Using a modern Platform as a Service to minimize operational costs until economies of scale make sense to do in-house DevOps.
An app’s environment includes everything that is likely to vary between deploys (staging, production, developer configurations, etc). We recommend keeping development, staging, and production as similar as possible to reduce gaps for continuous deployment.
Heroku is Vaporware’s recommended server-side PaaS provider that has pipelines to handle these multiple environments seamlessly with command line tools. For Single Page Applications, we recommend Netlify as a hosting provider as they provide many of the same benefits as Heroku.
Better yet, “Pull Request Environments” are hosted and live versions of the product that can be created on every pull request. While initial configuration of this can be tricky, the values of disposable “staging” environments are numerous.
12Factor Apps as Default
Any modern SaaS platform should default to 12Factor settings. While we’ve discussed some of these already, most of the operational steps can be easily provided by choosing the right PaaS provider instead of reinventing them on your own. Heroku handles all of these additional settings and configurations like environment configs, backing resources, stateless processes, port binding, concurrency, and logging. You can read all about these standards and their benefits at 12factor.net.
Data Backups & Backup Validation
Most providers today offer backups at several levels. We require all clients to run database-level backups of all production environments on a daily, monthly, and quarterly basis. Daily backups can roll-off at a monthly or higher basis. Our PaaS recommendation covers these backup schedules and provides simple validation channels to make sure backups are usable.
Vaporware is well-trained in secure software development best-practices, including common SQL Injection and XSS techniques. To protect from botnet and DDoS attacks, we recommend using Cloudflare or other CDNs and carefully separating concerns of static and dynamic assets to be cost-effective and secure.
Heroku Shield is a set of Heroku platform services that offer additional security features needed for building high compliance applications. Vaporware uses Heroku Shield to build HIPAA or PCI compliant apps for regulated industries, such as healthcare, life sciences, or financial services. Most applications that process credit cards do not need to be PCI compliant, as they should never see credit card data.
Cutting Edge Architectures
Netlify also wraps AWS Lambda in modern serverless development tools for an easy to learn developer experience. There are even new languages, like GatsbyJS and RedwoodJS, being developed on top of these paradigms. Unless your team is encouraged by new technologies and experimentation, we do not recommend these technologies.