers are a good middle ground between mocking and testing against a service. A lightweight, disposable instance of popular databases, Selenium web browsers, or anything else that can run in a Docker container is provided by the project, according to the developers, which characterizes it as a “Java library that enables JUnit tests.”

To put it simply, this means that you can quickly have a JUnit test start a container with an instance of a database or cache that is under your control, allowing you to configure it with a good (or poor) state depending on what you are wanting to test.

In terms of container administration and access to/from the service, the Test Containers team has pretty well-considered everything. Even components from current databases, caches, message brokers, and modes are included in test containers. The only requirement is that you create your application using Maven or Gradle. and your test framework should be JUnit or Spock.

Of course, creating mocks is easier said than done if your code base lacks tests or makes no use of Maven or Gradle. In a subsequent article where we cover certain testing techniques, we will return to this.

Code that is friendly to containers: Using the “Twelve-Factor App” approach

Making our code more container friendly is our second aim. As was already mentioned, your modernization project’s final goal may be to get the code base into containers. Then you can skip this part. The following lists some benefits that switching to containers will bring to any code base that will be changing, though, if it’s not already the case.

More “container-friendly” apps are typically simpler to deploy. As a result, you may launch a working version of the application rapidly, which is useful for testing functionality and gathering user feedback. The application can use a Kubernetes platform to truly supercharge our development feedback loop once it can launch and run in a container.

A Kubernetes platform (like Red Hat Openshift) significantly enhances both your ability to deploy and monitor the deployment because many of these systems offer simple workflows for obtaining logs and metrics. In response, we’ll go into greater detail about feedback loops and securely changing software.

The Twelve-Factor App is a highly helpful construction strategy for adaptable software. These guidelines can help developers create code that works in every environment (including containers).

In a later article, we’ll go into more depth about the Twelve-Factor App’s very helpful features. It should be noted, nevertheless, that attempting to adhere to all twelve principles is impracticable, particularly when dealing with old code. If you follow the factors closely enough, you can iterate on both the product and operations cycles and bring your application closer to its ideal state.

For instance, getting the application to deploy and run in the container, with some observability around it, may be sufficient if the goal is to make the code container-friendly so it can run in a Kubernetes distribution. Only a couple of the twelve factors are necessary to do this. As previously indicated, we’ll go into more detail about this in a later blog article.

After reviewing the Twelve-Factor App methodology, testing choices, and containers, you now have some helpful approaches to employ as you begin your project. Your work’s essence is beginning to take shape. But before you start, make sure that the crew has the necessary equipment so that it can function efficiently. The main topic of my upcoming article will be this.

Friendly blockers for containers: Tight coupling to middleware

A code base may occasionally be inextricably linked to middleware or unfriendly container service. For instance, you might discover that your code base contains annotations that connect it to that application server when pursuing a modernization target to get rid of an Enterprise Java application server that is too expensive. Through refactoring, simple issues can be resolved, such as the application server being utilized for connection pooling to a database or for accessing JNDI. However, it might be more difficult to separate from things like message-driven beans (MDB).

Here, the advice from our earlier post on choosing the best patterns to start with can be important in ensuring project success early on while also avoiding wasting valuable resources on tasks that cannot be completed in a timely way (or at all).

What about containers?

Applications can be packaged and isolated with their whole runtime environment—all required files—using Linux container technology. This facilitates switching between environments (dev, test, production, etc.) for the confined program while maintaining all of its capabilities simple.

Moving code to operate in containers can be viewed as a modernization objective because it makes Kubernetes-based container platforms, such as Red Hat OpenShift, more accessible. Teams working on modernization projects can benefit greatly from container platforms.

A brief overview of containers

Docker makes it easier

When Docker first appeared in 2013, it offered a quick and effective approach to controlling how the container environment is configured before an application runs there. The necessary tools for the majority of software projects now include Dockerfiles and image repositories like Dockerhub, which describe what should be included in the Linux image and how it should be generated.

Containers versus Virtual Machines

Containers offer the advantage of being able to fit more resources into a single host machine without the expense of the hypervisor and guest OS, unlike virtual machines (VMs), which need to be managed by a hypervisor and require an operating system (OS) to be set up before being useable.

Container orchestration platforms

Compared to VMs, containers are less dependable since they might fail or their host OS might crash, which would wipe out all the containers the host OS had created.

Numerous container-provisioning platforms have been developed to manage all the efforts involved in keeping container workloads up and running and controlling the traffic in and out to deal with the transient nature of containers. Red Hat OpenShift, Azure Kubernetes Service (AKS), and Google Kubernetes Engine are some examples of applications built on the Kubernetes project (GKE). Google Cloud Run and Amazon Elastic Container Service are alternatives to Kubernetes (ECS).

How do containers affect development?

Containers are transient. They can be scaled up, resulting in the sudden availability of three instances of the same task (each executing in a separate container), and they can be transferred from one resource pool to another to meet needs for redundancy.

This makes it extremely challenging, if not impossible, to get a program to run by manually carrying out a set of procedures (as might be done with apps running in a VM).

Additionally, some middleware that an application needs (such as specific application servers) could not function properly in a container. The Twelve-Factor App was developed as a set of guidelines for a development team to follow to assist in creating applications that will succeed in such an environment.

Stay focused on the goal

Here, we’ve talked about a few broad goals that can make a code base more adaptable. However, there is a trap in this place. Failure could come from a test coverage-heavy approach or an excessive rotation of the Twelve Factors. Ultimately, however how attractive passing tests may seem, the application needs to be moved toward the desired state (proving out the value promised).

The Project Lead will have to balance these high ideals with the practical effort required to advance the application to the intended future state. Putting together the correct team is important because it may not be simple.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com