Environment Topography Management and Control

 

image

This diagram (above) is one which I drew earlier in the week when explaining access control, reliability, trust and environment sanitation.

At the time I thought it’s something I ought to blog about, so here is the blog post.  I’ve always viewed IT&T systems as a triangle.  At the very top is the production environment.  In this diagram you will see it is at the very top, and it isn’t very wide.  This means that few people have access, it’s highly trusted (the trust level drops as the triangle widens) and impact is measurably higher if things break.

Staging should be treated as Production’s close relative.  Staging is the equivalent of production, but for testing and verification of changes before eventual deployment into production.  Changes should never bypass staging.  Staging might be several different environments, and often is managed by a QA team or release manager.

The build environment is arguably almost more important than production.  It’s goal is to compile products/solutions/projects and sign and package.  Occasionally this tier will deploy into staging automatically.  The build environment *must be clean*.  Access should be very limited due to the sensitivity of the work which is produced.

Ad-hoc and VM environments usually sit just outside the sphere of a development environment and are candidates for integration testing and special releases.  There’s usually merit in keeping this area under wraps, but it is very loosely policed normally, and caters for the more ‘agile’ of requests. 

Lastly, development – is the least trusted, but has the most economical access requirements and virtually no policing.  Development is for developers to hone their craft and produce the goods.  The tiers on top of Development are designed to validate what is produced.

This triangle doesn’t take into account the physical breadth of resources (production is likely to have better machines and potentially more of them in a web farm) or disaster recovery, or even attack vectors.  It’s just a simple diagram showing the trust and access distribution which a good environment should have.

Leave a comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.