Test Driven Development in DevSecOps
Introduction Test Driven Development (TDD) is not a new concept. The idea has been around for the better part of 30 years, but its adoption in the DevSecOps world has not been as prolific as in other development spaces. There are serious merits to the approach, particularly when coupled with agile methodology and iterative improvement in general. Why use TDD? Consider this typical scenario: A user story is created for an engineer to develop a new feature. The engineer develops the new ...
Using Azure Secure Virtual Hub to Accelerate Compliance
Introduction Managing network security in a complex cloud environment can be a challenge. Azure Virtual WAN offers a solution, but for many organizations, it requires additional configuration to implement security policies. Azure Secure Virtual Hub is a streamlined approach that integrates security directly into the Virtual WAN. What is a Secure Virtual Hub? A Secure Virtual Hub is a Virtual WAN hub with pre-configured Azure Firewall Manager. This means it inherits the security and routing...
RAG Based Large Language Model
Introduction With a sudden rise in the popularity of Generative AI (GenAI) recently, the trending topic in every organization is to utilize the power of GenAI to augment business solutions offered to their clients. One of the most popular use cases for GenAI platforms is for providing a question and response interface. This might cover a wide range of topics or be limited to the relevant business information. Large Language Models (LLMs) play a pivotal role within the realm of GenAI by harn...
Building an Efficient and Scalable Test Automation Platform based on AWS Serverless Architecture
Introduction Testing plays an indispensable role in the software development lifecycle of any product or application by validating its reliability and functionality. However, traditional testing models are often dependent on infrastructure provisioning, leading to slower development and testing cycles. With the advent of serverless architectures, there has been a recent paradigm shift in test automation capabilities, freeing up development and testing teams from the complexities of infrastru...
Tools for Distributed Tracing
Introduction In the previous blog post, the discussion centered around the idea of linking and tracing requests across multiple services in a distributed architecture. This is to eventually assist in troubleshooting and optimizing the overall performance of the entire distributed application stack. There are several distributed Tracing Tools available to help in this regard. These tools collect and export telemetry data and some also in visualizing the flow of requests across various service...
Azure Infrastructure and Application Performance Monitoring
Introduction Monitoring the infrastructure and applications running in Azure is critical to maintaining the overall health, performance, and security posture of an application. Effective monitoring provides insights into applications performance as well as proactively identifies issues impacting application components and the resources they depend on. Azure Monitor Azure Monitor is a service in Azure that provides a comprehensive solution for collecting, analyzing, and acting on telemetry ...
Distributed Tracing for Application Troubleshooting
Introduction Distributed tracing is a method to track the flow and timing of application requests as they move through a system of components such as browsers, APIs, Databases and other infrastructure such as queues, data stores. The key idea is to link and trace requests across multiple services in a distributed architecture, which enables a comprehensive understanding of how a request progresses through various components, aiding in troubleshooting and optimizing the overall performance of...
Adopting Behavior Driven Development (BDD) Framework
Introduction BDD Framework is a software development approach that allows testers, developers, and businesses to create specifications for a feature in simple text language (English) and link them directly to the code supporting the specific functionality. Why Use BDD? BDD is an approach to write specifications and not just tests. Using the BDD framework reduces rework and increases reusability of code. In the traditional testing approach, usage of TDD and Unit testing is quite common. It ...
To be Cloud Agnostic, or Not to be: that is the question!
Introduction There is a lot of buzz in the industry on developing “Cloud Agnostic” solutions while developing products on public cloud platforms. “Cloud Agnostic” architecture is a model that avoids vendor specific managed solutions in favor of traditional compute-driven architecture with customer-managed tooling and third party products. The important question to ask is, how beneficial is a “Cloud Agnostic” approach to application architecture. Background When the argument is made for a s...
Thanos based Centralized Kubernetes Monitoring
Problem Statement As Kubernetes implementations become common, there is an ever-growing need to monitor such clusters along with the application workloads running in those clusters. There are three major challenges in this regard: Typically, organizations run multiple clusters making it hard for their operations teams to monitor all the clusters simultaneously. This has created an urgent need for a centralized monitoring platform to manage all their clusters and view them on a...
/otel-diagram.svg)
Using OpenTelemetry Observability System (OTEL) for Monitoring Containerized Applications
Introduction Microservices, Containerization and Kubernetes have become buzz words in the software infrastructure world over the past few years. While running Kubernetes clusters has become relatively straightforward, operating them effectively has been an issue for most organizations. One of the most common challenges with Kubernetes is the ability to holistically monitor the underlying infrastructure to avoid issues such as unwanted costs, downtime, lack of observability, etc. Monitoring a...
Exploratory Testing in Software Testing
Introduction Exploratory Testing is an approach to software testing that is often described as simultaneous learning, test design, and execution. This blog attempts to discuss how Exploratory Testing can complement manual scripted and automated testing in a software development setting. Background and Perspective No amount of automated tests can cover all the test scenarios and test cases related to the application user experience and design. In addition, not everything can be automated as...
Monolithic or Microservices Architecture
A Software Architect’s Dilemma! Introduction The right software design approach has always been an art rather than a science from the first time software applications were designed and developed. In general, the software development process has evolved based on mistakes from the past and limitations of the methodologies used. Tools have evolved, new frameworks created, design best practices adopted all to make scalable, extensible, and sustainable applications. Despite all this progress, so...
Creating Region Resilient applications in Azure
Problem Statement As the US holiday season approaches, a surge in online shopping is expected. One of our clients is gearing up for this surge by aiming to make their application “Region Resilient” so it can handle the traffic surge during the US holiday season. KansoCloud team’s challenge was to help them in migrating their workload from single-region microservices to a “Region Resilient” architecture. What is “Region Resilience”? How is it different from DR? “Region Resilience” refers to...
Fostering Continuous Learning using Objectives and Key Results (OKRs)
Introduction The process of aligning the entire organization with the company’s vision is a common challenge. Using OKRs as a goal-setting framework helps organizations define objectives and then track outcomes in days instead of months. The Objectives and Key Results framework was initially framed by the KansoCloud co-founders Govind Bangarbale, Pramod Verrannagri, and Sanket Dangi in 2021. As a CEO at Intel, Andy Grove took the idea of MBO from Peter Drucker and upgraded it with the concep...
Comparison of Katalon Studio and Robot Framework Test Automation Platforms
Overview Katalon and Robot Framework platforms have become very popular in the functional Test Automation space. This document attempts to compare these two platforms across common features. Problem Statement Even though Test Automation as a practice and automation platforms have been around for a while, their adoption has lagged behind in general. Recently, one of our customers approached us with a request to compare and contrast Katalon and Robot Framework based ...
Building a WhatsApp Chatbot with Express and OpenAI
Introduction In the on-demand world we live in, the expectation is that everything is just a click away. Users expect quick and easy access to information 24X7 regardless of the time or time zone. As a result, chatbots have become increasingly popular for automating customer interactions. A chatbot is a software agent that simulates human-like conversations with users via chat. Its key task is to answer user questions with instant messages. Role of Large Language Models (LLM) in Artificial I...
Evolution of Web Development Technology - From Mocha to Low-Code to Codeless-as-a-Service
Introduction Web development technology has come a long way through the history of the internet, from text only user interfaces in the 80s to blocky layouts of the 90s, to the web logs (a.k.a blogs) of the 2000s all the way to the mobile apps of the 2010s. What started with Berner Lee’s first web page in 1991 in Hypertext Markup Language(HTML) exists as the “literal” backbone of every web page created even to this day. In general, these technologies accelerated the evolution of the industry ...
Test Automation for Salesforce CRM using Robot Framework & Playwright
Introduction Functional Test Automation is the process of testing software to ensure it meets the product functional requirements with minimal human intervention. In other words, it’s a test to double-check that the software performs exactly the way it is expected to (from a user perspective). This process typically tests for bugs, defects, and any other issues that can arise during the course of product development. Problem Statement Even though Test Automation as a practice as well as auto...
Adopting the CaaS Paradigm to Accelerate Time to Market
Digital transformation has become the most recent “buzzword” in every organization. At its core, It involves the integration of digital technology to deliver value to customers to provide them with a competitive advantage. When implemented correctly, digital transformation improves customer experience, operational efficiency, and reduces total cost of ownership of the underlying technology platforms. Codeless as a Service (CaaS) is a software development paradigm that enables companies to bu...
Deploying Amazon Elastic Kubernetes Service (EKS) within Restricted Private Subnets
Introduction KansoCloud specializes in the design, deployment and management of Kubernetes clusters on AWS, Azure and GCP platforms to modernize our customers’ DevOps platforms. One of our larger enterprise customers wanted to deploy Amazon Elastic Kubernetes Service (EKS) clusters with native Amazon Virtual Private Cloud (Amazon VPC) addressing. One of the primary reasons for using native VPC networking was to take advantage of the ability to manage Kubernetes traffic at the VPC level based...
AWS Customer Use Case Whiz.AI
About Whiz.AI Whiz.AI develops an augmented consumer analytics platform to deliver insights directly into the hands of business users empowering decision makers to drive more informed and faster business decisions at a lower cost. The Challenge A monolith application running all services on a single node needs to modernize for high availability and performance targets. The Solution Migrate the application to Amazon Elastic Kubernetes Service (EKS) and Amazon RDS for PostgreSQL followin...
AWS Customer Use Case TikMe
About TikMe TikMe develops mobile applications to assist service requesters and service providers to find and connect with each other based on location to assign and complete jobs. The Challenge TikMe is in need of an automated CI/CD and testing solution for their mobile application development with updated DevOps practices to streamline development and scalability issues for mobile applications. The environment was running on EC2 instances with docker-compose where the build and release...
Compliance Certification for Startups/Smaller Companies
IT Security is the practice of implementing effective technical controls to protect an organization’s IT assets and Compliance is the application of that practice to meet a third party’s regulatory or contractual requirements. More specifically, Security is a clear set of technical systems and tools and processes which are put in place to protect IT assets whereas Compliance studies a company’s security processes and documents their security at a single moment in time and compares it to a spe...
SonarQube versus ESLint for Static Code Analysis
Introduction Static Code Analysis (also known as Source Code Analysis) is usually performed as part of a Code Review and should ideally be implemented as part of the CI portion of a product development lifecycle. Static Code Analysis commonly refers to the running of Static Code Analysis tools that attempt to highlight possible vulnerabilities within ‘static’ (non-running) source code by using techniques such as Taint Analysis and Data Flow Analysis. Ideally, such tools would automatically id...
/appSecurity-4.png)
Application Security in Cloud and DevSecOps Best Practices
Introduction Building a secure and compliant application on a public cloud platform necessitates the implementation of numerous controls to be applied during the build, test, deploy and post-deployment phases. Application development teams struggle to understand the overarching DevSecOps toolchain and how exactly to introduce security controls into their current SDLC process and their automated delivery pipelines Lack of infrastructure and application scanning capabilities can allow...
Supporting Continuous Delivery with Quality for Mobile Apps
Introduction Building, testing, and delivering mobile applications typically involves multiple steps that can be long and complicated. When build, test, and deliver steps are performed manually in such cases, the process can become arduous and error-prone. In addition, the feedback loop to developers takes longer to compete slowing down the overall development process. The key to delivering accelerated value to end users is by adopting the concepts of Continuous Integration (CI), Continuous D...