Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Managing Software Updates “the DevOps Way”

DZone's Guide to

Managing Software Updates “the DevOps Way”

Updating the containers that run our favorite services can come at significant cost; learn how to manage software updates the DevOps way.

· DevOps Zone
Free Resource

The Nexus Suite is uniquely architected for a DevOps native world and creates value early in the development pipeline, provides precise contextual controls at every phase, and accelerates DevOps innovation with automation you can trust. Read how in this ebook.

At a recent DevOps event I attended, I spoke to some members of the DevOps team in one of the largest US banks. The discussion centered around patches and software updates in a Dockerized environment with many files and microservices. It didn’t take long to pinpoint their pain.

“How do you manage software updates in a containerized microservices world?”

This question represents a valid problem which is the complexity of updating and maintaining software binaries. The problem is increasing exponentially as monolith applications are broken down into multiple containerized micro-services, and multiple versions of software binaries are released as Agile development practices lead to shorter release cycles. At the same time, there is a network of interdependencies in which updating a third party binary results in an update for multiple dockerized applications.

This is what motivated me to write this blog in which I will talk about one of the solutions that can be used to manage the cost of updating a software binary, whether for an upgrade, a patch, or even a deprecation.

The Cost of an Update

Computing the cost of upgrading or patching even a single file has become extremely difficult. Let’s take a scenario where several containerized and even non-containerized applications are running in production, and for some reason, you need to upgrade an rpm package and also patch a jar file. There is one question to ask:

How many applications are impacted by this change?

To meet the needs of all these teams, you need software that deeply understands all the binaries used in your organization irrespective of their type, whether they are proprietary in-house components or third-party libraries. But more importantly, you need software that can find the relation between the binaries to create a comprehensive graph showing how they are all connected.

JFrog Xray Impact AnalysisJFrog Xray does. It creates a graph similar to the one below by deeply indexing all the files within complex binaries and correlating them.

JFrog Xray Impact AnalysisJFrog Xray Impact AnalysisSoftware updates are not what they used to be. Containers and microservices have changed everything creating an explosion of binaries that are intricately connected and interdependent thus complicating the update process. Manually identifying all the binaries that are affected by an update is virtually impossible, however, using JFrog Xray’s impact analysis, it’s an easy and automated process to find these connections and determine the true cost of a software update.

The DevOps Zone is brought to you in partnership with Sonatype Nexus.  See how the Nexus platform infuses precise open source component intelligence into the DevOps pipeline early, everywhere, and at scale. Read how in this ebook

Topics:
image ,development ,software ,updates ,microservices ,containers ,devops

Published at DZone with permission of Ankush Chadha, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}