Speaker 1: 0:07

Welcome to Microsoft Community Insights Podcast, where we share insights from community experts to see how to do it in Microsoft. My name is Nicholas and I'll be your host today. In this episode, we'll dive into the role of observability in the SQL pipeline, but before we get started, I want to remind you to subscribe to our social media so you never miss an episode to help us reach more amazing people like yourself. Today we have a special guest called Nisha. Can you please introduce yourself, please? Hi everyone. Thank you, nicholas, for having me here. It's a pleasure to discuss whatever we are learning in this area with your audience here. Giving my short intro sort of thing, I am Nisha, working as a developer, educator and middleware, and apart from that, I run various jobs related to data in my local region and have given talks in 10 plus conferences last year and have been mentoring many students, professionals, in hackathons and open source programs. So, yeah, that's more on my end, okay? So before we dive into the main subject of the era, can you please tell us more about what you do and today, at your workplace, made to work? Yeah, so I work in a YCB startup and my role is around the RFID OTA, so I run the community. For that I used to host meetings across India and apart from that, on my regular basis I work with customer success, I make technical content sort of thing and we are also starting out some podcasts where leadership podcast is there. We are also starting out webinars and it's more on tech awareness, like how the product awareness is there and how the community can get benefited from there. We started hosting alternative meetups across india and hosted in many, many, many cities. In similar manner, we also started to host in us where many professionals are coming and just it's not any product marketing meetup but it's more on awareness, because a lot of people gather and share their problems. A single platform can be built, where many people came on our observating platform and they just tried to shout out their problems and we are happy to help them out. These are the major things that I do on a regular basis. These are the major things that I do on a regular basis and apart from that, my weekends are mostly on some meetups, because I used to host at least two or three offline meetups every monthly in my local region Because, as we have good community people over here, we almost have 2000,. 3000 people of DevOps over here. So we regularly gather together and share what is new, how this AI is coming and developed, how we can benefit here, how we can use and a lot of stuff. Okay, that's brilliant.

Speaker 1: 2:56

And aside from the community work, what's this observability platform you mentioned earlier? Yeah, Is it like a pipeline that you automate earlier? Yeah, is it like Grafana? Or is it like a pipeline that you automated? Yeah, so for DLNIC, I work in RealWear. It's a SaaS-based platform similar to Grafana, but it's a YCE-based startup. Grafana is fully open source, but on top of that, because you have from its years, you need to configure with Grafana and different stuff, you need to manage and maintain a lot of open source tools, sort of thing.

Speaker 1: 3:29

So that's that's that might be a handy for many companies because they don't have many resources or they don't want to utilize many resources. So middleware is like sas based platform where, if you just want to ingest your data uh, this small amount of data, like gpu or something they give you a new, free and apart from that, they have different features, a lot of features, sort of thing. Let's say, application monitoring, infrastructure monitoring, and nowadays lms are trending, so they also have lm mobility, because you don't know what if, whenever you just start writing your prompt and yes, you just enter, the answer is coming, but you don't know how the answer is coming or how the answer is accurate. So how you can better understand, because, as a person, as a DevOps, as an AI engineer, you want your customer to get benefited. So how you do that, there is an LLM authority that helps you understand how accurate your answer is and where actually the traces are going, if you are, if you enter the prompt. So the prompt is taking some memory. It is going to some LLM model and I recall your request is measured in the traces of the absolute request and you can actually see like where the performance can be improved so the answer response can be improved. So, yeah, these are some different factors because we need to be in AI and math, because it's now AI stuff in your routine.

Speaker 1: 4:57

Okay, do you have to? Oh, so that platform is with middleware, your company that you work for, that develop the observability and then it helps monitor, like DevSecOps monitor LLM as well. Is that correct? Yeah, that's more of like the stock is more of an observability thing. It also integrates it. That's not a promotional thing, but yeah, it's a general awareness and DevSecOps pipeline observability also plays a critical role and it can eventually help you out some at some portions. So your DevSecOps Pipeline can get benefit you sort of thing.

Speaker 1: 5:34

Okay, any chance you have what, you have something to show us about what it is and how to observe, like monitor LL or dev cycle pipeline. Yeah, yeah, so let me share my screen and, yeah, sure, give you a brief like how absolutely get settled in the dev cycle pipeline and how it can improve your performance sort of thing we are talking about, like how absolutely settles in the dev cycle pipeline is, so absolutely is there in the core root because it can eventually help you to detect some vulnerabilities and issues on the road. If you see on some logs and some, because if some person is trying to catch some, some passwords without saying, you can definitely see in the logic that some ip is calling you a lot, a lot of time. In similar manner, you can definitely see how crucial it can be to detect vulnerabilities at a root scale. Observity is like core. Ability to understand, like observer, is majorly like what you have in your backend. It will eventually help you out, understand how the system is behaving and what are the major components of the ability. There are logs, addresses, pre-assets. How it will even help is it will eventually do the root cause analysis in fast stream math and it won't eventually help you in the security and maintain the security portion. It will also help you in getting the compliances.

Speaker 1: 6:57

I guess, like you have been understanding from the diagram, because all you really can settle in between the core, core part of the DevSecOps pipeline. So how? The DevSecOps is security plus operations. Because in H nowadays, each and every thing we need to improve the security, there can be bridges and security is on the top of the thing nowadays. Yeah, majority of the time, if it's a client or project, it has to be the top, it has to come from the top. If it comes in the middle, then you have miscommunication and you will have actual real tech tech suck up. Yeah, because security. No, if someone bridges your product or application and that really that would be a nightmare for any company because all the details, all the data is going away. So here is a kind of top-notch thing people need to take care. Even it's a small product or a large housing set, how do you, for example, increase it? How would you automate that? Yeah, I will come on that portion.

Speaker 1: 8:05

So how observability is there? So some of the things are anomaly detection. If you see anomaly detection, so anomaly detection sees your past data and it will predict that. If it will predict that your something will be depreciating here, some scaling will be depreciating here. That is one thing, anomaly detection. And apart from that, apart from that, let's say, and of any vm anything, let's say it is going up to 90%, which so some real-time alerts will be there and it will just from one click the next VM would be spin up and your, your CPU consumption will be lesser. So there are some automation there that can help you. So one is anomaly detection. Next is real-time monitoring. So how fast real-time monitoring will eventually help you know if something is wrong with your product or if someone is trying out to breach some data because the IP is concurrently accessing your APIs. So these are some automated way and apart from that, I can also discuss on some of the key features of auxiliary. That is as I mentioned, and it's only reduction. So pinpoint vulnerability before take and breach, so we can, we can differently see. Uh, if some data is going on in logs or metrics and some regular patterns are changed, then we can see like some something is changed and then we can we should get alerts so we can definitely respond on that and on the next years.

Speaker 1: 9:45

You know, in this era, from monolithic to microservice, people have changed and then people have changed to shift left technology. If left services in same manner. Shift left is doing the thing which we were doing previously, afterwards to do it before. You know, like shift left, how people are now consuming shift left in every technology. So integrated security checks are in that development cycle, would be beneficial in this and I have some examples or thing you better just understand, like how, how, what are the things you can do is so Visualizing the field connections, the field connections of api's field connections, of anything you can visualize and you can better understand, better understand it for root cause analysis, because it will foster your root cause analysis.

Speaker 1: 10:35

Next thing is analyzing api, called patting, as I already told, like regular, the api is getting out this, but if you don't, uh, if some something changes, you don't know. So there is one thing, one service everyone knows about application performance ordering, infrastructure monitoring but one thing that is that is synthetic monitoring. Synthetic monitoring is just for apis in the algorithm, space synthetic monitoring just plays. They are monitoring for just apis, if your apis are working properly. If your apis are not working properly, then it will trigger out the real-time alert so you can better understand like apis not working. Well, we need to work something on this.

Speaker 1: 11:15

Next thing is there are traces. The trace rocks up there like trace is everything of a request. If you have enter googlecom, so your request has gone to wherever place, it will have a span id and it will showcase like wherever the request has gone. It will eventually help you better understand how, how your request is working. Hope it is making sense or something on the shift level. Security sorry, can you give us some like best practices of using safe backup in observability for pipeline? Yeah, so, absolutely, like nowadays we go if we made an application and after we are doing the security, so I will tell them whenever your APIs are made. Whenever your APIs are made, you should have the sensory boundary, so that will eventually help you out, because in an application there are tons of APIs, so it will eventually help you out to like there are tons of APIs, so it will eventually help you out to know whichever APIs are working properly and apart from that, you have some need to maintain some real-time alerts for different packages.

Speaker 1: 12:25

In this sense, see, now we had gone to chaos engineering. So what is chaos? Injecting some files in our own application and then testing it resoundingly? It will reliable. Your product is so chaos engineering. We can use some chaos engineering over here, we can test it out and we can also see if the alerts are coming on real time or not, if the logs, patterns, batches are on that time or not. So we can be like we can have control failures, so we can have whenever relative fears are coming, for we don't have to work on major things. I hope that makes sense. And a small difference between chaos engineering and testing is testing is your application is working completely, but you just need to load this and different sort of testing is there. But Chaos is a thing like you are injecting some force in your own application and then testing it at a relevant level if it is working or not. So there is much more to replication here.

Speaker 1: 13:31

So have you integrated TESA and Chaos Engineering in projects before in production? Yeah, yeah. So we had a series of drives and we made the whole architecture for them and they have their engineers to work on that. But, yeah, the whole architecture was made by us and we gave the whole architecture to them and they were impressed because it will eventually play and fill up a lot of things in tech for their system architect. And it will eventually because it was a big data company. They were having a lot of transactions sort of thing, so to maintain this and to have secure things is really important for them. We made the whole architecture for them and, yeah, the engineers made the whole whole system sort of thing, and after they had their at this key also, they they don't don't have to worry a lot of things because they also will check back all compliance certificates like household 27001 and HIPAA and different compliance certificates. And they have good results because nowadays they are in a narrow DevOps space. Apart from the DevOps, devsecops, there is infrastructure engineering, platform engineering, platform engineering also taking a lot of part in making the infrastructure more simple and more simple manner. Similar way, chaos engineering is also booming making the infrastructure more simple and more simple manner. Similar way kiosk in your english also for me and it really help you out if your application can be scalable and resilient level at some skill.

Speaker 1: 15:06

Okay, so in terms of uh, how do you what else to do? You only use uh middleware tool or use external to whether it's from microsoft or external tool for monitoring apps as well, for tech setup as well, or you just use middleware for that. No, I, I, I don't want to like uh, like, promote middleware because, yeah, you will eventually have a reporter if you have insights. If you have insights, let's say, microsoft have insights and in their vms. So, if you configure insights in proper manner, if you have real-time alerts, if you, if you can have distributed tracing, if you have synthetic modeling at that place, if you use that and if it works properly after kiosk testing, then it's fine. Nothing, nothing is wrong.

Speaker 1: 15:57

But these are the major things in algorithm space that are like you need to uh have for your application. If they are not, if that, if uh the tool which you're using as not providing all of them, then you need to jump on two different tools and make a good ecosystem and you need to maintain them. That's a major problem. If you have some resource, you have some time you can maintain. But yeah, nowadays, what is what is happening is I a lot of vp, of engineering, of different companies, so on one leaf space on the second space. So they have a lot of less engineers over there and most of the engineers are working on application building and not not majorly on the deployment side sort of thing. So, majorly, if you have a complex, compact tool where everything would be there and with less effort to release less manual efforts, then it is beneficial to them. That's nothing on bragging like I, I just use this, but yeah, it's a general skill. I'm just telling you in general, these are the major things If you can implement in your application, then the application will be on a larger scale.

Speaker 1: 17:10

It will really benefit you. Yeah, I think you just need to think of security as everything you do, whatever is deploying things, as everything you do, whatever is deploying things, every aspect you do, every ticket you do you have to maintain your security mindset as well. Yeah, yeah, you understand. Like. Yeah, there is a thing like these are the things you need to implement. There better be any tool that doesn't make more or less perspective majorly, but yeah, these are the things that are to be done for an application perspective. You can use many tools as per your resources, but if you have lesser resources, you can try it on real-world ones. So it is a different thing like whatever you use, not in a manner Microsoft also has some other security thing and Microsoft also have on the cost thing and Microsoft wants to have on the cost of the resume thing. Yeah, how there's you know, sort of thing.

Speaker 1: 18:02

Yeah, there are different things, like whatever it can benefit you yeah, so in terms of let's dive into the community works that you do so in terms of community, you say you did some like meetups in a weekend. Do you actually organize the meetup or is it happening in weekend where you live? Yeah, so I I run this cncf chapter, docker chapter, different cloud related chapter over here. So I organize them and I also give talk, you know, uh, last year and some conferences like Last year, one friend was like the DevFace, the BlackstoneCon, linuxface, devopsface and virtually some places. So, yeah, these are the major things which I regularly do, sort of thing.

Speaker 1: 18:50

How many communities do you have involved? How many communities are you involved with the three or four? Yeah, four. And apart from that, we also have one community called Open Source Weekend, which some of my colleagues started previously not from the community colleagues, community people started and where our main focus is to promote open source and to host events on different tech, let's say, next year's on platform engineering, on prompt engineering. So we have like, because open source is in everything, open source is in every tech space. So we used to host events on different weekends and have different sessions on different technologies. So I also organize that. So, yeah, that that is one of the biggest community in our state and many people recognize us on that community because if anyone from across India or abroad wants to host meetup in my local region, so they just contact us and we are doing a lot of events, so they know us. We can help them with some venue or some speaker or any sort of.

Speaker 1: 19:58

Okay, so it's not just yourself, you have a group of people that help you organize things. Okay, that's good. So what do you normally do aside from community work? Do you have any hobbies or are you just talking to conferences and helping communities out? Yeah, most of the weekends are born on this man. But yeah, we used to play cricket. We are also a foodie, so we used to go to different places to try it on some food. Okay, so that's quite good. It's good that you're helping the community and stuff.

Speaker 1: 20:30

I take it you get your company, motherware, help you with the community as well, so they give you time you need. Sorry, sorry, wait, pardon. So I take it you've been encouraged to help with the community with by your company, or is it your passion to help? No, no, no, my passion is. Yet I was doing this from last two years and actually from last almost seven, eight months. But, yeah, my patient is there. Like I used to do a lot of meetups, meeting people, I don't use people, so, yeah, so from last 1.5 or 2 years, we have hosted 50 plus meetups over here. Okay, that is my passion. I'm not saying it's related with that, but yeah, even in my country we have different things. I also do some meetups for them, also across India. Yeah, this is my two favorite passions of them. That's fair.

Speaker 1: 21:21

You never get tired and it always keeps you beating your feet by organizing and learning as well, because hope you're learning while you're organizing. Sometimes, when you're organizing, you can still speak at events and stuff, so it still works out fine, okay, so, had this episode coming to an end, is there any last minute words that you want to give to people if they want to go into DevSecOps using any observability tool. Yeah, there are some major things which I covered. Just try it out to settle whichever observability tool you measure in your application. That will definitely help you out to scale your application with security perspectives. So, yeah, that's it. And just give back whatever you have achieved in your career to your community, folks in your local region so that will eventually help grow community everywhere, because nothing we will take away with us, nothing we're going to get away, but yeah, it is eventually helping a lot of more people. More people can join us and more people can give their insights. Yeah, that's amazing.

Speaker 1: 22:24

And do you do you have any events that you're speaking to or going to like event? Yeah, I know it's a dev sec up devops, events. Yeah, so, uh, like, uh, in april, next month, I am going to Kubernetes Commitment Day, chennai. That is one of the KCDs that is happening in Chennai in India. So I will be having a talk around EDPF, that is, around security sort of thing. Allergy is one of the CNCF-based projects, so if you are coming here, let's catch up over here. What's the session on, sir, edpf and CEM? Okay, yeah, yeah, okay, now I let's catch up all year. What's the session on sorry, edpf, ncm okay, yeah, yeah, okay, now I spread it. Thanks for coming on this episode new show it's. It's amazing to get to hear your story about Dexaclop and observability, so thank you bye, thank you bye.