Transcript from the "Organization Problems" Lesson
>> So organization problems, right? I actually used this in my last course because it's such a good GIF, but it is very true. Quite often than not, when we have organizational problems, we just take them and we put them over with the other fire. And so we're going to be taking a look at some of the organization problems that we deal with fires quite often, right?
[00:00:19] So what are common problems that orgs face, right? Well, now that we've talked about what problems we're trying to solve, common organization problems can be things like RBAC, right? Making sure that you have a good RBAC policy in place so that everywhere somebody tries accessing something, there's permissions there, there might be groups there.
[00:00:39] One thing that a lot of companies fail at as well is assigning people individually instead of creating groups that people get added to that then get added to projects. The big reason for that is because then you'd have the ability to do onboarding, where you can onboard somebody to a specific thing and say, okay, now you have access to this you're on this team, and this is actually how we do this at Hippo.
[00:01:03] We don't have individuals that is not allowed. And you will get in trouble if you do that. [LAUGH] But basically, everything is team based. So having that team based perspective can be very helpful. Domains and DNS is a huge one, right? Again, I'm not even trying to talk about the crazy engineering companies out there.
[00:01:23] I'm just thinking simply, right? What is your domain? What is your DNS, how does it route, right? How do people get to your website? Stuff like that. And then underneath that is networking, right? So we've got domain set up now, we've got DNS. Well, what about networks? What kinda networks do we need?
[00:01:38] And then finally, resources, right, compute and storage. And you could see how we, once again, are building layers that stack on top of each other. And this is gonna be a very, very, honestly, DevOps is very much just like playing with Legos, [LAUGH]. You have components that you build and then you build them on top of each other, and if you can keep that modularity, then it doesn't matter what tool you use.
[00:02:00] It doesn't matter what kind of practices you do, because they're all components that can kinda be swapped in and out pretty easily. So let's talk about role-based access control, and what do we care about with that, right? Well, again, we wanna have the concept of organizational units. We should start with teams, right?
[00:02:19] Have the concept of no individual has access to something directly, right? Because if that happens and that person leaves the company, then what do we do, right? So no individuals, right, teams. And then what we do is, is we have individuals or developers, again, be added to those teams, so that then developers have proper scopes to everything that they need.
[00:02:41] Outside of that, we also might have outside contributors, right? So you need to think about that. And that's another thing a lot of companies don't consider because it might not be something that's on their plate or something they're thinking about, right? But sometimes you definitely have people who come from the outside in and you think about, well, how do we onboard those people?
[00:02:58] How do we get those people involved as well? Domains and DNS, this one's pretty simple as well. More often than not, you'll have a private DNS, and I do recommend this. What do I mean by that? I mean that you actually have a completely separate domain for all of your private stuff.
[00:03:18] Have a private domain. For example, at Hippo, we have Hippo Private. So we got to hippo-private.com, that is a completely locked off VPN-only accessible domain layer. And all of our internal services go through that, right? Now why do we do that? Because then we can standardize how that works internally and it doesn't necessarily directly impact our external domains.
[00:03:43] External domains get crazy, you gotta add all of these routing, redirects, all of these things. And so we want private to be as simple and as maintained as possible, right? So having a top level domain for private domains versus public is very helpful. And a DNS management, figuring out how you're gonna, do not, please do not cPanel it, okay, we're way beyond cPanel now.
[00:04:09] There's nice solutions out there for DNS management, Cloudflare, Amazon, Azure, right? These solutions really help you set up DNS management and routing easily, and they're good for that. Honestly, I do not think you should run your own DNS. I don't, it's normally runs into DNS being the problem.
[00:04:29] So lean that onto somebody else, make somebody else take care of that for you. And the DNS, hopefully, won't be a problem unless there's an outage. Networking, as I said before, private networks, public networks, firewall security boundaries, secure VPN connections, right? The whole idea here is, is that, going back to the private versus public, how do we get people into our networks?
[00:04:51] How do we get developers into our networks? How do we make sure that the two don't mesh or blend into each other, right? Networking does become a big problem when you actually wanna talk about how are people going to work on things versus how people are gonna buy things from us.
[00:05:07] VPN as well. So I know that there's a lot of options out there. I know you can do Bastion servers and all those kinda things. I think if you go back to what I said before about wanting to provide a good developer experience, VPN should be easy. VPN should not be a situation where somebody has to open up their system settings, click the VPN, copy and paste the address, copy and paste the security key.
[00:05:32] It's very troublesome. A lot of people just check out. There's really great solutions out there for VPNs today. We use Twingate. Twingate is a very, very popular VPN solution. It's really nice. There's other options out there that are even free, things like that. I would recommend Twingate just because Twingate also leans on the principles we've already talked about.
[00:05:52] It's got RBAC, it's got team access, it's got resource allocation and stuff like that. So finding something VPN wise that actually makes that part of it easier for you can really help with getting people into your private networks and stuff like that.