The Software Architects' Newsletter March 2022

A monthly overview of things you need to know as an architect or aspiring architect. [InfoQ]( The Software Architects' Newsletter March 2022 [View in browser]( Welcome to the InfoQ Software Architects' Newsletter! Each month, we bring you essential news and experience from industry peers on emerging patterns and technologies. This month, we focus on the topic of "Cloud Computing: From Edge to PaaS and IaaS". The core topics of cloud computing currently span across the entire "diffusion of innovation" graph in last year's [Architecture and Design InfoQ Trends Report](. The latest [DevOps and Cloud InfoQ Trends Report]( (July 2021) provides additional insight for architects working in this space. Key challenges remain, including designing scalable systems, the build vs. buy decision, and how to plan for multi-cloud adoption. News Google Java App Engine Standard is Now Open Source Google has released the [source code for Google App Engine]( Java standard environment as open source, which also includes the production runtime, App Engine APIs, and the local SDK. Initially [released in 2018](, Google App Engine was a PaaS designed to make it easy for developers to deploy and scale their web applications. App Engine currently supports many languages such as Java, PHP, Python, Node.js, Go, and Ruby. Google has not yet open-sourced support for other languages. It has also not released several specific layers that tie App Engine to the underlying [Borg]( cluster management system that is internal to the Google infrastructure. NubesGen Brings Git Push to Azure Infrastructure NubesGen is an open-source cloud provisioning tool from Microsoft, integrating Terraform with an opinionated GitOps workflow for [deploying applications to Azure](. NubesGen targets developers who want to "git push" their cloud infrastructure. With a new command-line interface (CLI) available in its v0.8.0 release, InfoQ interviewed Julien Dubois, the project leader of NubesGen, to get his take on the product and where it's headed. AWS WAF Introduces Fraud Control - Account Takeover Prevention Amazon recently introduced a new feature of AWS Web Application Firewall, "[Fraud Control - Account Takeover Prevention](", to protect login pages at the network edge. Checking in real-time whether the usernames and passwords have been compromised elsewhere on the web, Account Takeover Prevention (ATP) is designed to mitigate brute force attempts, credential stuffing attacks, and other anomalous login activities. Best Practices for Running Stateful Applications on Kubernetes Kubernetes cluster operators that need to [run stateful applications]( have several options available to them: run these outside the cluster, alongside it as a cloud service, or within their cluster. Best practices for stateless application management in Kubernetes include making effective use of namespaces, service routing, ConfigMaps, and securing secrets. Building an Effective Digital Platform: Adam Hansrod on the Benefits, Challenges, and Approach Equal Experts have open-sourced a playbook detailing their thinking on [building Digital Platforms](. The [playbook]( outlines strategies to organize a successful digital platform and explores the challenges that can be faced by digital platform teams. InfoQ spoke with Adam Hansrod, one of the authors of the playbook, and discussed the ideas in more detail. Case Study Is Docker Secure Enough? Advice for Configuring Secure Container Images and Runtimes The [security of Docker]( is dependent on how it is used: it is overly simplistic to ask "Is it Secure?" when security lies in fine-tuning Docker for your use case. A recent InfoQ article written by Rudy De Busscher explores the most important security considerations around Docker. Docker is a platform most developers are now familiar with. It makes it easier to create, deploy and run your applications in packages called containers. The application and required dependencies are “packaged” and run as a process on the host Operating System, rather than the Operating System being duplicated for each workload as with virtual machines. Since Docker made this approach popular, many of us talk about Docker Containers and Docker Images. In fact, images and containers don’t need to be "Docker" but they can be based on a similar framework. As cloud-native programming grows in popularity, so does Docker and a container-based approach. Cloud-native is a term with several definitions, but it largely means running an application, most likely one with a microservices architecture, on cloud infrastructure. It uses automation tools and the resources and functionality of cloud providers. A containerization tool like Docker is often useful with this style of programming because the container content and setup result in a repeatable environment regardless of the underlying system. Since the Docker Images and containers need to be used in a wide variety of scenarios, you need to tune them for your specific use case. The general principles of security are still the guidelines to determine what is needed for your case. The principle of the least privilege says we should give minimum permissions possible while still achieving functionality, to avoid security breaches. For containerization, this means we should not run the main process in the container with the root user. We should also use the appropriate permissions on files and restrict access using a specific AppArmor profile. To reduce the attack surface area, we should only include what is strictly required for our use case, and for example, use the newer implementations like containerd and CRI-O to run our containers as they include fewer binaries and processes. This content is an excerpt from a recent InfoQ article written by Rudy De Busscher "[Is Docker Secure Enough? Advice for Configuring Secure Container Images and Runtimes](". To get notifications when InfoQ publishes content on these topics, follow "[cloud computing](", "[cloud architecture](", and "[cloud-native](" on InfoQ. Missed a newsletter? You can find all of the [previous issues]( on InfoQ. Sponsored [Cockroach Labs]( [Discover the joy of serverless development]( This complete O'Reilly book teaches developers how to build, scale, and deploy serverless applications in Google Cloud Run. From core fundamentals to hands-on tutorials, this free resource is your introduction to a world of more productive coding and far less managing infrastructure. Download your free copy of "[O’Reilly’s Building Serverless Applications with Google Cloud Run](" courtesy of CockroachDB. Upcoming events QCon: For practitioners by practitioners [QCon London Software Development Conference (April 4-6)](: Last chance to save your spot and learn from practitioners driving innovation & change. Attend [QCon London]( Software Development Conference (April 4-6) and explore real-world trends and practices to inspire your decisions, workflows, and roadmap. View the full [schedule]( and deep dive across [15 essential topics](, 4 keynotes, and 75 technical talks from [+60 senior software practitioners](. Learn actionable insights and [save your seat](! [QCon Plus Online Software Development Conference (May 10-20)](: Validate your software development roadmap. At [QCon Plus]( Online Software Development Conference (May 10-20, 2022) find practical ideas to help you adopt the right technologies and practices. Experience live Q&As with [speakers]( and on-demand access to all talks. Get up-to-speed on the new trends, techniques and ways of working being applied by people like you. Save £50 with our last early bird offer if you [register before March 30th](! [QCon San Francisco (Oct 24-28)](: Real-world technical talks. No product pitches. [QCon San Francisco]( Software Development Conference (Oct 24-28, 2022) focuses on patterns and practices, not products or pitches. Don't miss your chance to meet senior software practitioners and learn their successes and failures of software. Attend in-person and uncover emerging trends and tools. Save $1,020 if you [register before March 30th](! Senior software developers rely on the InfoQ community to keep ahead of the adoption curve. One of the main reasons software architects and engineers tell us they keep coming back to InfoQ is because they trust the information provided and selected by their peers. We’ve been helping software development teams adopt new technologies and practices for over 15 years through InfoQ articles, news items, podcasts, tech talks, trends reports, and QCon software development conferences. We hope you find this newsletter useful. If not, you can unsubscribe using the link below. [Unsubscribe]( Forwarded email? Subscribe and get your own copy. [Subscribe]( Follow InfoQ.com on [Twitter]( [Facebook]( [LinkedIn]( [Youtube]( You have received this email because you subscribed to "The Architects' Newsletter". To stop receiving the Architects' Newsletter, please click the following link: [Unsubscribe]( - - - C4Media Inc. (InfoQ.com), 2275 Lake Shore Boulevard West, Suite #325, Toronto, Ontario, Canada, M8V 3Y3