Hey everyone! I'm currently an intern in cybersecurity, but so far, most of my tasks have been pretty hands-off and non-critical. Instead of just waiting around, I reached out to the software development team to see where I could jump in and help out. My initial thought was to automate some security checks, but they suggested that before I dive into that, I should help them out by automating their deployment process first. They explained that it would make a significant difference to their workflow.
Right now, their deployment process involves several manual steps that take around 15 minutes each day, like connecting through RDP, zipping the current version for backup, and deploying the new build on IIS. They think even a basic CI/CD pipeline could really speed things up. I'm getting access to Azure DevOps for a lower-stakes project, so I'm planning to set up a pipeline that builds the project, backs up the old version, and deploys the new one. Eventually, I'd like to introduce security checks like SAST and dependency scanning once the deployments are stable.
I have a few questions: Is my plan reasonable for someone new to DevOps? Is Web Deploy the best option for a Windows/IIS setup? And is there a straightforward way to implement testing and approval before production deployment in Azure DevOps? Any advice for transitioning from a security background into automation would really help out. Thanks!
4 Answers
Web Deploy is a solid choice for your deployment needs! I suggest installing an Azure DevOps agent on your server to streamline the process and minimize firewall issues. You can then define environments in Azure DevOps for each stage of your pipeline, and set up approvals there. Learning these fundamentals now will set you up nicely for automating security checks later on, so keep it up!
You’re definitely on the right track! If you store each build in Azure DevOps artifacts, you can simplify your deployment process—no need to zip and backup manually. Just create a simple pipeline where a PR triggers the build, and then a deploy pipeline can pick up the artifact. Rollbacks will be super easy too, just a couple of clicks! As for approval processes, you can build that into your pipeline later on. It sounds like you're setting yourself up for success!
This insight about not needing backups on the prod server is a game-changer. I love the simpler rollback idea too!
Absolutely, you're heading in the right direction. Start with building the project using MSBuild or dotnet commands to create your deployable package. Then, transfer your files to the Windows Server over SMB. After that, you can use PowerShell to manage the deployment steps like backing up existing directories or restarting the application pool safely. Consider adding in some quality gates for security scanning in your pipeline as you get more comfortable.
Thanks for breaking it down! I’ll definitely take this as my guide.
Your approach is spot-on! Tackling deployment automation first is a brilliant move because it solves a major pain point for the team. This way, they’ll definitely appreciate your help and be more open to your ideas about security automation later. And yes, Web Deploy works great for IIS! For setting up approval gates, just add a manual validation task to your pipeline. It's super easy—one click and you're all set to deploy to production. Plus, you're gaining real-world DevOps experience which is way more valuable than just watching tutorials. Once your deployments are smooth, your credibility will skyrocket when you start suggesting security checks!
Big thanks to the software team for giving me this opportunity. Honestly, I would’ve been stuck doing nothing for months otherwise!
Got it! After deployment and backup, I should focus on automating tasks that add value, right? Should I ask the devs directly what they need?