Optimizing software operations: Insights from a leading EU initiative

Software operations grow in complexity as the world expects all software to be faster, simpler yet more sophisticated and to offer greater user experiences.

That means some really smart people have to facilitate this at an operational level by managing numerous complex processes and strategies. I'm working alongside many of these smart people on a major EU initiative to make this work easier.

In this blog post, I share highlights that will help you meet some of the main challenges you are likely running into. 

The major EU initiative I'm involved in, on behalf of Eficode, is called the AINET-ANTILLAS program. We're developing new ways to make networks smarter and safer—especially at the edge of the network—which will make it easier to deliver high-performance services to people and businesses. In other words, we are simplifying the future of operations in Europe.

Keep reading for the most crucial challenges we’re working on solving. Seeing how we address them just might inspire you to solve or mitigate some of the hardest software operational hurdles in your organization.

After I describe each challenge, I will briefly explain how my team, creating a specific solution that will be available later this year, addresses them. So, here we go.

1. Your software system becomes evermore complex

With time, as technology evolves, software applications become more intricate. New components, third-party integrations, and dependencies are constantly added at a breathtaking pace.

Managing this complexity and ensuring seamless interoperability can be a daunting task. It becomes harder and harder to maintain a clear understanding of the entire software architecture. That, in turn, leads to difficulties in debugging, troubleshooting, and making timely updates.

The way we simplify this complexity

Our solution to this complexity at Eficode is templating software services.

Each architectural layer in the technology stack has requirements that call for deep technical knowledge. But if you enable each team to create and maintain their respective piece of the puzzle through templates, you allow those responsible for the service to concentrate on the integration and final configuration.

Each responsible team can create scripts, playbooks, and templates, together with required configuration inputs, for each layer of the stack:

• IaaS
• Virtual infrastructure
• CaaS
• PaaS
• Apps

Then, when it’s time to create a service, you can use these to form the master architecture and configuration. You have the complete descriptors of the service, and you can execute the service deployment based on them.

2. Your monitoring and logging aren’t doing the job

Without robust monitoring systems in place, you’ll fail to spot performance bottlenecks or anomalies, and you can’t respond quickly to issues.

Without logging, you can’t trace the root cause of problems, just as without efficient logging mechanisms, you can’t troubleshoot effectively during incidents.

The way we monitor effectively

In our solution, we monitor in several ways. We detect and collect a variety of metrics and store this data in a time-series database with nanosecond granularity for precise insights into system performance.

Using integrated solutions, we monitor all virtual machines and Kubernetes nodes for resource utilization and availability.

We monitor each application with an agent loaded into the sidecar to trace their behavior and detect any degradation or cause for alarm. Here’s a selection of what we monitor:

• Network performance monitoring: Load balancers, application delivery controllers, firewalls, routers, switches, and WAN accelerators
• Cloud performance monitoring: Status, request per second, response time, busy vs. idle workers, service checks, availability checks
• Server performance monitoring: Uptime, CPU and memory utilization, RAID controllers, physical drives, battery systems, power supplies, power load metrics, fans, and motherboard states
• Virtualization performance monitoring: Memory, CPU load, ballooning, co-stop, kernel swap rate, disk latency, disk data rate, disk IOPS, resource pools, datastores, network incoming/outgoing packet rate, network incoming/outgoing bytes packet rate
• Storage performance monitoring: Every active interface, CPU usage, disk activity, IO/second, cache age, per-volume space, per-volume R/W latency, health check, fan failures, power failures
• With additional tools, service performance KPIs: TPS, BHA, BHCA, or equivalent based on service, UL/DL throughput, latency, service availability, network availability, network access rate, request success rate, session setup time, and session success rate

Based on the collected metrics, we generate an alert vector that can be correlated with a predefined policy (we’ll come back to this later). The data can also be utilized for time-series forecasting.

3. The security cat-and-mouse game

This is a big one in all software operations. Cyber threats are becoming more frequent and sophisticated. So organizations have no choice but to prioritize security throughout the development lifecycle.

You need to implement secure coding practices, regularly run audits, and stay vigilant about emerging vulnerabilities. Your software is an attractive target for bad actors across the world.

How we harden our security

In short, we integrate with several security and vulnerability solutions.

• STRIDE for threat identification
• DREAD for risk assessment
• CVSS for vulnerability severity assessment

Our security scans are a constant presence throughout service deployment and operations. We keep a close eye on applications and the runtime environment to make sure security configurations are always up to standards. If anything veers off course, an alert is triggered to take care of it right away.

And, of course, if an auditor ever needs to check in, they'll find a complete, immutable trail to guide them.

4. Some processes remain undocumented or unrepeatable

Often, when something unexpected happens during operations—an incident that compromises the system or its performance—the situation turns a bit chaotic. All personnel scramble to gather information and try to solve the issue as fast as possible. This disorganization can be expensive, and often the actions a team takes are not documented.

How we bring order to the chaos

As I mentioned above, when our system detects any deviation, we automatically create alert vectors. Each vector has its own identifier, which can be correlated with policies we have already defined.

The vectors can refer to: 

• Configuration issues 
• Resource availability 
• Service KPI degradation
• Security-hardening needs

All of the data we collect and the defined policies can be used for time series forecasting. Time series forecasting is important in machine learning. It can be used as a supervised learning problem.

The more the data volume and time horizon grow, the more precisely you can define your policies. You can even create new policies automatically based on historical data and the actions taken with regard to the alert vectors.

5. A lack of collaboration and communication messes up your operations

If you work for a larger organization with distributed teams, you know what a challenge this can be. If you don’t mitigate it, your software operations will be nowhere near the expectations of you and your customers.

With miscommunication, you will be uncoordinated, and there will be constant misunderstandings, delays, and, ultimately, operational inefficiencies.

How we solve the communications problem

In our solution, in an instant, all alerts and information go out to defined stakeholders, such as developers, operators, and business users. Let’s eliminate the need for manual communication and information silos.

Each stakeholder can work their magic and provide their expert input through fixes or policies, again coming together in the update of the master architecture or the runtime policies.

Everybody makes informed decisions at lightning speed. Not only does this continuously improve incident resolution times and overall downtime, but it also ensures better-optimized systems and, in the end, better software quality.

In software operations, challenges come at you from every direction in all shapes and sizes. These range from technical complexities to organizational dynamics.

To address these challenges, you need a holistic approach that encompasses technology, processes, and people. Only then will your organization’s software be supported by successful and sustainable operations.