HTTPS – the first line of defence

In today’s world when our online interactions are increasing every day, the security of our online transactions becomes very important. If you are an end-user to a website that is required to handle important financial or informational transactions like bank sites, eCommerce sites, email sites, etc, the very basic thing you should check is that protocol for the transaction being used is HTTPS. HTTPS stands for HyperText Transfer Protocol Secure, or Secure appended at the end of the HTTP protocol. For example, if you are using a chrome browser you can see a symbol of a lock at the start of the website name in the address bar indicating the site uses HTTPS. If you click on the lock symbol you will see more details about the certificate provided by the website claiming that it is secure.

Let’s try to understand how HTTPS works.

Step 1: Browser sends a request for an https secured page, like

Step 2: The website will need to send back an SSL certificate confirming that it is secured. SSL certificate is provided by certifying authorities like Godaddy which can be verified by the browser. Along with the certificate, the website would send the browser its public key.

Step 3: Once the browser receives the certificate and public key from the website, it will authenticate the certificate, and if satisfied, it will use the public key from the browser to create a symmetric key.

Step 4: The browser generates a symmetric key, encrypts it using the public key provided by the website server and sends it back to the server. The web server receives the encrypted symmetric key, decrypts it using its private key.

Step 5: For any further communication, the server and the browser both use this symmetric key.

Now to understand the concept completely we need to understand how public-private key encryption is different from symmetric key encryption. In the case of symmetric key encryption, the key that encrypts the message can be used to decrypt the message. Whereas in the case of Public key – Private Key encryption, a message encrypted by Public key can only be decrypted by the private key. Symmetric key encryption is faster but not as secured as public-private key encryption.

If you are interested in understanding how each step mentioned above assures security in communication, read on.

Let’s look at each step and try to understand how each step is secured.

Step 1: The browser is just sending a request for website contents at this point, the actual transfer of information is not started.

Step 2: The server is only sharing its public key in this step, so not worried about security.

Step 3: Browser decrypts the SSL certificate which needs to be provided by an authorized Certification Authority (CA). The browsers come packaged with details of all major CAs and can validate the certificate against its local cache or can confirm with the certification authority. Browser matches the URL being addressed and the certificate received, this way it makes sure that no fake website or server is trying to send the data.

Step 4: The browser has encrypted the symmetric key with the public key provided by the server. So in case even if the packet is compromised and received by a fake server, it will not be able to decrypt the message as only the original server has the private key.

Step 5: By this step, only the browser and the intended server have the symmetric key. Any communication happening can be decrypted by only these two parties, so even if there is a leak, the message content remains safe.

Amazon AWS Core Services

Recently Amazon has conducted free online training to provide an introduction to core services provided by Amazon Web Services or AWS. Follow this link to get more details about the training. It was divided into 5 modules, where it talked at a high level about the major services provided by AWS. The training is very useful for anyone wanting to know more about AWS services or Cloud services in general.

Here is the summary of training:

What is the cloud?
All your infrastructure needs are provided to you off the shelf. You do not need to setup or maintain any infrastructure. You provision what you need and when you need it, and pay for only what you use.
The advantage you get is that you do not need to pre-configure infrastructure and pay for everything upfront. You need not predict the exact capacity you need. The cloud provides you with an option to pay only for what you use. You have easy options to scale up or down based on your needs.

How you manage the infrastructure?
On-Premise: When you maintain the whole infrastructure on your premises.
Online Cloud or Cloud: You do not maintain any infrastructure and everything is owned by the cloud service providers.
Hybrid: A mix of on-premise and online cloud.

Regions, Availability Zones, Data centers, and Edge location

Regions are the first thing you will need to choose when procuring a resource, mostly it is a geographic location like Singapore, US East, US west, etc. Each region has 2 or more availability zones (AZs). The availability zone has one or more data centers. Edge locations are customer-facing locations that can be set as endpoints for CDNs (Content Delivery Network).

An understanding of Regions and AZs is important to help us guide with Data governance legal requirements and proximity to customers (for better performance). Also, not all the services are available in all the regions, plus the cost might vary sometimes.

Amazon EC2: Virtual machines are the heart of any cloud system. Amazon provides EC2 or Elastic Cloud Compute to get compute resources. It has many configurations to choose from based on your needs.

Amazon EBS or Elastic Block Store: You can think of it as hard drives for your EC2. It is available in SSD and HDD types.

Amazon S3 or Simple Storage Service: S3 stores data in the form of objects. It gives 11 9’s or 99.999999999% durability. It is used for backup and storage, application hosting, media hosting and so on. You can secure and control access to your buckets using access policies. Also, you can turn on versioning to manage the version of objects/files. Additionally, you can also set up your bucket as a static website.

Amazon S3 glacier: This is low-cost storage for long term backup.

Amazon VPC or Virtual Private Cloud: You can manage your resources in Virtual networks, which gives you a way to manage access to the resources in the virtual networks based on security group rules.

Amazon Cloudwatch: Cloudwatch is a monitoring service. It gives different forms of usage metrics (CPU/ Network usage etc). One can add alarms and triggers based on events like CPU usage above a certain limit.

EC2 Autoscaling: Autoscaling allows us to add machines when traffic is raised and reduce machines when traffic is low. We can add or reduce EC2 instances based on events like CPU usage percentage.

Elastic Load balancing: Elastic Load Balancing is a highly available managed load balancing service. It provides Application Load balancer, network load balancer, and classic load balancer options. The application load balancer is layer 7 (application layer) load balancer which can be used based on request formats whereas Network load balancer works on layer 4 (network layer).

Amazon RDS or Relational Database service: supports Postgres, MariaDB, Oracle, MySQL, MS-SQL, Amazon Aurora. Aurora is a high-performance database option by AWS that supports MySQL and Postgres and is faster than normal databases as it is built in a manner to take advantage of cloud scaling mechanism.

Amazon DynamoDB: Dynamo DB provides various NoSql database options, which is built for low latency.

AWS Cloud formation: Clout formation gives us Infrastructure as code. You can code your templates which will then be used to deploy resources on AWS.

AWS Direct Connect: Direct Connect helps connect your on-premise infrastructure to AWS. You can bypass the internet and directly connect to AWS with help of Vendors that support direct connect.

Amazon Route 53: Route 53 is the DNS service where you can register and manage your domains.

AWS Lambda: AWS lambda provides an option to deploy your code in the form of functions directly on the cloud. You can focus on your code without worrying about the infrastructure on which it will run and scale.

Amazon on SNS: Simple Notification Service (SNS) is a fully managed pub-sub messaging service for distributed or serverless applications.

Amazon Cloud front: A fast, reliable content delivery network. A customer requesting from India will hit the nearest CDN and get the data delivered, hence much faster than accessing from the actual source which may be in the U.S. IT is a lazy loading content system. Therefore, for the first time, it will be getting data from sources but subsequent requests will get locally cached data on CDN.

Amazon Elastic Cache: Fully managed Redis or Memcached-compatible in-memory data store.

AWS Identity and Access Management (IAM): Manage users, group and roles. Users can be created and added as part of the groups. Groups and Users will be given roles through which they access resources. Roles can also be provided to applications and services like AWS Lambda so that they can access other resources directly.

Amazon Inspector: Does an analysis of your resources and provides a report for vulnerabilities and best practices.

AWS Sheild: It is provided out of the box in free and paid versions and help us protect applications from DDOS (Distributed Denial of service) attack.

5 pillars of a good cloud architecture

Amazon recommends understanding 5 pillars of a good cloud architecture –

Azure Load Balancer

A load balancer is a tool that helps us manage traffic coming to a web application. In the simplest form, let’s say the application is deployed on two or more machines, so the role of load balancer here would be to make sure that incoming requests load is evenly distributed on all the machines. Also if one of the servers is down or not responding, the load balancer will be responsible for detecting this failure and redirect the traffic to healthy machines.

To see the load balancer in action, let’s bring up two (or more as per convenience) VM’s in Azure and install the IIS server.

Create a Resource -> Add Virtual Machine -> Choose “Windows Server 2016 Datacenter” image-> Add access for RDP (3089) and HTTP (80) ports.

Make sure both the machines are part of the same Availability Set (or Virtual Scale Set).

RDP to the machines, you will see Server manager (or bring it up)

Choose the option to Add roles and Features, and go ahead and add the IIS server.

Finally, make sure that the windows firewall allows traffic on port 80. Go to “Windows firewall and advanced security options” -> Inbound Rules -> Add New Rule ->Type port ->number 80.

Once the above steps are done, you can access the IIS server default page when you will hit the IP address of these VMs. To distinguish between the two webpages, you can make some modifications to either of them.

Go to C:\inetpub\wwwroot -> update html or image.

The next step is to set up the load balancer. Add a new resource -> Load balancer. First thing you will need to provide backend pool, for which you will choose the availability set in which both the VMs are available (or Virtual Machine Scale Set), next you will need to set up Health probe, as both our VMs are listening on port 80, you can simply set the port 80 for health probe. If the load balancer senses some problem with a machine based on the interval (seconds after which the load balancer ping the health probe) and unhealthy threshold (number of failures occurred after which load balancer treats the node as failure), the load balancer will stop sending traffic to that node.

Finally, you will set up a Load balancing rule, where all you need to provide is an incoming port on which traffic is expected, backend pool and health probe which we had already setup. Once this is set up, you can hit the load balancing URL and see that traffic is directed to the IIS page we set up earlier. If you will refresh the page multiple times you will be able to see traffic is going to both the server randomly. If one of the servers is shut down, the load balancer keeps on working fine with traffic redirected to the second server.

In addition to load balancer rule, one can also set up NAT rules, which are usually used for forwarding traffic on a port to a specific VM. Here is a good reference for that

While we are on the topic of load balancers, it is important to note that there are two other ways in which we can control the traffic in Azure. These are Application Gateway and Traffic Manager. Here is a good comparison of different options for load balancing and which to prefer when

Azure Messaging Services

Another important factor in software development is messaging. With the popularity of Microservices and Serverless applications for scalable design, Message-based communication has received special focus.

Azure does provide us with multiple ways for message-based communication.

Azure Storage Queue: This is a simple form of messaging where one can create a queue under Azure Storage service, send and receive messages from the queue.

Azure Service Bus Queue: If you need more sophisticated queues with more control on data retention, create topics with publisher-subscriber pattern, dead letter queue support etc, Azure Service Bus queue is an option for you.

Azure Storage queue vs Service Bus queue: By this point, it is obvious to ask the question when should one use the Storage queue and when to use the Service queue. Let’s look at some important points to consider

  • Storage queue uses storage infrastructure to provide simple GET/ PUT/ PEEK operations on queues, whereas Storage bus uses proper message-based infrastructure, with that message can be received without constant polling by subscribing to queues and topics.
  • Storage bus provides features like FIFO, duplication detection, “At most once” delivery, etc.
  • Storage queue provides point to point communication whereas service bus can be used for multiple publishers – subscribers design.
  • Service Bus has a limit on queue size as 80GB, which is not there in Storage queue

More Detailed comparison-

Azure Relay Service: If you want to expose a service on your local network to cloud, you can use Azure Relay service without too much of a hassle. This uses socket-based communication and you will need not open a firewall port or get into network-level communications by setting a VPN gateway.


Azure Event Grid: Sometimes we want to message an application or send an alert based on some event happening, for example, your CPU usage for a Virtual machine is more than 80%, you would like to alert the admin or trigger an Azure function to take some action.

Azure Event Hub: Event hub is more relevant for processing larger amount of data like telemetry or streaming data. A good example of Event hub usage is Azure Application insights which showcase important information about applications using telemetry data.

Azure Notifications Hub: Azure Notification hub is a solution that provides you with the functionality of sending messages to mobile applications and devices. You can send push notifications to millions of devices in one go using the notification hub.

Azure Virtual Networks

What is a virtual network?
Often, an application cannot be deployed in isolation on a single machine. There will be multiple servers interacting with each other. There might be multiple backend servers, frontend servers and databases involved. Often it is a requirement that these resources work together for an application to work smoothly. Virtual Network provides a virtual boundary inside which these resources can exist and communicate with each other, at the same time being isolated from the rest of the world.

Creating a Virtual Network

Creating a Virtual Network is pretty straightforward in Azure. You can select Virtual network resource and Add a new one. But while creation you will need to take care of two things – Address space and Subnet.

Address Space is a range of internal IP addresses that can be used for the Virtual Network, hence determines how many resources can be added to the Virtual Network. The address space used is defined in terms of CIDR (Classless Inter-Domain Routing or Supernetting). One needs to be careful while giving address space range specially if we are planning to use multiple Virtual networks that need to connect as we should keep address ranges unique in that case to avoid overlapping.

Subnet is setting up smaller network ranges within a Virtual network. This is particularly useful when you would like to subgroup elements within a network, for example setting up a different subnet for frontend servers and backend servers.

Communicating with on-premise resources

Point to Site
There are times when a user wants to connect to a network, for example, accessing an office network from a personal laptop to access emails. Point to Site Connectivity through a VPN client to VPN Server is the best option in this case.

Site to site
We saw that we used a point to site case when we need to provide a single point to communicate with the VPN. Similarly, whole a particular location or an office needs access to a virtual network we can create a site to Site Connection with Virtual Network Gateway.

Expressroute is a dedicated private connection from the source to the VPN. Microsoft provided a set of locations to which users can connect using a dedicated private line and get onboard to Expressroute.

Communicate among VPNs

There will be cases when resources in one VPN needs to communicate to resources in another VPN on Azure. The best way to achieve this is by using VPN Peering.

“Virtual network peering enables you to seamlessly connect Azure virtual networks. Once peered, the virtual networks appear as one, for connectivity purposes. The traffic between virtual machines in the peered virtual networks is routed through the Microsoft backbone infrastructure, much like traffic is routed between virtual machines in the same virtual network, through private IP addresses only. Azure supports:
VNet peering – connecting VNets within the same Azure region
Global VNet peering – connecting VNets across Azure regions”

Jumpbox Pattern
When accessing and managing Virtual network resources from outside, jumpbox pattern is a common mechanism. Basically one machine in virtual network is designated as jumpbox, this jumpbox is accessible from outside word but no other resources can be accessed. Once the administrator is on jumpbox machine, he will be able to manage other resources through jumpbox in a controlled manner.

Azure Storage

Storage is one of the most important aspects provided by any cloud service provider. At the end of the day, you need a good storage solution for managing your data, code, backups, executables and basically everything. You would need a different type of solutions to manage different types of data, like data which you access frequently vs one which is used once in a month, data which has sensitive information vs the one which all users should be able to access, data which should be stored in a relational database vs the data which should be stored on NoSQL database, the list goes on.

Azure has a solution to all your needs. Let’s take a look at different storage options provided by Azure.

Location: You would like to choose a location nearest to your access point for better performance.

Performance: Standard performance is cheaper and will save your data on magnetic drives whereas Premium storage will save on solid-state drives and is good for data that need high performance.

Account kind: Storage V2 and V1 are general-purpose storage accounts where V2 will give you an option of Cool or Hot Access Tier, which can be selected based on how frequently the data is used. Another Account kind is blog storage, specializes in data storage in blob form.

Locally Redundant Storage – Replicated across different racks in single data storage. This will manage hardware failure.
Zone Redundant Storage – Replicates data in different zones in a region. This makes sure even if a data center is down, you don’t lose the data.
Geo-Redundant Storage – Data is replicated across geographies. GRS replicates your data to another data center in a secondary region, but that data is available to be read-only if Microsoft initiates a failover from the primary to a secondary region.
Read-access geo-redundant storage (RA-GRS): is based on GRS. RA-GRS replicates your data to another data center in a secondary region and also provides you with the option to read from the secondary region. With RA-GRS, you can read from the secondary region regardless of whether Microsoft initiates a failover from the primary to a secondary region.

Now with Azure storage, we can use one of the following services

Blobs: Blobs are Binary Large OBjects. Blob storage also known as Object Storage, is perfect for storing binary and text data. Medial files, images, documents, application installers etc are the best fit for this type of storage. The maximum file size that can be stored is 4.77 TerraBytes. Azure Data Lake storage works on top of Blob Storage.

Files: As the name suggests this type of storage is best when dealing with files. This also gives us SMB 3.0 protocol support which means you can directly be mounted on local or remote machines. File storage can be attached to VMs and accessed.

Tables: The solution should be considered when we need to store data in tabular form.

Queues: We can set up queues for message-based communications. Messages can be published and read from these queues.

Accessing Storage Accounts
Azure provides us two core mechanisms to access objects in storage, one by using the storage access keys, where 2 secured keys are provided and secondly by using a shared access signature which is used for temporary and limited access.

Securing Data
Data at Rest – One can use encryption for securing data at rest. Azure provides transparent data encryption by default (can be turned off) for databases (master database is not encrypted).

Data in transit- Data in transit can be secured by using https and smb 3.0 protocols.

Data in execution- Azure provides TEE or Trusted Execution Environment and Confidential computing with DC series virtual machines.

Scaling Scrum

Scrum is a wonderful framework to manage projects. It is usually talked about in terms of a single project team and how to manage product and sprint backlog for the team. But most of the times, a team will not exist in isolation. It is part of a bigger structure, and mostly the product is being developed by multiple teams who are focusing on different aspects.

Hence, it is important to understand how the Scrum framework should scale to accommodate bigger teams and projects. Here are a few techniques to scale scrum

Scrum of Scrums: This is a very basic practice to manage multiple teams following the Scrum framework. Each team sends a representative to a daily Scrum of Scrums exercise, where each representative will talk about the health of his project. This practice helps everyone to have a bigger picture, manage dependencies, call out blockers and everyone is on the same page as to when and how the next release of the product is taking shape.

Scaled Agile Framework or SAFe: SAFe is an extension of the Scrum framework for managing bigger projects. It introduces the concept of following additional teams and members

    System teams – Dev ops people shared across teams and responsible for deployments- CI and CD are created at project and product level.
    Architecture Teams- Architects that own the design for the overall system and each project team. It is important that everyone in this team understand the overall design and dependencies on other components.
    Product Managers – manages a team of product owners for different teams.
    Release Train Engineers- Scrum masters form the team of Release train engineers and manage the overall release process.

ART or Agile Release Train clubs different aspects which are dependent and can be released together.

Disciplined Agile Delivery or DAD: Disciplined Agile Delivery is the response to the teams which claim to not care about some of the core best practices in the name of Agile. If you have been part of Agile teams, you might have heard people saying that we don’t spend time on design and documentation as we are following Agile. This can cause issues especially with large projects where multiple teams are dependent on each other.

To handle the situation, an induction phase is added at the start of the project. During this phase many important things happen to help scale, like designing the solution, POCs are done, high-level architectures are created and shared across teams, release planning and roadmaps are established. After this, the normal Scrum process is followed.

Understanding the Scrum Framework

We are hearing a lot of noise about Agile project development techniques and more often Scrum-based development these days. Here I will try to answer some of the basic project management questions related to Scrum.

What is Agile?

Agile, if we look at the word only, it means fast. With the competition and fast-paced advancements in technology, it is important for software products to release features as fast as possible to the market.

With that aim in mind, the following core principles were finalized.

Individuals and interactions over processes and tools
Working software over comprehensive documentation
Customer collaboration over contract negotiation
Responding to change over following a plan

What is a project charter?

A project charter is a short document which gives you an outline of the project. It normally has the following details.

Project Objectives – What is the trigger for this project.
Stakeholders- Who all are affected by and involved in this project
Constraints- Dependencies on outside factors.
Risks- Any Risks foreseen for the project and if they have been mitigated or accepted.
Definition of Done – When can the project be considered as done

What are the basic roles in Scrum?

Product Owner- manages and prioritizes the product backlog. Should have complete knowledge of the product. It helps if he also has technical knowledge.

Scrum Master – The job includes facilitating the scrum, organizing meetings, communicating with stakeholders, product owners, and team to make sure everyone is on the same page. Usually, this is not a standalone job. Normally a Project Manager will assume the role of Scrum master who might ave additional responsibility of managing resources and keeps a check on project overall health. At times a business analyst can also take a role of Scrum Master, who has an understanding of business and can take up some responsibility from product owner if the later is not available full time.

Development Team- A typical scrum development team can have following team members
Business Analysts
Technical Writer
Support or DevOps people

How the work is managed in Scrum?

Work is managed in the form of backlogs. There are a product backlog and a sprint backlog, which contains work items in the form of stories.

Product Backlog: The product backlog has all the work related to project. The product owner works with stakeholder to come up with the product backlog, which is then prioritized and mostly all the work is delivered in the form of multiple releases.

Sprint Backlog: A spring is usually a 2-3 week time period. Product owner normally prioritizes work for each sprint, which is then added in form of Sprint backlog.

What is the Scrum process?

The product owner creates product backlog with the help of stakeholders. This usually has all the work which has to be taken up during the course of the project. Work is done and delivered in the form of Sprints. A sprint is usually a 2-3 week time period, in which a small but complete chunk of work is picked up by the team and completed.

The process starts with spring planning where tasks to be delivered for the current sprint are finalized. Daily scrum meetings are conducted where ever team member provides the status of work done. At the end of Scrum, a review and a retrospective meeting take place to showcase the progress and evaluate process improvements respectively.

What is Sprint Planning?

In the sprint planning meeting, the Product backlog is reviewed by the team. The product owner prioritizes the stories to be taken up for the sprint. Team reviews, discusses and refines the stories. Finally, Team commits to a set of stories, which then is treated as sprint backlog.

One should Avoid long discussion on requirements and design in planning meetings. If things are not clear, the story should be dropped and re-reviewed by the product owner or architects / senior devs separately. Ideally, there should be a pre-planning meeting among senior devs, product owners and scrum master to save the time of the team.

Pick stories which make logical sense in delivering an incremental update.

What is Planning Poker?

During the sprint planning meeting, the complexity of all the stories being considered for the sprint is decided. Based on which the final sprint backlog is decided, considering how many stories can be taken up during the sprint. Knowledge from previous sprints is used to understand how much complexity can be handled during the sprint.

Planning poker is a process to involve all team members in evaluating the complexity of a story. A base story with a base complexity, called story point is used for comparison. Every team member gives complexity or story point (normally in Fibonacci series) to each story. Outliers are discussed and the team comes on a consensus for story points.

It helps everyone understand the story and make sure everyone is one same page. Every voice is understand.

What is Daily Scrum?
A daily standup meeting where each team member talks about the following three items

    What was done yesterday?
    What will be done today?
    Any blockers

Advantage of daily scrum meeting is that everyone knows what is happening through the project, and team members can help each other or call out dependencies on other’s work.

Usually, a Kanban board or Scrumban board is used to track stories and tasks. This helps in making sure that only a fixed set of stories will be taken up at a point. There can be 3 or more states for a story or a task i.e. New->In Progress-> Done.

What is the Sprint Review?

At the end of a sprint, the team showcases the progress to the Product Owner and other stakeholders. The progress is shown in the form of a working product or demos. One should make sure that there is representation from all stakeholder parties so that everyone agrees to the product being built.

What is the Sprint Retrospective meeting?

This meeting is among team members at the end of a sprint where everyone is supposed to discuss on following items for the last sprint.
What went well?
What can be improved?
How can we improve it?
A plan is created for improvements and tracked.

What goes into a sprint?
Sprint Backlog

What is the outcome of a sprint?
A Potentially shippable iteration of the product. That means designed, developed, tested, unit tested, integrated, acceptance tested piece of code.

What is a user story?

A user story is usually the smallest yet complete work item which can be delivered in entirety. The story can be further divided into tasks. A story has the following components – Value statement, Assumptions and Acceptance Criteria.

A value statement is normally stated in the form of
As a [Who]
I want to [What]
In order to [Why]
For example, “As an Admin, I want to access the settings page, in order to update language option.

Assumptions are any additional information about the story implementation as if it is dependent on another story or other stories are dependent on this, how these will affect each other.
For example, “Assuming external service is ready or takes {set of input} params.”

Acceptance Criteria is testing criteria of the story. This also covers any nonfunctional requirements like performance or security needs. Acceptance Criteria removes ambiguity and provides the sort of a checklist for completion of the story.

In addition, a story will also be associated with Definition of Done, which is defined at the product level. This can include –
Reviews by stakeholders
Design and compliance reviews

Tripple cost constraint

The age-old knowledge we have that when building a product, you can choose two of the three – Cheap, Good and Fast.

So if you need something to built with good quality and fast speed, it won’t come cheap.

In terms of a software project, these constraints take the form of –


Quite often, a project manager is caught in the dilemma of controlling these aspects of the project. Striking a good balance among three is often difficult.

Let’s take a look at some of the practices we can use to manage these three aspects.


In a traditional project management approach, you would use Work breakdown structure (WBS), to define feature components which we need to develop. If a change comes in at a later point of time, that has to go through a Change Control Board (CCB), which will analyze the impact and approve if required.

In a lean project management approach, the scope is controlled in the form of tickets and requests.

In the more popular agile project management approach, we control scope in terms of the product backlog and sprint backlog.


To manage the schedule in a traditional waterfall approach, techniques like Program Evaluation and Review Technique (PERT) and Critical Path Method (CPM) are used

In the Lean project management approach, Kanban & Queues are used to manage the work. The work is managed in a list and executed based on priority. Service Agreements sets the priority of work by defining what is critical, major, or minor.

In an Agile project management approach, a Sprint based model is popular to manage scope, where releases and roadmaps are used to set goals for major features to be released together.


In the traditional project management approach, we use Earned Value Management (EVM) approach which compares current performance Earned Value (EV) to the Planned Value (PV) and evaluate it over Actual Cost (AC) which is the cost so far to complete the work

In the Lean project management approach, we control KPIs or Key performance indicators to showcase the outcome of the work done.

In Agile project management, we measure Return on Investment or ROI, and Burndown charts to measure performance.

Cloud Computing – an Introduction

When I started my career, analyzing and finalizing hardware needs for deployments was a major task and had to be taken up months before actual production deployments. Hardware was costly. Though we had providers which would provide machine virtually, you would need to decide the requirements beforehand as once you procured a machine, you had to pay at least a month’s rent. And if you decide to upgrade or downgrade the server machine, it was a painful manual task.

Just imagine what a nightmare it would have been to scale up during a surge in requests. You had to foresee it, plan for it, arrange hardware for it (monthly rents).

With the cloud, things have changed for the better. You have a pay as you go model, so you actually pay for the usage of hardware only. With autoscaling features inbuilt into the cloud infrastructure, it is easy to increase or decrease compute power without any human intervention. Setting up databases and scaling them is another area which the cloud takes care for us. Most of the cloud service providers support both relational and NoSQL databases in an easy to use manner.

Security, access management, monitoring, encryption, and storage are some of the other services which are provided by cloud services providers of the shelf. Another popular set of services off-late is serverless compute. This means one can write code directly which can be run as functions on the cloud, without worrying about the deployment details completely. Cloud provider is responsible for scaling and maintaining such functions. This is in sync with the microservice approach where each function can behave as an independent microservice.

With one’s mind taken away from hardware details, it is easier for software engineers to focus on building quality products. But it is important that we design our products in a manner which are capable of taking advantage of cloud services. For example, it will be easier for a microservices-based application to autoscale in a cloud than a monolith application. A stateless service is easier to be deployed and scaled on cloud than stateful service. One still needs to take care of the fact which services are exposed on the internet and which should be exposed only to internal service. With the ease of deployment, it might be easier to mess up a running service, so proper automated and manual checks are required to be implemented.

Cloud, though makes things easier, but one needs to be cautious of using its capabilities and designing the system in a manner to make maximum use of services being provided