Internal (Developer) Platforms Why, What, How 

WHY and WHAT is an Internal (Developer) Platform 

DevOps burnout There has been an increase in cognitive load / stack complexity Inspired by Daniel Bryant at PlatformCon 2022 https://thenewstack.io/devops-burnout-try-platform-engineering/ 

Shift left = Dump left Shift left Security, Testing... => developer Exhaustion https://blogs.cisco.com/developer/avoiding-shift-left-exhaustion-part-1 

Software Delivery Performance Impact https://www.usehaystack.io/blog/software-developer-burnout-how-to-spot-early-warning-signs DevOps GitOps FullStack Shift Left IaC k8s Cloud Distributed APM Agile ... 

Software Delivery Performance & Business Outcomes In Digital Businesses, there is a direct correlation between Developer velocity and Business Outcomes https://dora.dev/research/ 

Top Developer Velocity Companies are stronger Financially https://nightingalehq.ai/blog/developer-velocity/ 

Enabling Fast Flow 

Team Topologies for Fast Flow Stream-aligned team Platform team Enabling team Complicated Subsystem team Collaboration Team Interaction Modes Fundamental Team Types XaaS Facilitating Flow of change https://teamtopologies.com/key-concepts 

XaaS Platforms can enable Fast Flow Platform Teams build Platforms Platform team Team A Team B Team C Platform XaaS Console Portal API App Organizational view Product/Service view App Engineers Platform Engineers Website sdk AI Chat 

Internal Developer Platform. What is it? An internal developer platform (IDP) is a self-service interface between developers and the underlying infrastructure, tools, and processes required to build, deploy, and manage software. Internal Developer Platform Console Portal API Runtime Platform Tools Website Infrastructure Platform Developer Control Plane Developer Service Plane Developer IDPs provide developers with a unified interface to access tools, automate CI/CD pipelines, manage environments, and monitor performance https://internaldeveloperplatform.org/ Provide self-serve Golden Paths 

Golden Paths / Paved Roads A Golden Path refers to an opinionated, well-documented, and supported way of building and deploying software within an organization https://www.redhat.com/en/topics/devops/golden-paths https://www.redhat.com/en/blog/designing-golden-paths IaC Templates App Templates Build and Deploy Pipelines Repos (Code, Artifacts) Observability Security Policies Runtime Docs Automated /Guided Workflow Infrastructure 

Golden Paths Balancing Act Standards vs Freedom https://www.port.io/blog/how-internal-developer-portals-help-you-to-pave-and-remain-on-the-golden-path 

"D" in IDP is not only for App Developers Application Golden Path AI/ML Model Golden Path Infra Golden Path Security Golden Path Sysadmin Golden Path Data Analytics Golden Path Learning Golden Path ... As many Golden Paths as Development Journeys DBA Golden Path Testing Golden Path 

An IDP can improve Developer Productivity & Satisfaction Increase Velocity Reduce Cognitive Load Simplify Standardise Increase Satisfaction Better Developer Experience Attract and Retain Talent Reduce Zero to Hero Time in multiple dimensions 

An IDP can improve SPACE metrics Measuring Developer Productivity. SPACE framework https://queue.acm.org/detail.cfm?id=3454124 https://www.packtpub.com/en-gb/product/accelerate-devops-with-github-9781801814676 Example metrics 

Ref: IDP Reference Architecture https://devops.com/internal-developer-platform-idp-reference-architectures/ 

Ref: IDP Tooling Landscape https://platformengineering.org/platform-tooling 

HOW to design an XaaS Internal (Developer) Platform Most of the Design Tips apply to any XaaS Platform 

Designing XaaS Platforms Internal (Developer) Platform API ● Tenant & Resource Model ● User Journeys & User Interfaces ● API ● IAM Model ● Quotas & Limit ● Metering & Billing Model ● Support, SLO, SLA ● Scalable, Elastic ● * more Design Topics Console Portal Website Developer 

Following Slides present valid design options My preferred option is usually the right one :-) Option 1 Option 2 Option 3 

High Level Internal (Developer) Platform Architecture Console Portal API Website Control Plane Orchestrator IAM Catalogue Security & Compliance Onboarding Tenant Management Monitoring & Observability Application Lifecycle Management Infrastructure Lifecycle Management Security Lifecycle Management Application Performance Management Infrastructure and Capabilities providers Service Plane ML Model Lifecycle Management Developer Interfaces Metering & Billing Resource Manager Operations Runtime Platform https://tag-app-delivery.cncf.io/whitepapers/platforms/ Tools Resources 

Tenant & Resource Model Outcome Oriented vs Capability Oriented "Application" vs "Tenant/Project/Account/Subscription/Namespace/Workspace" tenant1 application1 Code repo Tools Resources Application1 Deployment Deployment config Artifacts CI/CD pipeline Infrastructure Runtime Environment IaC Repo IaC Pipeline IaC Repo IaC Pipeline CI/CD pipeline Code repo Artifact Repository Application2 Deployment Runtime Environment Infra Environment Platform Platform Pro: Good for Application lifecycle golden paths Pro: Can serve any golden path & persona 

Tenants & Resource Hierarchy Plain vs Tree Platform Root1 Folder namespace1 Folder namespace2 Root2 Folder namespace1 namespace3 namespace2 Platform Pro: Simpler to implement Pro: allows more complex Authorization policies 

Authorization Model ABAC vs RBAC vs ReBAC vs a combination of the previous https://atekco.io/en/1687242837077-openfga-an-exellent-tool-for-access-control-authorization/ 

APIs Functionality Internal (Developer) Platform API Tenant Management Users, Groups, Roles, Policies Management Resources Lifecycle Management Onboarding* Resource Consumption** *Onboarding: could require humans interaction (approvals) and be a separate process that uses the Platform APIs ** Resource Consumption Interface depends on the Platform Resource model abstractions 

Level of Abstraction for Resources Abstract away from context (wrapper) or not (pure control plane) Internal Developer Platform Console Portal API Runtime Platform Tools Website Infrastructure Platform Management & Usage Time Usage Time Internal Developer Platform Console Portal API Runtime Platform Tools Website Infrastructure Platform Management Time Usage Time Pro: Easy to Control, hiding implementation Pro: easier to extend to leverage existing solutions 

Level of Abstraction for Resources For IDPs is better not to abstract Developers from context Internal Developer Platform 1-CreateTenant(TemplateId) Runtime Platform Tools GitHub Github Actions JFrog Artifactory tenant1 Kubernetes PostgresSQL RabbitMQ Templates Resources 2- Provision Resources 3-Configure Access & Policies GitHub Repo Github Actions Artifactory namespace database Urls to the Tools 4-Use tools Natively via SSO 

DevEx & Stack Abstraction Fullstack vs Serverless Servers, Storage, Networking Virtualization Operating System Kubernetes Middleware Database App Logic , Data Runtime Frameworks Servers, Storage, Networking Virtualization Operating System Kubernetes Middleware Database App Logic , Data Runtime Frameworks Servers, Storage, Networking Virtualization Operating System Kubernetes Middleware Database App Logic , Data Runtime Frameworks Servers, Storage, Networking Virtualization Operating System Kubernetes Middleware Database App Logic , Data Runtime Frameworks Managed by App Engineers Managed by Platform Engineers Infrastructure Application +Velocity +Cognitive Load +Optionality 

DevEx & App Model. Example App Deployment 12factor like App API API Database Storage Bucket Messaging Topic service 1. Auth 2. Create Tenant 3. Configure Runtime Environment 4. Deploy Attached Resources from IaC templates 5. Create App repo from template 6. Configure Deployment (App + Attached Resources) 7. Deploy App 8. Test and Observe App Kubernetes url/connection strings LB DNS VPC API GW tenant1 Tools Resources App1 Deployment IaC Repo IaC Pipeline CI/CD pipelines Code repo Artifact Repository namespace database bucket config topic config CDN secrets Managed by App Engineers Managed by Platform Engineers IDPlatform Developer Journey Runtime Env 

GitOps vs APIs Cracking a nut with a sledge hammer? tenant1 tenant2 tenantN Terraform Actions tenant1 tenant2 Terraform Actions Terraform Actions Platform Engineer PR approval tenant3 Terraform Actions Internal Developer Platform DB API Entities As Files tenant1 tenant2 tenantN Central Repo Distributed Repos Backend with DB Entities Operations implemented as Pipelines API Operations One per user /tenant 

Platform Orchestrator Out of the box vs Customizable vs Extensible Generic vs Specific Actions CI/CD Pipelines Workflow engine By Code step1(c) If c.ouput then ... By Product CRDs & Operators Custom Resource Operator Humanitec Platform Orchestrator Kratix Azure Durable Functions Temporal.io Azure Logic Apps Workato Kubernetes Harness CI/CD Azure DevOps 

Dealing with Private Environments Internal Developer Platform Control Plane Delegate Runtime Infrastructure Firewall Friendly https://developer.harness.io/docs/platform/delegates/delegate-concepts/delegate-overview/ https://developer.hashicorp.com/terraform/cloud-docs/agents Private Environment 3 Do grunt work 1 Manage&Configure 2 Pick up work Harness CI/CD Outbound connectivity from Delegate to Control Plane Firewall Hashicorp Cloud Platform Terraform 

Designing XaaS Platforms Internal (Developer) Platform API ● Tenant & Resource Model ● User Journeys & User Interfaces ● API ● IAM Model ● Quotas & Limit ● Metering & Billing Model ● Support, SLO, SLA ● Scalable, Elastic ● * more Design Topics Console Portal Website Developer 

Is your IDP your Internal Platform? The Platform for consuming any Platform On Prem AWS Google Cloud Platform Azure Hashicorp Cloud Platform Harness.io Software Delivery Platform Github.com DataDog ... Internal (Developer) Platform API Console Portal Website Management Time Usage Time 

Thanks! https://www.linkedin.com/in/rubengblanco https://medium.com/@ruben.gblanco https://speakerdeck.com/_rubengb