Code Management in the Cloud

As a follow-up to our initial Dev in the Cloud series installment on continuous integration, today we’ll explore Code Management (CM) and the cloud’s impact on this core tenant of agile development. After briefly explaining CM fundamentals and relationship with agile development, we’ll identify the primary benefits and concerns associated with migrating CM to the cloud. We’ll also highlight the marketplace for the growing number of cloud CM products including recommendations for those evaluating cloud CM.

What is Code Management?Code Management in the Cloud

For the purposes of this article, code management refers to the tools and practices related to tracking changes to files. Sometimes referred to as source control or version control, today CM tools and practices are an essential part of any agile development team. As Martin Fowler states, “Version tools are not just important for maintaining a history of a project, they are also the foundation for a team to collaborate.

Given the importance of collaboration in agile, it’s no surprise the direct effect CM has on team productivity, quality and morale. Teams use CM daily to commit their changes to the repository and synchronize changes from others into their local work environment. The larger the team and codebase, the bigger of a challenge this becomes to do without conflicts.

In agile development, not just application source code is put under CM, but also configuration files, build scripts, database scripts, automated tests and documentation. For companies moving towards continuous delivery, files used by DevOps for automating the creation of new environments and their related validation tests should also be managed under CM. The rule of thumb is that any file needed to build, test, deploy and run an application should be managed by CM.

Historically agile teams must procure hardware then install, configure and manage their own source control server(s). This typically isn’t so bad for small teams, but as teams grow maintenance costs of hardware and software increase. If the physical servers hosting the source control go down for any period of time, teams are severely impacted until a new one is available and restored from the backup version control database. You did remember to backup your database nightly, didn’t you? If not, a lot more than lost productivity is at stake.

The other major trend in code management has been the move away from centralized models such as Subversion, Perforce, TFS and others that have been prevalent for decades to distributed models such as Git and Mercurial. When evaluating code management solutions, central vs. distributed is one of the first things organizations typically decide. Luckily most cloud-based CM products support both models.

Benefits of Code Management in the Cloud

With the migration of agile development tools to the cloud, CM is a natural first step for many organizations. The primary benefits for managing code in the cloud as opposed to on locally hosted servers include:

Simple Setup and Use

Cloud-based code management solutions typically have a web-based, three step process for getting started: 1) signup for an account 2) upload your code and 3) invite others to join. Within minutes you can have a robust version control solution deployed for anyone you care to invite. In addition, the solution is integrated with third party tools that are ready to use without additional installation and configuration.

Integrated Collaboration Tools

As Martin Fowler says, code management solutions are the foundations for teams to collaborate. Most clould-based code management vendors understand this and include an integrated set of tools for helping teams collaborate over using web or mobile devices. Features typically bundled with code management include wikis, code visualization, issue tracking and project management tools.

Integrated Issue Tracking and Project Management Tools

Fixing bugs and other issues typically involves changing code so it’s natural that CM solutions have issue tracking integrated with their solutions. Many vendors go further integrating task and project management capabilities into their solutions. Now developer commit messages can be linked directly with resolving issues or completing tasks.

Elastic Code Repositories

Agile teams work in quick iterations committing code often. As these teams grow, so do the number and frequency of their commits. Increased commits in turn increase the number of continuous integration builds. All of these things require more virtualized CM resources.With cloud solutions, these can be easily provisioned as your team grows and reduced if your team scales down without investment in new hardware and software.

Transparency

Web and mobile interfaces for cloud-based solutions ensure anyone on the project can quickly see all revisions of a file’s history including who changed which parts of each file, when and why (aka the commit message). This transparency helps with everything from code reviews to knowledge transfer and root cause analysis.

Availability

Popular cloud-based CM products are built on IaaS solutions such as Amazon EC2. Others are integrated components of larger PaaS products, such as how Git is integrated into Heroku or TFS is integrated into Azure.

While cloud availability isn’t perfect, in general it’s much better than you can typically get deploying your own hardware and software. Organizations wanting geographically replicated code repositories should inquire with vendors during their evaluation process. This offers considerable advantages for mitigating against single-region outages and sharing code effectively with disburse teams around the world.

Reliability

Some of the higher end solutions include disaster recovery features such as a automated daily backups. These ensure one of your organization’s most critical assets – custom-developed code – is backed up regularly. In the event your code database gets corrupted, the ability to easily restore from a recent backup could be invaluable.

Integration with PaaS Solutions

Many CM solutions are SaaS models that offer stand-alone code repositories via a web interface. Emerging PaaS solutions include CM is one of the integrated components. Most vendors allow their customers to choose whether to host their repository in the PaaS solution or connect to a SaaS CM product hosted elsewhere.

Concerns about Code Management in the Cloud

These benefits don’t come without some concerns, primarily related to having a third-party vendor host an organization’s most sensitive company data elsewhere. These concerns are grounded and must be addressed as organizations migrate to the cloud.

Data Security

From a security perspective, uploading your organization’s proprietary assets to someone else’s platform is inherently not secure. Natural questions include: Who else can access my code? Is the code management’s virtual and physical environment secure? How can I verify this?

Data security for an open-source tool doesn’t have the same requirements as a company’s flagship product, so each must be evaluated on their own merits. From a security perspective, fellow analyst Edward Haletky recommends that code be digitally signed as code is uploaded into the cloud to ensure the integrity of the code does not change through malfeasance or accident. Furthermore, some form of automated code review should be performed as code is put into the code management system as well as retrieved, looking for the most common security issues. Complex security issues will require manual code reviews however. In addition, during the build of any project, it is also recommended that a vulnerability test be automatically performed as a part of any such build. In his Defense in Depth: Intelligence Gathering post, Edward mentions resources for the most common vulnerabilities to address either via automated security code reviews or automated vulnerability testing.

In short, protect your data as it enters the code management system with integrity checks (digital signatures), ensure your code has been checked for common security issues, and vulnerability check your code after build.

Availability and Reliability

Accessing your code hosted in a vendor’s cloud solution requires their servers to be available and reliable. Since many are built on public IaaS solutions such as Amazon EC2 they are generally available, but this is no guarantee. Like most SaaS vendors, code management solutions typically have regularly scheduled maintenance windows where your code might not be available. Most vendors also publish their current availability and any known issues for customers and prospective customers to view.

Legal

Although laws are typically slow to catch up with the fast pace of technology, legal requirements may be of concern for your organization? Typically questions include: Where exactly is our code physically hosted? What happens to our code if the company goes out of business? What is the vendor’s responsibility if their security is breached?

Although contractual SLA’s for availability are still rare for cloud-based CM solutions, we do expect in the future these will become more common as large enterprises migrate their CM to the cloud.

Marketplace

Based on the benefits listed above, demand is growing for cloud-based CM solutions. Most vendors have products deployed in either a SaaS or PaaS model.

In general the SaaS products are easy-to use, web-based platforms built around popular code repositories. They all offer issue and project management in addition to collaboration tools to make them them the cloud-based “foundation for team collaboration”. They primarily differ in the repositories provided, depth of collaboration features, available third-party integration and pricing models.

The leading vendors of SaaS code management products include:

Vendor Product Strengths
AbleBots, LLC Code Spaces
Provides Git and Subversion repositories
Integrated issue tracking and agile project management
Collaboration with web portals, analytics and reporting
Automated backups
Assembla Assembla Provides Git, Subversion, Perforce and Mercurial repositories
Integrated issue tracking and project management
Collaboration with wikis, message boards and email
Atlassian bitBucket Provides Git and Mercurial repositories
Integrated issue tracking. Connects to JIRA and Bamboo.
Collaboration with wikis
Private enterprise version available with Stash
DynamSoft TFS Hosted Provides TFS repository
Integrated issue tracking and build management
Tight Microsoft alignment including VSS migration
Collaboration with SharePoint
Geeknet, LLC SourceForge.net Provides Git, Subversion, Mercurial, Bazaar and CVS repositories
Integrated issue tracking
Collaboration with wikis, forums and email
Ratings and Reviews
Only for Open Source Projects
GitHub GitHub Provides Git repository
Integrated issue tracking. Connects with many third-party tools.
Collaboration with wikis and code discussions
Private enterprise version available with GitHub Enterprise
Google GoogleCode Provides Git, Subversion and Mercurial repositories
Integrated issue tracking
Collaboration with wikis
Only for Open Source Projects
Unfuddle, LLC Unfuddle Provides Git and Subversion repositories
Integrated issue tracking and project management
Collaboration with wikis and message boards and email

For PaaS products, CM is one piece of their overall solution. PaaS vendors provide customers the ability to either host their code directly in their solution or to integrate with a SaaS-based product. Some PaaS vendors offers customers both options. Leading PaaS vendors with code management include HerokuEngine YardWindows AzureGoogle App EngineForce.comCloudFoundryCloudForgeAppFog and Cloudbees.

Recommendations

For those teams wanting a simple CM solution that can plug into their existing environment, a SaaS product is right for you. It is a low-risk investment that provides immediate benefits for the team and organization while not requiring major changes in your application and deployment architecture.

Teams evaluating PaaS products should include CM in their list of evaluation requirements. In all likelihood, the CM capabilities of the PaaS will meet your needs. However, having the option to integrate with a leading SaaS product can provide insurance in case your needs change. In this case, your cloud migration can start with a SaaS CM solution now and evolve to a PaaS solution later when the time is right without requiring major changes.

Author’s Note: Did I miss your favorite cloud-based code management product? If so, please let me know by adding a comment below.

Ryan Shriver (9 Posts)

Ryan Shriver is a Managing Consultant with Dominion Digital, an award-winning process and technology-consulting firm. Based in Richmond, VA he leads their Innovative Products solution that helps people deliver the right products at the right time, quickly with high quality. With services related to experience, value, speed and quality, he helps clients holistically focus on improving their customer's experience. Working with Internet technologies since 1995 and practicing Agile since 2001, Ryan has deep experience in systems architecture and large-scale agile product development. He's presented internationally on topics including Scaling Agile, Measurable Business Value and Agile Engineering. He's founder and program chair of Innovate Virginia and posts is thoughts, articles and conference presentations to the agile engineer.

Connect with Ryan Shriver:

Tags: , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

Please Share

Featured Solutions