Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

IT Road Map

Local & Online Infrastructure / Software Environment
by

Leon Yao

on 13 September 2012

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of IT Road Map

Leon Yao & Wilson Huang IT Road Map Where should IT be involved

IT Infrastructure

Security Related

Software Development Tool Chain

Q&A Agenda Provide stable local & online infrastructure environment

Help to develop & build software environment

Deliver & maintain online games

Open source oriented

Agile Mission & Concept IT Manager Helpdesk & Level 1 Level 2 Level 3 Antonio Leon Wilson Jenny Cosmos Campbell Campbell Antonio Leon Current IT Service Status Local Services / Full HA / With SSO
DNS
IRC
Proxy
DB
Monitoring
Backup
Mail
Filer
Helpdesk
Wiki
Other web apps

Online Services / Full HA
HAProxy
Python Server
Redis IT Infrastructure
Target Status Target Local IT Infrastructure Target Online Infrastructure Keepalived + LVS / Cluster LDAP + Kerberos Router Internet--
|
=============
| ISP Router|
=============
|
|
| |eth0 -> 192.168.1.11 (connected to lan)
|-lb0==|
| |eth1 -> 202.54.1.1 (vip master)
|
| |eth0 -> 192.168.1.10 (connected to lan)
|-lb1==|
|eth1 -> 202.54.1.1 (vip backup) Web DB Web SSO Current Software Development Status Android SDK tools
Monkey – automated random UI testing – integrated in Jenkins
adb – debug & instrumentation test – enables communication between a PC and a device (emulator or physical phone)
emulator – HW emulation using Goldfish – used for Jenkins/CI

Open Source tools
git – version management
repo – multiple git repositories management
Gerrit – code review and delivery control – integrated with Jenkins
Eclipse – IDE framework
Findbugs – static java code analysis – implemented in Jenkins and Eclipse
Checkstyles – coding standard enforcement – implemented in Jenkins and Eclipse
Jenkins – continuous integration engine – integrated with Gerrit
jUnit – test automation framework – implemented in Jenkins
CTS – compliance test suite from Google – implemented in Jenkins
Emma – java code coverage on target – implemented in Jenkins
Ant – java build system
OpenGrok – source code search

IP/commercial tools
Coverity – static code analysis – implemented for main branch
Black Duck Protex – IPR license verification and code scanning Software Development Tool Chain Infrastructure Security

Source Code Security Security Related Cloud Computing & Big data OpenStack OpenStack is a global collaboration of developers and cloud computing technologists producing the ubiquitous open source cloud computing platform for public and private clouds. The project aims to deliver solutions for all types of clouds by being simple to implement, massively scalable, and feature rich. The technology consists of a series of interrelated projects delivering various components for a cloud infrastructure solution. The Apache Hadoop software library is a framework that allows for the distributed processing of large data sets across clusters of computers using simple programming models. It is designed to scale up from single servers to thousands of machines, each offering local computation and storage. Rather than rely on hardware to deliver high-avaiability, the library itself is designed to detect and handle failures at the application layer, so delivering a highly-availabile service on top of a cluster of computers, each of which may be prone to failures. No Hot Fix Procedure

No ACLs to Server Side Codes

No ACLs to Client Side Codes Current Source Code Security Status No Positive Scan

No Security Updates

No Emergency Patch Procedure

No IDS

Infrastructure Security
Current Status Positive Security Scan Report Local Services / No HA / No SSO
DNS
IRC
Proxy
DB / no cluster
Monitoring
Backup
Mail
Filer / lack of ACL
Helpdesk
Wiki
Reviewboard
Other web apps

Online Services / No HA
HAProxy
Python Server
Redis IT Infrastructure
Current Risks Most conventional network services use password-based authentication schemes. Such schemes require a user to authenticate to a given network server by supplying their username and password. Unfortunately, the transmission of authentication information for many services is unencrypted. For such a scheme to be secure, the network has to be inaccessible to outsiders, and all computers and users on the network must be trusted and trustworthy.

Even if this is the case, once a network is connected to the Internet, it can no longer be assumed that the network is secure. Any attacker who gains access to the network can use a simple packet analyzer, also known as a packet sniffer, to intercept usernames and passwords sent in this manner, compromising user accounts and the integrity of the entire security infrastructure.

The primary design goal of Kerberos is to eliminate the transmission of unencrypted passwords across the network. If used properly, Kerberos effectively eliminates the threat packet sniffers would otherwise pose on a network. We need the architecture based on ITIL

The Information Technology Infrastructure Library (ITIL), is a set of practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business. In its current form (known as ITILv3 and ITIL 2011 edition), ITIL is published in a series of five core publications, each of which covers an ITSM lifecycle stage. ITILv3 underpins ISO/IEC 20000 (previously BS15000), the International Service Management Standard for IT service management, although differences between the two frameworks do exist. No IT service portal
No request management
No change management
No Incident management
No problem management
No project management Target Security Updates Stats team may need this Fantix is working on this part All kinds of updates
including software and security packages Auto updates in Dev Env, manual updates in Beta Env At least one week after Beta Env updates IT Team Architecture IT internal Infrastructure Security Tool Chain Q&A HA SSO Long Term Plan Target Workflow with ACLs No ACLs
No IDE
No CI
No Auto Test
Lots of manual work Sample Software Development Tools Sample Software Development Tools Mail Q&A Share Wiki Ideas Current Online Workflow SSO Workflow Scaling based on this
Full transcript