CDEs and The Future of Development: Lessons from CDE Universe
Jason Gonzales•Robert Wendt•
CDE Universe Conference #
CDE Universe brought together developers to learn about the latest trends in Cloud Development Environments (CDEs). With 19 speakers covering a variety of topics such as CDE adoption journeys, AI code assistants, next-gen editors, ephemeral databases, generative AI, security and secrets management, and developer productivity, the CDE Universe offered valuable insights and discussions. In this blog you’ll find some observations/considerations on the more interesting topics discussed at the conference.
Considering Production Symmetry: Tradeoffs in CDEs #
At CDE Universe, it was evident that everyone there was enthusiastic about CDEs. Speakers and attendees alike spoke about their benefits. The themes in all the talks and side conversations were nearly all about the following:
- Maximizing productivity and impact
- Speeding up the build-test cycle
- Overcoming resource limitations on laptops
As a result, we’re surprised that no one clearly articulated the problem that developer environments are often too different from production environments and that fact introduces problems.
When we create development environments, we propose two framings that drive how they should be designed and used:
- Development environments should be a superset of production environments
- Development environments should be symmetric with production environments
These two ideas seem to oppose each other, but hang in there for a moment and we’ll explain.
Development Environments as a Superset of Prod #
The simplest way to explain this principle is to take a common example. Let’s say that you deploy your service to a cloud host. Here’s what that production cloud hosted environment looks like:
- Sufficient resources (compute, disk, RAM) to meet production demands
- No source code, just a binary or transpiled code
- Little to no tooling, some host OSes may not even have the capability to things like
You get the idea. So, if you want to be able to develop in a way that will allow you to work dynamically but translate well to production, you need additional resources:
- Source code
- More compute and memory resources
- Tooling, tooling, tooling
So what is even similar at this point? The main things are the OS, host packages and presumably a target binary or transpiled code. The problem is that this example is too simple to see why production symmetry is important. So now we present you with…
Production Symmetry #
Here’s a more realistic example of how CDEs truly boost development. Let’s say you develop on a stack that includes the following:
- Two microservices
- A frontend application
- An event bus
- Two data stores: one is a tabular DB and the other is a document store
The pain here should be obvious. Setting this up and maintaining this configuration on a laptop is hard and typically wastes a lot of time. At one place I worked for, we polled our co-workers who said they spent roughly 25% of every week doing dev env maintenance. Also, this type of setup can literally lock up your laptop, it’s common to see CPU and memory usage go over 100% for protracted periods. Additionally, if you develop on something other than Linux your host packages and file systems won’t resemble production.
But on a cloud host, you can set up a workspace with sufficient resources to get to work with this stack that more than resembles production. It’s not exact, but it’s in symmetry. It balances the needs of a developer, while also being in balance with what prod looks like.
The main trade-offs you have to consider when trying to achieve symmetry are the cost of running these CDEs and the effort required to create and maintain them.
Despite these tradeoffs, there are many benefits to achieving production symmetry in CDEs. These benefits include:
- Improved developer productivity: When developers can work in an environment that is as close to production as possible, they can be more productive. This is because they do not have to learn two different environments and can focus on developing code instead of dealing with environment differences.
- Reduced risk of errors: When code is developed in an environment that is different from production, there is a risk of introducing errors when the code is deployed to production. This can lead to downtime, data loss, and other problems. By achieving production symmetry you and your team of developers will ship with fewer defects.
- Centralized maintenance: Although someone will have to create the environment and maintain it, the good news is that everyone will benefit from that one person’s effort.
Overall, the benefits of achieving production symmetry in CDEs outweigh the tradeoffs. If you are considering implementing CDEs, it’s important to consider production symmetry as a key design principle.
CDEs and Software Supply Chain Security #
Cloud development environments (CDEs) play a critical role in software supply chain security. CDEs can help improve security by providing a centralized location for developers to work on code, manage dependencies, and track changes. This helps prevent security vulnerabilities from being introduced into code and can make it easier to identify and fix vulnerabilities that are found.
One of the most significant ways CDEs can improve security is by utilizing a software bill of materials (SBOM). SBOMs are lists of all the components used to build a software application. SBOMs can identify known vulnerabilities in the components used to build an application. This can help developers avoid using vulnerable components and also identify vulnerabilities that need to be fixed.
CDEs also have the potential to improve security by providing additional security measures. For example, CDEs can implement code scanning tools that can identify security vulnerabilities in code. CDEs can also enforce security policies that restrict what developers can do with code.
Overall, CDEs can play a critical role in improving software supply chain security. By providing a centralized location for developers to work on code, manage dependencies, and track changes, CDEs can help to prevent security vulnerabilities from being introduced into code and can make it easier to identify and fix vulnerabilities that are found.
Here are some additional points about the unexplored potential of CDEs and enhanced security measures:
- Continuous monitoring: CDEs can be used to continuously monitor code for security vulnerabilities. This can help to identify vulnerabilities early on, before they can be exploited.
- Automated remediation: CDEs can facilitate the automation of security vulnerability remediation. This can help to ensure that vulnerabilities are fixed quickly and efficiently.
- Security education: CDEs can provide security education to developers. This can help developers understand security risks and how to avoid them.
By exploring these untapped potential areas, CDEs can play an even greater role in improving software supply chain security.
The 2023 CDE Universe conference was a great event that provided developers with insights into the latest trends in cloud development environments. The conference covered a range of topics, including software supply chain security, developer productivity, and AI code assistants. Overall, the conference was a valuable resource for developers who are looking to improve their cloud development skills and stay ahead of the curve.
Here are our key takeaways from the conference:
- Software supply chain security: CDEs can play a critical role in improving software supply chain security by providing a centralized location for developers to work on code, manage dependencies, and track changes. CDEs can also be used to implement additional security measures, such as code scanning tools and security policies.
- Developer productivity: CDEs can help improve developer productivity by providing a variety of features, such as next-gen editors, ephemeral databases, and AI code assistants. These features can help developers to write better code, faster.
- Production symmetry: While no one mentioned it directly, we began to realize this was an unidentified assumption. Achieving production symmetry means that developers should be able to work in an environment that is as close to production as possible. This can help improve developer productivity and reduce the risk of errors when code is deployed to production. However, there are some trade offs to consider, such as cost and complexity.
At DevZero we believe that CDEs have the potential to play a major role in improving software development. By providing a secure, productive, and scalable environment for developers, CDEs can help businesses to innovate faster and more efficiently.
UX + Product Management