posts

Faster time to market with Liberica JDK and best DevOps practices

figure
Jul 13, 2022
Dmitry Chuyko

How to reduce software release cycles with Liberica JDK and DevOps

In modern software development, faster time to market defines a company’s success. Imagine you spend three years developing a perfect application with top-notch features and enhanced security, with every possible bug tested for and eliminated, and then your competitors launch a similar product, even several ones!

Let’s reverse the situation: you’ve managed to speed things up (making your Dev and Ops teams arch enemies in the process) and launch a one-of-a-kind app. But your “high-end” product turned out to be a failure because it lacks a user-friendly interface or crashes every time a user pushes the wrong button.

How can you accelerate development without sacrificing the quality or security? How can you break a deadlock of blame-shifting between teams and make them work towards the same goal? How can you choose the right tools to increase the efficiency of deployment and reduce expenses—simultaneously?

In this article, you will learn how to:

  • Go from shipping a product once in three years to once in three weeks
  • Provide product quality and security at all development stages: from code writing to production
  • Transform the mindset of your teams to collaboration instead of rivalry
  • Use Java technologies to speed up the deployment, enhance the security of your app, and reduce the TCO
  1. In the beginning there was Agile
  2. “Production first” mindset
  3. “Shift left” approach
    1. Quality testing
    2. Security monitoring
  4. Express delivery with Liberica JDK containers
  5. Conclusion

In the beginning there was Agile

We are used to thinking that agile development is an indispensable component of DevOps. It is true, but you may be surprised to hear that you should start thinking about DevOps implementation only when you are already good at agile development. Why? Because agile development guarantees that you have a high-quality product ready to be shipped. A bad product delivered fast is still a bad product! You don’t want to lose the trust of your customers, so think about the quality before accelerating time to market.

The fundamental principles of Agile methodology were expressed in the Manifesto for Agile Software Development:

  • Individuals and interactions over processes and tools. If your team doesn’t understand why they have to integrate changes into their workflow, they will be useless. Explain to them the benefits of CI/CD and the importance of delivering value to the end-users. Listen to their concerns and offer solutions, and they will be more willing to follow the new practices.
  • Working software over comprehensive documentation. Product documentation is necessary for people to understand how your software actually works, but it doesn’t substitute the real application. Focus on creating the former one and write the documentation on the sidelines.
  • Customer collaboration over contract negotiation. Think of your customers as your partners. Their success is your success. The moment you adopt this attitude, you will start treating the development process differently. Designing more intuitive and user-friendly software is difficult, but you only have to do it once, whereas the customers have to pay the price for your laziness every time they use your product.
  • Responding to change over following a plan. Agile development is all about flexibility. Don’t be afraid to introduce changes into the project plan to react to the shifts in technologies, environment, or customers’ needs. Even if you have to substitute the Product Manager who doesn’t grasp the stakeholders’ needs and find a person with a clear vision — do that! It won’t be long before you see the improvements.

If you implement the above methods correctly, you will naturally come to shipping incremental releases every 1—4 weeks based on the feedback from the users.

“Production first” mindset

Classic software development model is based on the waterfall methodology. In this model, the process of building a product is broken into sequential phases: analysis, design, implementation, and testing. The team must conduct a thorough research, document all the features in advance, and follow the backlog strictly, bringing one stage to an end before moving on to the next one. The waterfall model enables the company to deliver high-quality software, but the problem lies in its inflexibility. For example, a team has been working on a big lump of software for nine months: writing the code, adding new features, and getting to the bottom of the product log. At some point, they were code-complete and ready to ship. However, it turned out that they had another high mountain to climb, i.e. to deploy the code into production. As nobody thought about production beforehand, the team faced a bunch of problems:

  • The security features were not in place, and some vulnerabilities sneaked into the finished product
  • The application wasn’t scaled in such a way to fit into the existing infrastructure
  • There was no understanding of how to deliver a product to end users

If the team had thought about delivery before writing a single line of code, they would have the idea of fitting the app into the infrastructure and getting it into production.

The idea behind the “production first” mindset is to think the entire pipeline through before starting the work on the application!

Start with writing the infrastructure as code (IaC) files. IaC is a powerful instrument that

  • Facilitates the creation of temporary environments that can be built, used, destroyed, and rebuilt as needed, thus saving your company a tremendous amount of money
  • Enables the process automation and, as a result, takes the responsibility off a single engineer. Imagine that a person in charge of providing the environment got sick or is on vacation, meaning the product shipment is delayed. With IaC, the process of VM provision and thus the product deployment can be automated
  • Aids in disaster recovery. If your deployment is automated and IaC is in place, you can simply run another pipeline instead of a crashed one by changing a couple of parameters, so your infrastructure, including your application, will be back in a matter of seconds

Lay down the IaC pipeline from repository to production before starting to design the application. This way, the developers will already know the infrastructure capacity and the environment and build the product accordingly.

In addition, this mindset eliminates the rigidity of the waterfall model as the very first commit made by a developer starts moving down the pipeline towards production. After that, you simply add value on top of value without worrying about the delivery process, having already created the road to production.

“Shift left” approach

Product quality and security is every developer’s responsibility! Shifting left in software development means switching convictions like this:

Taking responsibility is worth it!

If your developers don’t think about quality and security, their code becomes very brittle and difficult to change if problems are identified later. On the other hand, engineers who have to test their code themselves are more attentive to possible weak spots. It helps them avoid constructions like nested if-statements and stick to a shortcut logic, which is easier to test.

Below you will find out what tests to integrate into the developers’ routine work.

Quality testing

There are three major test categories aimed at evaluating the product quality:

  • Unit tests protect the developers from the mistakes they would otherwise make. They are like an insurance policy. Nobody thinks about them while everything runs smoothly. And then, when a critical bug escapes into production and sets a company back hundreds or millions of dollars, it is too late to regret not having written unit tests.
  • Integration tests make sure that software modules interact correctly. Even though a testing team performs them, developers should keep them in mind and make their colleagues’ life easier by monitoring the code and throwing errors as close to the problem as possible. In this case, issues are easier to troubleshoot.
  • Load and performance tests enable you to analyze how the app behaves under load and whether it satisfies the customers’ needs. In addition, these tests ensure that the application performs well under different conditions and in different environments/OS.

In short, the above tests measure different data but with one purpose: to verify the top quality and performance of the product in accordance with the stakeholders’ requirements.

BellSoft implements the following testing procedures as part of Liberica JDK QA/QC:

  1. Technology Compatibility Kit (TCK) testing
  2. Functional and regression OpenJDK testing
  3. Proof-of-concept (PoC) exploits as part of security evaluation
  4. Benchmark testing

These tests aim to demonstrate that our distribution is compliant with Java SE standards, free from security issues, and performant.

Security monitoring

Security monitoring is just as important as quality validation, if not more. A feature that doesn’t function correctly is bad. Stolen data is a catastrophe. Ensure the security of a product from the ground up, from the repository on the developer’s PC and all the way into post-production.

  1. Start with the machines. Ensure that the PCs have a two-factor authentication, encrypted hard drive, and a VPN. This way, it will be extremely difficult to get the data from the computer.
  2. Scan code, IaC, and containers for vulnerabilities. Security scanning can be performed manually, but it is better to use vulnerability scanners that enable the developers to automate the process and receive timely security notifications.
  3. Ensure post-production safety monitoring and integrate security patches as soon as possible. For instance, at BellSoft, we follow the practice of quarterly CPUs (updates with only critical patches) for LTS releases and the OpenJDK release cycle keeping Liberica JDK safe at all times.

Using a unified Java runtime from a trusted vendor will also benefit the safety of your development. Bellsoft is fully responsible for Liberica JDK. Apart from CPUs, we provide hotfixes for our clients and integrate the changes into the main OpenJDK branch to be available to everyone. Moreover, BellSoft is a member of the OpenJDK Vulnerability Group and Java Community Process Committee, which means that your runtime is free from common vulnerabilities.

Express delivery with Liberica JDK containers

In our previous article How to make Java the DevOps best friend, we discussed the benefits of a good JDK for DevOps practices. Here, we will focus on one particular topic, the containers.

So you laid down the express pipeline; now it’s time to think about shipping the app into the virtual environment for testing or production. Let’s be honest: a smooth modern highway is useless if you use carts and donkeys to travel on it.

Good containers are like race cars: fast, secure, and carry significant potential under the hood. Besides, the smaller the container, the fewer resources it consumes, which is directly proportional to costs in cloud development. Moreover, every day developers perform multiple push and pull operations, whether to test a code or send it into production. Waiting for 30 seconds for a container to load would drive anyone mad!

BellSoft keeps up to date with the latest trends. We were one of the first vendors to understand that containerization is the future of the IT industry which is why we focused on developing small and performant containers.

  • Bellsoft’s smallest container based on the lightweight Alpine Linux weighs only 42,72 MB, so the pull/push time is significantly reduced. Besides, you can deploy numerous containers even if your cloud resources are limited and thus decrease overall costs.
  • We have three Liberica JDK flavors: Full, Standard, and Lite. The Lite version is a full-fledged Java SE compatible runtime optimized for dense cloud deployments.
  • To minimize resource consumption and static footprint, even more, we created Liberica Native Image Kit. This tool allows you to create seamless multilingual projects and reduce the startup time to 1/10 second!
  • BellSoft containers are always up-to-date in terms of security, so you don’t have to worry about downloading a container with an outdated JDK or known vulnerabilities.

Truth to be told, Alpine Linux is good for reducing container size, but its developers didn’t have Java in mind when creating it. You would benefit even more from the OS designed specifically for Java deployment. But is there such a system?

The answer is: yes! BellSoft has created a perfect solution for Java developers — the only Linux tailor-made for Java. It is even smaller than Alpine, but comes with

  • Enhanced security
  • Optimized performance
  • LTS support
  • Utilities for Java development

Our OS will bring the Java experience at your company to a new level. Coupled with Liberica Lite and Native Image Kit, it represents an end-to-end solution for cost-efficient and smooth development and deployment of cloud-native applications. It will be released soon, so subscribe to our newsletter so as not to miss the news!

Conclusion

As you can see, accelerating time to market is not about working after hours and loading developers with tasks up to the eyebrows. It is about thinking in advance, being flexible, sharing responsibility, and using the right technologies to boost the performance and security CI/CD pipeline. And remember: your ultimate goal is to generate value. Build your corporate culture around this concept, and receive appreciation from your team, partners, and customers.

At BellSoft, we are committed to helping you achieve better outcomes. Discover our products aimed at helping you reduce expenses, free the time of your developers, and enhance corporate DevOps practices:

  • Liberica JDK is a unified Java runtime with the widest range of supported platforms on the market
  • High-Powered Support that delivers fixes within 24 hours based on SLA and costs five time less than that of Oracle’s
  • Liberica Administration Center is a tool that enables you to automate monitoring and updates of all Java runtimes within your Windows PC fleet
  • Liberica Native Image Kit is perfect for creating microservices as it supports multiple languages and configurations and optimizes RAM consumption
posts
Alpaquita vs Alpine: a head-to-head comparison
figure
Nov 10, 2022
Dmitry Chuyko
shorts
Critical vulnerabilities in OpenSSL 3.0
Nov 11, 2022
Sergey Chernyshev

Find out about the newest CVEs discovered in OpenSSL 3.0 and how to eliminate the risk of exploits

Subcribe to our newsletter

figure

Read the industry news, receive solutions to your problems, and find the ways to save money.