Enterprise Mobile app Architecture Specifics

Enterprise Mobile App Design Considerations:

Designing an enterprise mobile app architecture involves several key considerations. Here are the specifics of an end-to-end architecture with key points to keep in mind:

1. User Interface (UI):

   - User-Centered Design: 

Prioritize a user-friendly and intuitive interface to ensure user adoption and satisfaction.

   - Responsive Design:

Ensure the app works well on various device sizes and orientations.

2. Client-Side Components:

   - Mobile App Framework:

Choose a suitable framework or native development for the client-side.

   - Security:

Implement encryption, authentication, and secure data storage.

3. Backend Services:

   - Server Architecture: 

Decide between monolithic or microservices architecture based on scalability needs.

   - API Design: 

Develop well-documented RESTful APIs or GraphQL to facilitate communication with the app.

   - Authentication and Authorization:

 Implement robust user authentication and authorization mechanisms.

   - Data Storage:

Choose a database solution that aligns with your data requirements (SQL, NoSQL, or hybrid).

   - Caching:

Implement caching mechanisms to improve performance.

   - Scalability:

Design for scalability to handle increased loads as the user base grows.

4. Data Synchronization:

   - Ensure seamless synchronization between the mobile app and the server, even in offline mode.

   - Use data synchronization patterns like RESTful APIs, GraphQL, or WebSockets.

5. Security:

   - Implement strong security practices, including data encryption, secure APIs, and user authentication.

   - Regularly update the app to patch security vulnerabilities.

6. Quality Assurance (QA):

   - Develop a comprehensive testing strategy, including unit testing, integration testing, and usability testing.

   - Automate testing wherever possible to ensure consistency and reliability.

7. Deployment and Distribution:

   - Choose a deployment strategy (app stores, MDM solutions, or enterprise distribution) that suits your organization's needs.

   - Implement version control and continuous integration for streamlined updates.

8. Monitoring and Analytics:

   - Use tools for real-time monitoring to track app performance and user behavior.

   - Utilize analytics to gather insights and make data-driven improvements.

9. Updates and Maintenance:

   - Regularly release updates to improve functionality, security, and stability.

   - Provide customer support and a feedback mechanism for users.

10. Compliance and Regulations:

    - Ensure compliance with relevant data privacy regulations (e.g., GDPR, HIPAA) and industry-specific standards.

11. Cost Management:

    - Monitor and manage cloud service costs, as they can add up quickly.

12. Documentation:

    - Maintain comprehensive documentation for code, APIs, and architectural decisions.

13. Performance Optimization:

    - Continuously optimize app performance to reduce load times and enhance user experience.

14. User Support and Training:

    - Provide resources and training for users to effectively use the app.

15. Backup and Recovery:

    - Implement backup and recovery strategies for data and configurations.

16. Feedback Loops:

    - Establish mechanisms for gathering feedback from users and stakeholders to drive ongoing improvements.

17. Scalability and Growth:

    - Plan for future scalability and growth, considering the potential increase in users and data volume.

18. Comprehensive Testing:

    - Implement robust testing, including functional, security, and performance testing to identify and address issues.

19. Compliance and Security:

    - Ensure that the app complies with relevant regulations and security standards to protect sensitive data.

20. User Training and Support:

    - Offer user training and support channels to assist with onboarding and addressing user issues.

Remember that the specifics of your enterprise mobile app architecture may vary depending on your organization's unique requirements and constraints. Regularly review and adapt your architecture to meet evolving needs and technologies.

Business and Functional Skills

1) Business Skills:

Business skills in Information Technology (IT) refer to the competencies and knowledge required to effectively manage and operate IT-related activities within an organization. These skills may include project management, budgeting, strategic planning, and the ability to align IT solutions with the organization's goals and objectives.

Project Management: 

The ability to plan, execute, and oversee IT projects, ensuring they are completed on time and within budget.

Strategic Planning: 

Understanding how IT aligns with an organization's overall business strategy and goals.

Communication:

Effectively communicating technical information to non-technical stakeholders and clients.

Budgeting and Cost Management:

Managing IT budgets, controlling expenses, and making cost-effective technology decisions.

Vendor Management: 

The skill to negotiate and manage relationships with IT vendors and service providers.

Risk Management: 

Identifying and mitigating potential IT security and operational risks.

Legal and Compliance Knowledge:

Understanding data protection laws, regulations, and compliance requirements relevant to IT.

2) Functional Skills:

Functional skills in IT pertain to the technical abilities and expertise needed to perform specific tasks and functions within the IT field. These skills encompass areas such as programming, database management, network administration, cybersecurity, and software development. Functional IT skills are essential for executing the day-to-day technical operations in IT roles.

Programming and Coding: 

Proficiency in programming languages such as Java, Python, C++, etc.

Network Administration: 

Configuring and managing network infrastructure, routers, and switches.

Database Management: 

Expertise in designing, maintaining, and optimizing databases (e.g., SQL, NoSQL).

Cybersecurity: 

Knowledge of security protocols, encryption, and threat detection to protect data and systems.

System Administration: 

Managing and maintaining operating systems (e.g., Windows, Linux).

Cloud Computing: 

Skills in working with cloud platforms like AWS, Azure, or Google Cloud.

Web Development: 

Building and maintaining websites and web applications using technologies like HTML, CSS, and JavaScript.

DevOps Lead Interview Discussion Points between Human and ChatGPT

DevOps Lead Interview Questions (by human) and Responses Provided by ChatGPT. 

Human (prompt in http://chat.openai.com):

I want you to answer in a brief manner like an DevOps Lead with 10+ years of experience for below set of 7 interview questions.  Quote the question first, then answer for that question and also quote reference link from web for further reference per answer.

[1] How do you address/analyse the root cause of Out of Memory issues with  a Java based application?

2] Application load balancer Vs API Gateway - Explain the purpose of it and why we need both , can't we manage with one.?

[3] How to automate the collection of stack trace output in the event of application process crash or overload  ?

[4] What are the factors to consider when choosing between a Monolithic Vs Microservice application Architecture. Do we  really need go with microservices,  given it's complexity and additional cost involved?

[5] What are the tools for performing Static Code Analysis for improving code quality?

[6] What are the overhead/complications with managing containers?

[7] Consider there is a production release in 1-2 days and assuming developers usually commit their code at the last moment, how do you design a CI/CD pipeline for an environment with 100+ PRs in parallel from Developers for multiple features and ensure all the features are committed  and delivered to customer?

ChatGPT: 

Certainly, I can provide detailed responses to each of these DevOps interview questions.

[1] How do you address/analyse the root cause of Out of Memory issues with a Java-based application?

Identifying and addressing Out of Memory issues in a Java-based application involves several steps:

1. Monitoring and Alerts: Set up monitoring tools like Prometheus, Grafana, or APM solutions (e.g., New Relic, AppDynamics) to track JVM memory usage and trigger alerts when memory thresholds are exceeded.

2. Heap Dump Analysis: When an Out of Memory error occurs, generate a heap dump using tools like `jmap` or `-XX:+HeapDumpOnOutOfMemoryError` JVM option. Analyze the heap dump with tools like Eclipse MAT (Memory Analyzer Tool) to find memory leaks and memory-hungry objects.

3. Thread Dump Analysis: Concurrent issues can also cause memory problems. Capture and analyze thread dumps using tools like `jstack` to identify blocked or deadlocked threads.

4. Code Review: Review the application code for memory-efficient practices such as proper object lifecycle management, avoiding memory leaks, and optimizing data structures.

5. Tuning JVM Parameters: Adjust JVM parameters (heap size, garbage collection strategy) based on the application's memory requirements.

6. Profiling: Use profiling tools like YourKit or VisualVM to identify memory-hungry methods or classes.

[2] Application load balancer Vs API Gateway - Explain the purpose of it and why we need both, can't we manage with one?

- Load Balancer: Load balancers distribute incoming traffic across multiple application instances or servers, ensuring high availability and scalability. They operate at the transport layer (L4) and are typically used for routing TCP/UDP traffic.

- API Gateway: API Gateways operate at the application layer (L7) and are designed for managing API traffic, including authentication, authorization, request/response transformation, and rate limiting.

While some tasks overlap, they serve different purposes. You might need both because:

- Load balancers handle basic traffic distribution and failover, but lack API-specific features.

- API Gateways provide advanced API management features, including security and request/response modification, but don't manage raw network traffic or server health.

Using both ensures a robust architecture that balances network-level needs with API-specific requirements.

[3] How to automate the collection of stack trace output in the event of application process crash or overload?

Automating stack trace collection in the event of a crash or overload can be achieved with tools like:

- Process Monitors: Use tools like systemd (on Linux) or Windows Service Manager (on Windows) to monitor your application processes. Configure them to restart the process upon failure and collect error logs.

- Crash Dumps: Configure your application to generate crash dumps upon failure. Tools like `coredumpctl` (Linux) or Windows Error Reporting (WER) can collect these dumps.

- Log Aggregation: Send logs to centralized logging systems like ELK Stack, Splunk, or Graylog. Create alerts for specific log patterns indicating crashes or overloads.

- Application Performance Monitoring (APM): APM tools like New Relic or AppDynamics can automatically capture stack traces during performance anomalies.

Implementing a combination of these approaches ensures automated stack trace collection in critical scenarios.

[4] What are the factors to consider when choosing between a Monolithic Vs Microservice application Architecture? Do we really need to go with microservices, given its complexity and additional cost involved?

Choosing between Monolithic and Microservices architecture depends on factors like scalability, complexity, and team size:

- Monolithic: Simplicity, easier development, and deployment for small teams or simple applications. It can be cost-effective initially.

- Microservices: Scalability, agility, and the ability to use different technologies for each service. Suitable for complex, rapidly evolving projects but can be costlier to manage.

Consider factors like project size, team expertise, scalability requirements, and long-term maintenance costs. Microservices are beneficial for large, complex systems with high scalability demands but can introduce complexity that smaller projects might not need.

[5] What are the tools for performing Static Code Analysis for improving code quality?

There are several tools for Static Code Analysis:

- SonarQube: A comprehensive platform for code quality and security analysis.

- Checkmarx: Specializes in application security testing (SAST).

- PMD: Focuses on code style and potential issues.

- ESLint (JavaScript/TypeScript): Lints and finds code quality issues.

- FindBugs (Java): Identifies bugs in Java code.

- RuboCop (Ruby): A Ruby static code analyzer and formatter.

- Pylint (Python): A Python static code analysis tool.

- TSLint (TypeScript): Linter for TypeScript code.

Choosing the right tool depends on your programming language and specific code quality requirements.

[6] What are the overhead/complications with managing containers?

Managing containers introduces challenges:

- Complexity: Orchestrating containers with tools like Kubernetes can be complex.

- Resource Overhead: Containers consume system resources for orchestration and isolation.

- Security: Ensuring container security (e.g., image vulnerabilities, runtime security) is critical.

- Networking: Configuring container networking and service discovery can be complex.

Mitigate these challenges with proper planning, automation, and monitoring.

[7] Consider there is a production release in 1-2 days and assuming developers usually commit their code at the last moment, how do you design a CI/CD pipeline for an environment with 100+ PRs in parallel from Developers for multiple features and ensure all the features are committed and delivered to the customer?

Designing a robust CI/CD pipeline for such a scenario involves:

- Parallel Testing: Implement parallel test execution to speed up testing of multiple PRs concurrently.

- Automated Regression Tests: Ensure a comprehensive suite of automated regression tests.

- Feature Flags: Use feature flags to enable/disable specific features, allowing you to release them independently.

- Code Freeze: Implement a code freeze period before the release to stabilize the codebase.

- Rolling Deployments: Use blue-green or canary deployments to minimize downtime during the release.

- Monitoring and Rollback: Implement real-time monitoring and automated rollback mechanisms in case of issues.

By combining these strategies, you can manage a high volume of PRs and ensure a smooth production release.

Cyber security Theory

 OSI Layers - Open Systems Interconnection Reference Model

1. Application  - Provides application connection HTTP, FTP, SMTP, SNMP etc., 
2. Presentation - Data formatting  and encryption takes place - known as syntax layer - ASCII encoded to EBCDIC Or vice-versa
3. Session
4. Transport -  connects low level communication hardware in level 1 through 3 with higher level software in levels 5 through 7 - TCP, UDP - Communicates in segments
5. Network - Sends and receives in Packets (Chunk of data) 
6. Datalink

Sends and receives frames (a sequence of 64 to 1518 bytes). Two sub-layers:-  

1. MAC - Media Access Control

2. LLC - Logical link Control (Used by network switches)

    7. Physical - Data transmitted in bits. Cable and radio spectrum

Hint:-  Please Do Not Tell Sales People Anything to remember OSI layers

Network topology

1) Bus - No central device - only T connector 

2) Ring - No central device - only T connector 

3) Star - Central device connects each device

4) Mesh - Every device connects to each other

5) Wireless Mesh

Hybrid Topology

2 or more network topology

Point to point communication

Point to multi-point

CIA - Confidentiality Integrity Availability

Risk Identification

Risk Assessment

Quantitative Risk Analysis Vs Qualitative Risk Analysis

Asset Value

Exposure Factor

Single Loss Expectancy = Asset Value (AV) x Exposure Factor (EF)

Annualized Rate Of Occurrence

ALE = SLE x ARO

CVSS (Common Vulnerability Scoring System) Calculator

https://first.org

Risk Response (Take Decision) - Evaluating Counter measures - Provide a proposal - Adjusting the finding 

Risk Treatment - Avoid (You can do but are not doing - Ignore) / Accept (You cannot do anything - Accept the existence of vulnerability and move on) / Mitigate (Fix the vulnerability) / Transfer (Risk to the supplier, eg: Cloud Provider to take care)

Goal of Risk Management - Minimise the risk in the org and maintain the same

Residual Risk - Risk which remains after counter-measures (Never Eliminated but lesser in-nature)

Risk Monitor - Contiuous monitoring of the risk - Qualsys , Nessus

Key Performance Indicator (KPI) - How well a process is progressing towards a intends goal

Key Risk Indicator (KRI) - Metrics , which defines risk threshold of an organisation - how many denial of service (DoS) - How many acceptable and not acceptable - eg:- Quantity of unauthorized software , no-antivirus

KPI and KRI are SMART metrics

KPI - underperforming KRI - Early Warning

SMART - Specific Measurable  Attainable Relevant Time-Bound 

Security Controls: - Policies to protect CIA of the asset - Administrative Controls - no impact to work , security training - Technical Controls - Firewall in-place , Physical Controls - CCTV 

Control Types - Detective (sensor) , Preventive (lock) , Deterrant (violating company policies) , Corrective , Recovery Control (Backup) , Compensating (Alternative - Intent , similar level of defense)

Control Selection - High Security in Jewellery Shop , Bank. College - Normal Security

Risk Management Frameworks: NIST , CIA

NIST - National Institute Of Science and Technology (United States Federal Govt) 

1. Prepare
2. Categorize
3. Select
4. Implement
5. Assess
6. Authorize
7. Monitor

NICE - National Initiative for Cybersecurity Education

1. Identify
2. Protect
3. Detect Respond 
4. Recover

    

Overview of Web Development - React.js and Node.js

Creating vital system data for display over web

Learn a front-end / back-end programming eg:- React.js (Front-end) and Node.js (Back-end)

Concepts of React.js / Node.js

• Pre-requsites:
• node.js  - server component to compile javascript
• visual studio code - IDE
  
• bind - Connecting Java script with HTML
• npm - modules required to run the react application
• react - major module
• react-dom/client  - useful in rendering the application
• react-scripts - running , building , test application
• ECMA - A programming language adopted by the European Computer Manufacturer's Association as a standard for performing computations in Web applications
  
• ES5 
  
•  Arrow Function

function App (){
return <h1> React training </h1>
}

• ES6 
• Arrow Function

const App (){
return <h1> React training </h1>
}

• code:
• import REACT from 'react';
• JSX - End goal of any component (REACT) is, it has to return something.
• All your application are wrapped in DOM mode
• render will create bind 
  
• react.strictmode  - suggestion / practices
• 3 types of components in React:
1. Class components
• logical components
• used for calling APIs
• can maintain state
• Class component will call API --> API will return data --> To the functional component --> Functional Component will render (or) display the data
  
2. Functional components
• dumb components
• used for display purpose
• (Also started to make API calls)
• Directly returns JSX
  
3. Hooks components 

 

 

 

 

SCRUM - User Stories

Definition:

• A user story describes the desired functionality  from the user (customer) perspective.
• A good user story also describes who wants it , and how and why the functionality will be used.
• A larger user story is sometimes called an epic.
• A set of related user stories combined and treated as single entity for estimating or release planning is called a theme.

Evaluating user stories:

Independent:

• Can the user story be built without requiring other stories before we can see and test functionality.?

Negotiable:

• Can specific details of story be resolved through conversation so we can maximize the benefit while minimizing development costs.

Valuable:

• Does the story add value to the software for either or both the user and business.

Estimable:

• Do we know enough about the story to estimate the time to construct the software.?

Small:

• Is the story as small as it can be but still valuable.?

Testable:

• Can others easily verify that the story is complete.? 

Scrum - Roles and Responsibilities

Scrum - An Intro:

• Scrum is an agile process which is used for managing complex projects; where it is difficult to predict everything that occur.
• It Offers a framework and set of practices that keep everything visible. 
• Keep the art of possible in mind.
• Focus on what can be done rather than be frustrated by what can't be done.

Scrum Roles:

The Product Owner:

• The person responsible for managing the product backlog as to maximize the value of the project.
• The product owner represents all stakeholders in the project.

The Scrum Master:

• The person responsible for the scrum process, its correct implementation and the maximization of the benefits.
• Provide leadership guidance and coaching to the team.
• Heads the scrum project.

The Scrum Team:

• A cross functional group of people that is responsible for managing itself to develop software every sprint.

Product Owner Responsibility:

• Product owner is responsible for prioritizing the product backlog in such a way that maximizes the RoI for the organization.
• Redefines and Reprioritize the product backlog as per the needs from sprint to sprint.
• Participates in sprint planning and sprint review meetings and provides support to team as required.
• Product owner is responsible for participating in the estimation meeting to provide answers and clarifications for the stories.

Scrum Team Responsibility:

• Cross functional:

Developers, Testers, UI Designers , Business Analysts, Technical Writers etc.,

• Self-Managing and Self Organizing
• Selects work for each sprint.
• Everyone commits to all the task necessary during the sprint.
• Teams have a velocity.