Embrace DevOps innovation to modernize legacy applications

DevOps isn’t just for greenfield applications, and the way some enterprises modernize their older applications…

could actually put them ahead of the industry’s IT transformation curve.

For established enterprises that date back more than a century, such as Boston-based John Hancock, a different team manages the process to modernize legacy applications than the one that handles cloud-native apps, and both teams face different constraints.

This is also true for newer companies, such as Carfax, an automotive e-commerce service provider based in Centreville, Va., which was founded in 1984. Carfax must still teach old tools new tricks to streamline data management for legacy apps.

“I call our legacy DevOps philosophy the Statue of Liberty approach,” said Kurt Straube, systems director at John Hancock, who leads the IT teams responsible for the company’s legacy application modernization. “On the Statue of Liberty, it says, ‘Bring me your tired, your poor …’ And we say, ‘Bring me your old, unsupported, third-party-based legacy apps, and we will modernize them in short order, for short money.'”

While the apps themselves are old and even unsupported by vendors, such as those based on Microsoft’s .NET 3.5, their modernization requires innovative DevOps tools that support stateful and data-intensive applications. Here, Straube’s teams experiment with smaller vendors whose tools may not have widespread use, balance investment in a modernization project against a legacy app’s worth, and work within numerous regulatory compliance and security constraints.

Those restrictions mean Straube can’t simply integrate with the same DevOps infrastructure automation platforms used for cloud-native apps, such as the Pivotal Container Service.

“You know what it would cost to convert our legacy apps over to Pivotal and how long it would take?” Straube said. “You’d probably be looking at a billion dollars, and it’s not nearly worth that, so we don’t build a conventional pipeline.”

Back to the DevOps future with legacy apps

Legacy Microsoft SQL Server databases are a microcosm of the overall approach to modernize legacy applications at John Hancock, Straube said. The company uses WinDocks’ database containerization tools to migrate legacy database systems — some more than 10 years old — to Microsoft Azure.

John Hancock DevOps evolution
A slide shows the evolution of DevOps for legacy systems at John Hancock.

So far, that work shows promise. John Hancock’s test data management team has used WinDocks to quickly spin up containerized SQL Server databases along with masked versions of their data — the first step toward the creation of self-service automation for the legacy SQL Server test environment. WinDocks’ price also beat out similar tools from competitors such as Redgate, as well as more elaborate container management platforms, such as Red Hat OpenShift.

However, Straube’s team must negotiate compliance and security constraints before WinDocks becomes part of the day-to-day DevOps process for legacy SQL Server applications. Straube’s team just learned it needs to have a firewall rule for every developer laptop, which sent them back to the drawing board on WinDocks integration.

“It would be a whole different story [in an organization] with no rules or regulations, but we’re anything but that,” Straube said. “I earn a living by finding creative ways to get things done in a highly regulated, constrained environment … that’s what I do.”

Despite the constraints on its approach to modernize legacy applications, Straube’s team has incorporated 128 legacy applications into its continuous integration pipelines for test and development. Developers made 1,350 deployments of those applications to production and more than 30,000 deployments to nonproduction environments in the second quarter of 2018 alone. His organization also has broad latitude to choose the CI/CD tools best suited to each application, while XebiaLabs and Tasktop tools optimize their pipelines’ performance and tie them together.

I call our legacy DevOps philosophy the Statue of Liberty approach … ‘Bring me your old, unsupported, third-party-based legacy apps, and we will modernize them in short order, for short money.’
Kurt Straubesystems director, John Hancock

“Depending on how legacy your [app] is, you’re actually going to be at the bleeding edge with some of this stuff,” Straube said.

Some vendors may do IBM DB2 management with DevOps products, for example, but may be new to the space, and their tools may not always work as anticipated. “You have to fail fast,” he added.

DevOps is all about collaboration, but Straube said he doubts that DevOps pipelines for legacy and cloud-native apps will ever merge; the systems that service them are already too different, and he said he doubts legacy apps will be automatically deployed to production. But, eventually, today’s greenfield apps will become legacy, and Straube’s teams will be ready to support them.

In the meantime, Straube advised other enterprise IT pros who plan approaches to modernize legacy applications to get buy-in from upper management, and then “be prepared to roll up your sleeves and do stuff that’s not so sexy, the stuff no one else is looking at,” he said.

John Hancock XebiaLabs DR
XebiaLabs’ XL Release tool modernized disaster recovery for John Hancock legacy apps.

Legacy tool interface update modernizes Carfax data management

For companies with technical debt, their approach to modernize legacy apps may also require changes to DevOps pipeline tools and those who use them.

Carfax has used BMC’s Control-M data management tool for more than 15 years and helped to design and test a jobs-as-code interface added to the tool last year. Application developers use the jobs-as-code interface to describe and automate the process of data transfers among various systems in the environment before they deploy apps, which was a manual process that slowed DevOps.

Carfax had job schedulers on duty 24/7 to manually download files to the corporate network and notify database admins (DBAs) to load the data in those files into systems such as MySQL databases and Salesforce customer relationship management. Now, developers automate those workflows.

“Nobody needs to be staring at a screen, watching email and moving files anymore,” said Robert Stinnett, automation engineer for Carfax. “Nowadays, I’m doing stuff that can help drive us forward as a company.”

Stinnett is a good example of how Carfax changed its IT operations roles as DevOps processes and tools matured. When he started with Carfax 15 years ago, Stinnett’s job description for the company’s mainframe systems was to watch email, download files and notify DBAs.

Then, as Control-M automated data transfer processes in earlier versions, Stinnett designed those data workflows on developers’ behalf. Now, he trains those developers to use Control-M jobs-as-code and directs them to Control-M’s GitHub-based sandbox environment to design their own automated workflows. This frees him to explore more strategic work, such as a potential integration between on-premises Control-M, its cloud equivalent in the AWS Batch service and how to tie those services together with AWS Lambda.

Still, while BMC has modernized products such as Control-M the last two years, Stinnett acknowledged it doesn’t have a hot reputation in bleeding-edge DevOps circles. He said he hopes BMC will create a SaaS version of Control-M to capture cloud users and cloud data, which will also come in handy as Carfax moves to AWS.

BMC confirmed it doesn’t have a SaaS version of Control-M yet, but declined to comment on whether such an offering might be on the product’s roadmap.

For Sale – Lenovo IdeaCentre Y710 Cube Gaming Pc i5-6400 Gtx 1070

Discussion in ‘Desktop Computer Classifieds‘ started by hums60, Sep 28, 2018.

  1. hums60

    Active Member

    Joined:
    Apr 6, 2006
    Messages:
    1,513
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    51
    Ratings:
    +91

    Lenovo Y710 Cube Gaming Pc
    Bought from laptops direct on 1st March this year
    So Still under warranty

    link to exact model

    Lenovo IdeaCentre Y710 Cube-15ISH Core i5-6400 8GB 1TB GeForce GTX 1070 Windows 10 Gaming Desktop – Laptops Direct

    Compact and very good looking gaming pc
    i5 6400
    8Gb Ram
    1tb Hdd
    Gtx 1070
    Lenovo keyboard and mouse
    original box
    Never had any problems with it
    Prefer collection due to size/weight/value
    But will post at cost

    Price and currency: 799
    Delivery: Delivery cost is not included
    Payment method: cash on collection or BT
    Location: sandbach
    Advertised elsewhere?: Advertised elsewhere
    Prefer goods collected?: I prefer the goods to be collected

    ______________________________________________________
    This message is automatically inserted in all classifieds forum threads.
    By replying to this thread you agree to abide by the trading rules detailed here.
    Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

    • Landline telephone number. Make a call to check out the area code and number are correct, too
    • Name and address including postcode
    • Valid e-mail address

    DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

  2. hamez101

    hamez101

    Novice Member

    Joined:
    Sep 27, 2018
    Messages:
    23
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    3
    Location:
    Scotland
    Ratings:
    +2

    anything else?

  3. hums60

    Active Member

    Joined:
    Apr 6, 2006
    Messages:
    1,513
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    51
    Ratings:
    +91

    Anything else in what way ?

  4. hamez101

    hamez101

    Novice Member

    Joined:
    Sep 27, 2018
    Messages:
    23
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    3
    Location:
    Scotland
    Ratings:
    +2

    somthing at a smaller budget

  5. hums60

    Active Member

    Joined:
    Apr 6, 2006
    Messages:
    1,513
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    51
    Ratings:
    +91

    No sorry just this

Share This Page

Loading…

Bevy of Microsoft containers range from cloud to captive workloads

We’ve had waves of container technology: FreeBSD jails, Linux-VServer, OpenVZ, cgroups/process containers, LXC…

and Docker. The common theme is these process isolation options grow among the Linux crowd — but where’s Windows?

The open source community typically steams full-force into new technology, while Microsoft traditionally moves slowly. After all, in 2001, then-CEO Steve Ballmer called Linux a cancer. From that statement alone, it’s clear what mindset Microsoft had toward open source technology. Never before have administrators had the ability to containerize their Microsoft stack. With Satya Nadella as CEO, Microsoft is finally beginning to embrace open source — notably, containers.

Microsoft containers cover a gamut of deployment types: Hyper-V containers and Windows Server containers, as well as the company’s native support of Docker containers, and container services in Azure through Azure Kubernetes Service (AKS) and Azure Container Registry. The company natively supports Docker containers in multiple ways.

Microsoft container features for Windows

Linux containers cannot run on Windows and vice versa, a limitation that can be lost on Microsoft container adoptees in the cross-platform hype. Containers are an isolation technology, not a virtualization one. As such, they share some components with the host. Due to the architectural differences between the two OSes, multi-OS containerization isn’t possible.

Docker sidesteps the Windows/Linux container conundrum via a lightweight Hyper-V VM to make it seem as though a Linux container is running natively on Windows.

Docker sidesteps the Windows/Linux container conundrum via a lightweight Hyper-V VM to make it seem as though a Linux container is running natively on Windows.

Hyper-V containers offer more isolation than standard application containers, so evaluate them for security on Windows hosts. Hyper-V containers use Microsoft’s Hyper-V virtualization technology in the back end to set up lightweight VMs in their own namespace. Due to their virtualization requirement, Hyper-V containers are slower than Windows Server containers, but security is better.

For an experience more comparable to Linux containers, consider Windows Server containers. Microsoft implemented this container technology with Windows Server 2016. Windows containers are faster than Hyper-V containers because they shed hardware virtualization and run Windows Server images. Windows and Linux containers are technically the same, in the sense that they both use the host’s kernel and deploy as a wrapper around a container image. Organizations with diverse container and OS deployments should benefit from Microsoft containers’ roadmap with Docker, including native Docker support. Microsoft worked closely with Docker while building container features for Windows Server 2016, which made Windows and Hyper-V containers first-class Docker citizens alongside Linux. The Docker command-line interface (CLI) works across Windows and Linux containers as well.

Azure containers and Kubernetes

Microsoft initially built a competitor to Kubernetes, the widely used container orchestration technology, with Azure Service Fabric. However, AKS marks Microsoft’s all-in support for Kubernetes. The service, which is essentially an Azure-hosted Kubernetes deployment, evolved from customer feedback on Microsoft’s Kubernetes support on Azure Container Service.

IT organizations that use Docker and Azure can host private Docker registries within the cloud on Azure Container Registry. Cloud-hosted container images benefit from low latency via region selection and replicated registries across regions for high availability.

Azure Container Registry also natively supports the Docker CLI. Linux administrators accustomed to managing containers via Docker will have the same experience when they use Azure Container Registry.

Microsoft containers in the cloud do not have to run with AKS. The company also offers native Azure Container Instances, which Azure subscribers can manage via any appropriate tooling, such as Docker or Kubernetes.

Microsoft shops shouldn’t see containers as a barrier to advanced IT. Instead, evaluate the Microsoft container roadmap, and select products that fit your app architecture and deployment strategy.

October Patch Tuesday grounds JET Database Engine flaw

Despite a relatively light patching workload, admins should button up a zero-day exploit and publicly disclosed vulnerability corrected with the October Patch Tuesday security updates.

To exploit the zero-day vulnerability (CVE-2018-8453), an attacker needs to log in to the Windows system first then run a specially crafted application that uses a bug in the Win32k component to properly handle objects in memory. The attacker can then run code in kernel mode to perform various tasks, such as create accounts with full user rights, install programs or view data. The flaw affects all supported versions of Windows, including Windows Server 2019. The vulnerability is rated important and was discovered by Kaspersky Lab, an endpoint protection platform.

Microsoft fixed a publicly disclosed remote code execution vulnerability (CVE-2018-8423), also rated important, in all supported Windows operating systems. An attacker could take control of the targeted system if a user opened a specially crafted Microsoft JET Database Engine file. Microsoft credits the vulnerability’s discovery to Steven Seeley of Source Incite and Lucas Leong with Trend Micro’s Zero Day Initiative.

Prioritize workstation patches and hold off on Windows 10 update

This October Patch Tuesday, Microsoft patched 23 CVEs for Windows, including browser, scripting engine patches and two Hyper-V remote code execution vulnerabilities.

“The workstation patches should take precedence, namely the browser, scripting engine and Hyper-V ones,” said Animesh Jain, product manager of VM signatures at Qualys in Foster City, Calif. “About nine CVEs need to be fixed for browsers, so we need to have all of them applied on the system.”

The critical Hyper-V remote code execution vulnerabilities (CVE-2018-8489 and CVE-2018-8490) would allow an attacker to run arbitrary code on the host operating system by running a specially crafted application on the guest operating system. Microsoft resolved these by fixing Hyper-V’s validation of user input on the guest operating systems.

Microsoft released Windows 10 version 1809 on Oct. 2, but pulled it four days later due to a major flaw in the operating system update that deleted files in various user folders, such as Documents and Pictures. Rolling back the version does not return any files. Microsoft is still working to rerelease the version.

“How did this possibly get through Microsoft’s QA program? It was such a big issue … [and] they have the Insider program as well,” said Todd Schell, product manager at Ivanti, an IT security company in South Jordan, Utah.

Old patches may not be reliable

Microsoft also alerted administrators to a potential issue when applying certain security updates for Exchange Server 2013 and 2016 in Microsoft Knowledge Base article 4459266. The patches might not have corrected all affected files if IT workers manually installed the patches when not using an administrator account.

Microsoft also alerted administrators to a potential issue when applying certain security updates for Exchange Server 2013 and 2016 in Microsoft Knowledge Base article 4459266.

Microsoft said the issue does not occur when installing the update from Microsoft Update. IT workers can also run the latest security update file as an administrator.

Microsoft initially released a patch for a remote code execution (CVE-2010-3190) in 2010, but issued updated information about it in Knowledge Base article 4459266. An attacker could take control of a system with full privileges and install programs, create new accounts or change data through a vulnerability in the way applications built in Microsoft Foundation Classes handle DLL files.

Other CVEs included in the article refer to an elevation of privilege flaw (CVE-2018-8448) and remote code execution vulnerability (CVE-2018-8265).

GRU indictment accuses 7 Russians in global cyberattacks

Officials in the U.S., Canada, U.K. and the Netherlands formally accused seven officers of Russia’s GRU military intelligence agency with cyberattacks targeting individuals and organizations involved in international anti-doping efforts.

The GRU indictment from the U.S. Department of Justice (DOJ) charged Aleksei Sergeyevich Morenets, Evgenii Mikhaylovich Serebriakov, Ivan Sergeyevich Yermakov, Artem Andreyevich Malyshev, Dmitriy Sergeyevich Badin, Oleg Mikhaylovich Sotnikov and Alexey Valerevich Minin with computer hacking, wire fraud, aggravated identity theft and money laundering. The DOJ noted that although the Special Counsel investigation did not lead to this GRU indictment, three of the seven men were also named in a previous indictment by Robert Mueller.

The GRU indictment stated the attacks began “in or around December 2014 and continuing until at least May 2018, the conspiracy conducted persistent and sophisticated computer intrusions affecting U.S. persons, corporate entities, international organizations, and their respective employees located around the world, based on their strategic interest to the Russian government.”

The GRU officers were named as part of the advanced persistent threat group known as “Fancy Bear,” which has previously been labeled as a Kremlin hacking team. The GRU indictment claimed the officers attempted to “draw media attention to the leaks through a proactive outreach campaign,” including exchanging “emails and private messages with approximately 186 reporters in an apparent attempt to amplify the exposure and effect of their message.”

The GRU indictment alleged the officers attacked the World Anti-Doping Agency (WADA) and nearly 40 other anti-doping agencies or sporting organizations to obtain “non-public, personal health information about athletes” and Assistant Attorney General for National Security John Demers said in a statement the aim was to leak the athlete data and “undermine those organizations’ efforts to ensure the integrity of the Olympic and other games.”

Jeremy Hunt, foreign secretary for the U.K., called the GRU attacks “reckless and indiscriminate.”

“They try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens,” Hunt said in a statement. “This pattern of behavior demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences.”

Some experts claimed the GRU indictment may not lead to any real-world impact because some of the officers charged are in Russia and will likely never stand trial. However, Dmitri Alperovitch, co-founder and CTO of CrowdStrike, disagreed with that line of thinking on Twitter.

Phil Neray, vice president of industrial cybersecurity at CyberX, based in Boston, noted that the GRU indictment went beyond the sporting agency attacks.

“Almost buried in the indictment is a description of how the GRU hacked Pittsburgh-based Westinghouse, whose power plant designs are used in about half of the world’s nuclear power plants. One of the motivations for this attack would be to steal sensitive design information about industrial control systems so that Russian threat actors could further compromise critical infrastructure in the West,” Neray wrote via email. “This is pretty sobering, especially when you realize that the GRU is also responsible for unleashing NotPetya on the world, a destructive worm which has been called the most devastating cyberattack in history.”

For Sale – 2x eMachines ER1401

Hi….

I have 2x eMachines ER1401 for sale. They are in good condition, a few scratches on the case due to their age. Everything working fine. They come with the power supply only.

Specs:

1.3 GHz AMD Athlon II Neo Processor K325
nVidia nForce 9200 Chipset
250GB 5400rpm SATA hard drive
Multi-in-One Digital Media Card Reader: MultiMediaCard, Secure Digital Card, Memory Stick, xDPicture Card
10/100/1000 Gigabit Ethernet LAN (RJ-45 port), integrated 802.11b/g/n wireless

£40 each.

Will sort pictures out if there is any interest in them. Thanks for looking.

Price and currency: £40 each
Delivery: Delivery cost is included within my country
Payment method: PPG or BT
Location: Liverpool
Advertised elsewhere?: advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.