Our scheduled topic was supply chains generally, but the Log4Shell vulnerability dominated the discussion. We dove into the challenge of patching and fixing a library that is literally in nearly every device or service for years and years.
That led us to supply chains in the context of software, and specifically Java Log4j. This is a critical topic and our conversation about it was very thoughtful. We really covered the angles of what it takes to produce and maintain a supply chain for software. Then we discussed alternatives and things to consider when you building anything: software products or physical products in which embedded systems and components impact your designs.
We discussed the Amazon outage of December 7. Instead of simply blaming Amazon, we went looking for how the outage impacted people globally. We considered how hyper scalars are being treated and how these outages can be avoided or understood. We focused on who is impacted and what companies who are building on top of Cloud providers can do going forward.
We really took a classic Cloud 2030 approach for a very important and timely topic. Enjoy our discussion about the business impacts, understanding of the market and forward looking approach.
What is platform engineering? And why is it necessary and how to make it work compared to DevOps.
In this conversation, we really hit on the challenges of creating automation teams for building automation in scalable ways. Frustratingly, we never really came up with a particularly good answer to “what is a platform team” and why you should care. Strangely, your organization is probably building one.
Today we talked about supply chains, but mainly security and the security aspects of supply chains because we have a very serious challenges here.
We have made software and on boarding software for developers so easy, but haven’t put the same efforts in how to manage production systems! The team really talked about what it takes to build production systems that respect security, supply chains, dependency graphs, and inclusion in a way that cross teams.
It’s an incredibly important topic, and it is the foundation of any successful supply chain hardening effort.
Serverless at the edge, part one. This is a dynamic and engaged conversation with key questions like:
What is serverless? Do we need serverless? How is edge serverless different than cloud serverless?
We see edge environments as collecting data from sensors that needs to be heterogeneous, multi vendor, dynamic and centralized. But where centralized?
I think that the serverless aspect of this really drives home the idea that we need to be able to make small, quick, easy updates into an edge environment into a sensor environment. But how we accomplish that is still to be defined.
We explored Operations Value mapping. This lead to an a very interesting discussions of complexity budgets and how to measure complexity budgets. This includes managing supply chain, and value pipelines, and system coupling.
Complexity budgets could be a very powerful measuring tool for understanding operations value In an organization. Overall, this helps you explain the cost of complexity to organizational leadership.
Today’s episode is about supply chains but with a Cloud2030 twist. We focused on forward leaning futures by looking into how supply chains are being disrupted. It’s going to be hard to get them working again if they can ever come back!
During this 20 minute check-in we dive security and SaaS infrastructure.
Can we protect the secrets that people are trusting to SaaS providers to store for us? The topic was inspired by the Twitch leak where a lot of sensitive information was exposed exposed to the public. That comes on the heels of all sorts of other leaks, compromises and down time on systems.
Overall, it seems like bad news is coming faster and faster for operators. The fundamental question is NOT can we trust a SaaS provider to secure information. We know the answer is NO. But what to do about it?
We talk about Infrastructure as Code through a Kubernetes filter. We started with a check in on KubeCon and VMworld, both of which had just ended. Both of those shows are very relevant in our IaC discussion and considerations because we dig into how we build on those platforms.
Ultimately, that lead to the idea of pipelines and processes for building sustainable automation and operations. That got into very interesting places!