ongoing management of your php 7 application

1© 2017 Rogue Wave Software, Inc. All Rights Reserved.

Ongoing management of

your PHP 7 application

Jan Burkl

Solution consulting manager


Ask the PHP experts: Series

overview

Now: Ongoing management of your PHP 7 application

Oct. 11: PHP industry roundtable

Join our panel of experts in an open discussion on the latest in PHP news,

technologies, programming practices, and case studies.


Presenter

Jan Burkl

Solution Consulting Manager, Central Europe

Rogue Wave Software

[email protected]

Twitter: @janatzend

mailto:[email protected]

https://twitter.com/janatzend


Watch the on-demand webinar

https://www.roguewave.com/events/on-demand-webinars/on-demand-webinar-ongoing-management-of-your-php?utm_source=slideshare&utm_medium=social&utm_campaign=zend&utm_content=askphpexperts3


Security

Tuning

DIY

Scaling


Security tips and techniques


Security

https://en.wikipedia.org/wiki/Security

“Security is the degree of resistance to,

or protection from, harm. It applies to

any vulnerable and/or valuable asset

[…]”


Security pillars


Security pillars

Application

Stack


Security pillars 1/2 – PHP application

• Framework

– Community

– Security policy

• Custom code

– Skillset

– QA tools


OWASP

• Open Web Application Security Project

• Not-for-profit

• Make software security visible

• https://www.owasp.org/index.php/Top_10_2017-Top_10

– Rejected...

– A1: Injection

– A2: Broken Authentication and Session Management

– A3: Cross-Site Scripting (XSS)

– All of the above related to development (8 out of 10 in total)

https://www.owasp.org/index.php/Top_10_2017-Top_10


• (Security) Training

• Security audit

• Application audit


Security pillars 2/2 - Stack

• Support for PHP

• Support for OS

– Hardened CentOS at AWS

• Support for database

• Support for container orchestration

– Docker Swarm, Kubernetes


Scale quickly and efficiently


PHP 7 is fast

0

100

200

300

400

500

600

Magento 1.9 Drupal 7 WordPress 4.1 ZF2 Laravel

PHP 5.6 PHP 7

Requests per Second


PHP 7 is

fast

https://engineering.tumblr.com/post/152998126990/php-7-at-tumblr

https://engineering.tumblr.com/post/152998126990/php-7-at-tumblr


Two questions

• Is your app scalable?

– Maybe you know

– Architecture audit

• When to scale?

– Monitoring

• Zend Server


Orchestration

Deployment


(More than) Compute power

• Virtual machines?

• Cloud? (AWS, Azure, Google, ...)

• Container? (Docker, Rocket, ...)


Automation


Tuning best practices


Tuning best practices

Performance?


First step - Monitoring

Left shift XDebug Z-Ray XHProf

Infrastructure monitoring

Nagios Monit Munin

App monitoring

Code tracingZend Server monitoring

rulesELK


Find the bottleneck


Be careful with diagrams 1/3

db_exec()812 ms

ws_call()336 ms

render()145 ms

helper()17 ms

translate()12 ms

user()10 ms

permission()8 ms



db_exec()36 ms

ws_call()336 ms

render()145 ms

helper()17 ms

translate()12 ms

user()10 ms

permission()8 ms



db_exec()36 ms ws_call()

8 ms

render()145 ms

helper()17 ms

translate()12 ms

user()10 ms

permission()8 ms


Optimize wisely


Do not over-architect


Caching

• OpCode Cache

• Data Cache

– Zend Server Data Cache

– Memcache

– Redis

• Page Cache

– Zend Server Page Cache

– Varnish


Job Queue

• Parallel execution

• Run scripts offline

• Run scripts on other systems

• Distribute the load – space and time


“We wanted to be able to

scale up and sell other

services on the same

foundation, not just build

telecom functionality.”

Youri Treur

director e-commerce and support at Simpel


When and why do-it-yourself fails


Dev, DevOps

• Application migration

• Framework migration

• Tests

• Tools

• OS upgrade

• Best practices

Management

• Time-to-market

• Reduce risk

• Minimize costs


“Being a game changer is all

about time to market. This

means having efficient

change management, being

flexible as a company [...].

Finding suppliers that are the

best at what they do helped

us do this.”Kai Stevens, Enrise


Danke Schön!

[email protected]


Watch the on-demand webinar

https://www.roguewave.com/events/on-demand-webinars/on-demand-webinar-ongoing-management-of-your-php?utm_source=slideshare&utm_medium=social&utm_campaign=zend&utm_content=askphpexperts3


Q&A


ZendCon 2017


Stay tuned

Oct. 11: PHP industry roundtable

Join our panel of experts in an open discussion on the latest in PHP news,

technologies, programming practices, and case studies.

Register now.

https://www.roguewave.com/events/webinars/ask-the-php-experts-performance-migrations?utm_source=slideshare&utm_medium=social&utm_campaign=zend&utm_content=askphpexperts3