Webinar

Continuous Software Pipelines: Why Enterprises Are Going Cloud-Native

  • Mar 9 2022
  • 45 mins
  • Package management, Cloud infrastructure

Things you’ll learn

  • Why enterprises organizations are moving to cloud-native infrastructure
  • What this means for improving, scaling, and securing their CI/CD pipelines
  • How to easily set up a secure, cloud-native software pipeline

Speakers

Dylan Murphy
Dylan Murphy
Cloudsmith

Summary

Given that most of your technology infrastructure probably resides in the Cloud, it’s worth asking why the same isn’t true for your software packages. Regardless of whether you’re operating on-premise, using a custom in-house system, or employing a mixed approach,this session invites you to learn why why enterprise organizations are transitioning from on-premise systems to fully Cloud-Native alternatives.

Transcript

  1. 00:00:00
    Dylan Murphy
    Hello, and welcome to Developer Week Global Enterprise 2021. It is my pleasure to introduce our next speaker. This is Mr. Dylan Murphy. He's a software engineer for Cloudsmith, and I'll be joining you on screen. Thank you.
  2. 00:00:12
    Dylan Murphy
    Hello. Hello, everyone. Thank you for coming. Anybody that made it to Dan's keynote yesterday, I hope you enjoyed it. I certainly did. Dan covered more of a top level why you should buy rather than build your software application. So I'll cover more of a practical application of how a cloud native tool like Cloudsmith can fit into your existing CI CD pipeline.
  3. 00:00:34
    Dylan Murphy
    So just to kind of cover a bit of what we'll go over we'll touch on the differences between cloud native and cloud hosted cloud native being built. On and for and run on cloud infrastructure and cloud hosted being managed on Prem and available to the cloud. We'll talk a bit about the enterprise benefits of a cloud native solution, namely things like scalability, elasticity and speed.
  4. 00:00:55
    Dylan Murphy
    I'll do a quick demo, show you how this all fits and how you can get started in under 60 seconds. And if you have any questions along the way, feel free to ask them in chat. We have a couple of moderators sitting in on there. And we have some Q& A at the end as well. And you can always come chat to us at our booth.
  5. 00:01:11
    Dylan Murphy
    So just a quick background about me. My name is Dylan. I'm a grad engineer at Cloudsmith. I've only been here for a few months, but I'm really loving it. You know, my background is a bit all over. I was a mechanical engineer and then a drummer. And so working in software now, I feel like I've really found a great fit.
  6. 00:01:27
    Dylan Murphy
    It's a growth minded community. There's a lot of knowledge sharing. And this cloud native stuff is pretty cutting edge. So it worked out that I was always a drummer. Actually Marcus said he was the same, you know, you get into computers and run into issues where it's just no idea what the problem is.
  7. 00:01:42
    Dylan Murphy
    And so keep my drum set handy just in case he can't hit computers. So digress. We all know what the cloud is, right? But cloud native and cloud hosted are sometimes used a bit interchangeably, and they're definitely not the same. Right. So cloud native is built and run on and for cloud infrastructure, or something like cloud hosted is managed by a vendor, AKA somebody with an instance that is managing that on behalf of customers.
  8. 00:02:08
    Dylan Murphy
    So it's more of an on prem solution that's available up to the cloud, right? And with that type of solution with a cloud hosted solution, you have to worry about. running and maintaining and scaling your infrastructure. And, you know, that takes time and resources away from developing your core product. It can limit your ability to respond to incidents and it can increase your update cycle time up to months.
  9. 00:02:28
    Dylan Murphy
    So versus a cloud native solution where that stuff is designed and implemented and maintained for you. Things like access control. Particularly applicable for software distribution services, things like maintenance upgrades and scaling up the infrastructure. So, and that's all not to mention security as well.
  10. 00:02:45
    Dylan Murphy
    So, for instance, Cloudsmith just completed our ISO 27001 certification audit. And so if you want to secure the continuous packaging section of your pipeline, you know, you want to work with a company or a tool that is very serious about security. And it takes customer trust adequately, seriously. So the things that go into a good cloud native pipeline, right, it should be easy to sign up.
  11. 00:03:09
    Dylan Murphy
    It should be easy to use the features. It should be easy to customize the features and the implementation to your use case. And it should be easy to get help things inevitably hit the fan. So, you know, when you sign up, you should be able to get immediate access. You should be able to start creating, you know, repositories right away.
  12. 00:03:26
    Dylan Murphy
    You should not be waiting for accounts to be provisioned or permissions to be granted. These are kind of becoming common indicators of a cloud hosted solution. where, you know, things have to happen for the customer to see the result. So once you are in you know, you should be easy to use without documentation or with just poor documentation.
  13. 00:03:44
    Dylan Murphy
    We've kind of all been there. It can be really frustrating to set something up, let alone to use and maintain it. So, you know, tool like Cloudsmith, we have expansive docs at help. Cloudsmith. io. Recommend giving those a check out, but features should be well documented. Right. And at the same time, it's unlikely that any tool you use is going to have every insight or hook that you need.
  14. 00:04:03
    Dylan Murphy
    So robust API access is important to make the tool fit your organization. Even then stuff still goes wrong, right? You want to be able to speak to a real person quickly about what's going on in that scenario, and you want to know that they will be able to help resolve the issue. So Cloudsmith, I've kind of been plugging a little bit just to get this out of the way, is a cloud native, secure and universal continuous packaging solution, right?
  15. 00:04:30
    Dylan Murphy
    So we provide Cloudsmith. Secure distribution of your software by integrating into your existing continuous integration or continuous delivery deployment pipeline. We have 24 7 support from our DevRel and engineering teams, and we support all major package formats. And the continuous packaging term that I'm kind of throwing around references everything between CI and CD that's keeping your pipeline private and secure.
  16. 00:04:54
    Dylan Murphy
    So our tool, tools like ours, cloud native tools like this are a single source for all your software, regardless of the development language or who it's being distributed to. So that's great and all, but how does it fit into. You know, modern organizations ecosystem, so modern package repositories, they handle a lot of formats and there's a huge amount of variability per format.
  17. 00:05:18
    Dylan Murphy
    So that doesn't necessarily scale well for an enterprise organization that is likely writing in a couple of formats, more than a couple of formats. So you need an effective abstraction layer around managing that process in a uniform way. So continues packaging builds a single source of truth for all your software artifacts and dependencies and all the data related to them.
  18. 00:05:39
    Dylan Murphy
    It's kind of like how GitHub is a singular source, single, single centralized source for a repository for source material. This is like a repository for built software artifacts. So I'm going to jump into the demo in just a minute here, but just to give you a quick overview of what I'll touch on. We'll create a user with Cloudsmith, so you'll see that it's quick to set up and ready to go instantly.
  19. 00:06:01
    Dylan Murphy
    We'll create an organization, which is a namespace to control access and group repositories. We'll also look at some of the blanket security settings you can do. At the org level, and then we'll also create a repository in there, which is like a more granular hosted space for any of the number of format packages that we support.
  20. 00:06:19
    Dylan Murphy
    So keep note that that's a multi format repository, which gives you sort of the choice to delineate how you'd like to, how it fits for your organization. We'll touch on a couple of distribution methods as well using Cloudsmith. So one being to customers, I'll show you how our entitlement tokens work, and those are read only trackable access.
  21. 00:06:37
    Dylan Murphy
    And we'll also look at internally. You know, if you create a public or a private or an open source repository, you need that to be immediately compatible with, you know, native tooling endpoints. Our CLI API should be available globally to your team. So without further ado, I'll jump right in there.
  22. 00:06:54
    Dylan Murphy
    So when you land at the Cloudsmith login screen you know, the first thing you probably need to do is create an account if you haven't been here before. So I'll go ahead and do that.
  23. 00:07:03
    Dylan Murphy
    I think when I'm sharing my screen, my computer gets a little bit hung up.
  24. 00:07:07
    Dylan Murphy
    All right, so creating an account, put my email in there,
  25. 00:07:13
    Dylan Murphy
    password.
  26. 00:07:14
    Dylan Murphy
    And also to note that we, for enterprise organizations, this is much more important. But having other methods to sign on and to manage the sign on for multiple users is really important. So when I hit sign up, it sends me a mail notification. I'll pull that up on the other side over here, but I wanted to do this live to just make a point that this is very quick, right?
  27. 00:07:42
    Dylan Murphy
    So it drops you right into Cloudsmith and first thing we'll do is create an organization. And so we can call it demo org for now, create terms of service, might be a robot, TBD. And once we're in, you know, we can see that the organization has a bunch of folks involved. We can also create a team. Like, for instance, we could do an engineering team.
  28. 00:08:10
    Dylan Murphy
    And then, you know, once you start adding people to this, you can change the permissions as well. You can change what they see in the repository. And then you can also override that in the repository level settings. But for right now, we'll we'll add a repository in here. We'll call it, you know, we'll call it testing actually.
  29. 00:08:30
    Dylan Murphy
    We'll leave it private, uh, so I can show you how our entitlement tokens work.
  30. 00:08:35
    Dylan Murphy
    So this is already spun up, you know, as soon as the page template loads, everything is already. Partitioned in the back end. And I think that's an important thing to note. So when you do need to upload a package, we've got comprehensive docs on lots of formats. We've got comprehensive, you know, CI tool same thing.
  31. 00:08:53
    Dylan Murphy
    And I think for now, maybe we'll just put in. We'll put in a couple of different formats, but let's start with a Python package. I can show you how we work with these wheels.
  32. 00:09:05
    Dylan Murphy
    So it is already queued up and syncing. I would say we maybe also put another format in there. So I can just show you that this is it's really nice to be able to keep all this stuff in one spot. Some other products that are out there at the moment can't do that. It's a bit froggy if you try to try to mix and match too much.
  33. 00:09:22
    Dylan Murphy
    So when we go back to the repository itself, right, we can see that the Python example is already parsed. The npm example is in progress, but it's got the architecture. It's got the Python version. It's automatically tagged latest, which was based on Sembear, you know. parses the version here. So a lot of good info there.
  34. 00:09:41
    Dylan Murphy
    And you know, all the same stuff is available by the API. Same deal with the NPM. And yeah, this is really helpful to have. And when you're looking at the repository level, another thing that's important to keep in mind is, you know, if this is a private repository, it should be easy to control the access, right?
  35. 00:10:00
    Dylan Murphy
    If you're a software distributor, you could be creating content. A lot of these tokens and and you want to be able to track that access. So for example, you know, if I wanted to create a token for customer, a and restrict by search. So let's say I want this to just be for the Python packages and maybe only grab the latest one.
  36. 00:10:23
    Dylan Murphy
    You can also set limits on the usage. And you can ship some metadata with it as well. Let's go ahead and create that, right? And then so, you know, you have visibility over all the tokens in your repository and they're very easy to hand off to a customer or have something automated in the backend where, where these are being generated in use.
  37. 00:10:44
    Dylan Murphy
    Yeah. So there's some more, you know, granular settings in the repositories. It's, it's definitely worth taking a poke around here. I think what we have set up at the moment where there's an org and a repository that's being populated with multiple packages, that's, that's sort of like the, let's get you started with Cloudsmith, feel free to get that kind of thing set up and then and then come and reach out to us because we'd love to help you with getting that set up.
  38. 00:11:07
    Dylan Murphy
    So I'll jump back over to a presentation now
  39. 00:11:10
    Dylan Murphy
    and kind of jumping from the demo. This is sort of a picture of what we see, the continuous packaging. Ecosystem looking like at the moment, right? So continues packaging is meant to fit easily into your existing pipeline. It's supposed to be the space between C. I. N. C. D. with just some important overlap.
  40. 00:11:29
    Dylan Murphy
    So these steps that you see here and what happens between them can vary a lot between formats. But the idea is to augment your deployments, gain more insight into what you're shipping, you know, things like dependency management, secure isolation from third party sources, scanning of packages. It's all just to reduce the complexity in your distribution to end users by offloading it to a cloud native provider.
  41. 00:11:53
    Dylan Murphy
    So you want to have visibility over what's happening and our PDN does provide that with everything from your tokens to your teams and everything in between. I've been kind of throwing around this term continuous packaging along the way. Admittedly, Cloudsmith has coined this phrase. The acronym for Universal Packaging Solution was taken already, but our ideal is for everyone to see CI, CP, CD as the industry standard pipeline, right?
  42. 00:12:18
    Dylan Murphy
    So this is meant to be about owning the creation and consumption of packages. So continuous packagings is a central tenant to software supply chain management, whether people know it or not yet. But these practices prevent you from dropping the ball between. Building your software and deploying your software.
  43. 00:12:34
    Dylan Murphy
    So it's meant to go hand in hand with the ethos of modern DevOps practices. You know, automate everything, build frequently and maintain end to end responsibility of the software process. So transitioning into benefits and why this matters, right? You need to have end to end providence on who's using your software every step of the way that's becoming increasingly important in today's day and age.
  44. 00:12:58
    Dylan Murphy
    And you need to be able to isolate and cache assets safe from public upstreams. And, you know, with a tool like ours, everything that you use would be centralized in Cloudsmith. So available safely and immediately by our package delivered network, which is built to be secure by design and give you transparency in your DevOps supply chain.
  45. 00:13:17
    Dylan Murphy
    And all the while you have support from developers for developers in an ever evolving ecosystem. That can be really important, especially. At an enterprise level. So we have folks with a lot of past experience making this work with other customers. So highly recommend, you know, get yourself set up with an organ and repository and reach out to our team.
  46. 00:13:35
    Dylan Murphy
    If you're even just a little bit curious, you'll you'll talk to a real person who genuinely cares and has probably done something similar. You know, for somebody else is really unique use case. So a bit more on why this matters to an enterprise org and why enterprise orgs are going cloud native. You know, the priorities for a package management solution is support for the formats you use and integrations with your tooling.
  47. 00:13:59
    Dylan Murphy
    And so it's nice to be able to centralize those to one place. Understandably, though, information implementation is going to be different for everybody, but there's there's a general market need for a flexible and robust solution that can scale and change and grow with your organization. So something like a Cloudsmith tool is continuous tool in the center of an existing ecosystem.
  48. 00:14:20
    Dylan Murphy
    It's really abstracting existing pipelines as opposed to adding a new tool to the pipeline. So it's just covers your back and offloads some of the process. You see, here is kind of a snapshot of what we offer, but this is what enterprise are hopefully hoping to see. So moving from left to right, you know, there's simplified integration with current tools by the native extensions or Clouds with CLI.
  49. 00:14:43
    Dylan Murphy
    So it's easy to get started and use there's. Real time information on the status of your build pipeline. So if you, once you get set up, there's immediate access and visibility. There's no security scanning of source prior to upload where we're leveraging metadata and digital certificates to ensure authenticity and right away through their simplified support for all the native tooling, which docs and 24
  50. 00:15:10
    Dylan Murphy
    seven support. On all these integrations and formats. So definitely go check those out. And just to kind of summarize what we've been talking about cloud native apps are meant to be. Globally available, right? They're scalable. They're elastic. It's managed infrastructure and security as well. So it's built for integration with existing C.
  51. 00:15:32
    Dylan Murphy
    I. C. D. tooling and ultimately made for automation, which is part of why it's so important to an enterprise organization. And, you know, to go with that security is a core tenant of the product, right? Our cloud native infrastructure helped us a lot with our isolated recently. And, you know, it's part of the it.
  52. 00:15:51
    Dylan Murphy
    Part of everything that we do that customer trust is, is known to be a piece of what we've been as software providers. This is sort of the same way that you wouldn't want to just wire appliances in your house directly to the mains. You want to use a receptacle that is built already to offload some of that security and testing for customers and for developers.
  53. 00:16:10
    Dylan Murphy
    You know, folks want to see compatibility and ease of use to be able to offload some of that trust. And and just like in the metaphor, right. There's totally ways to do it yourself, but this is sort of where the building software starts to diverge, right? It's obviously a heavily iterative process, constantly, always updating applications and programs.
  54. 00:16:29
    Dylan Murphy
    So you need to be able to keep up with that change and easily need to be able to grow or even decay to keep costs down. And cloud native product is not obviously a literal fixture in your house. It is more of a living, breathing service that is being updated all the time. So having your infrastructure and your uptime guaranteed by an SLA and having your security audited regularly, having transparency throughout your supply chain it's very important.
  55. 00:16:55
    Dylan Murphy
    And, you know, obviously enterprise orgs are starting to move cloud native. So, like I said, please check out our help docs start yourself a trial. Create an org, create a user, create a repository, populate it with multiple formats, start generating entitlement tokens, experiment with our API and our native CLI, add some team members as well, see how easy it is to collaborate, you know, cloud native applications really shine globally and yeah, come see us at our booth, we'd be happy to answer any questions you have, there is also a survey you can take for a chance to win an Amazon gift card.
  56. 00:17:31
    Dylan Murphy
    Thank you. And if you want a demo, please come by and hang out with us at the booth. Yeah. So I'll leave it up to a Q and a, and anybody feel free to reach out in the chat if you'd like.
  57. 00:17:45
    Dylan Murphy
    All right, folks. Well, it seems like there are not any questions at the moment, but thank you, Kira, but yeah, we'll be over in the booth. Please come hang out and talk to us. I'll probably redo the demo that I did there. Just redo it again there. And Thanks for hanging out.
  58. 00:18:00
    Dylan Murphy
    Thank you, Dylan, for a great talk here at developer week, global enterprise 2021 attendees, please. Let me get to the next available talks on the session tab to your left. Thank you.

Comments