Three Tier Environments Standard
Purpose
This standard defines the purpose and use of Development, Quality Assurance (QA), and Production instances for environments hosted by Web Services.
Brief Description
Web Services’ standard is for environments to consist of Development, Quality Assurance (QA), and Production instances. Tools are provided for the developer to deploy their web site or code from Development to QA and from QA to Production. Developers should test their code in all instances but extensive testing should be targeted at QA. Web Services provides the TIER environment variable to assist developers whose code must determine on which instance it is running.
Details
Architecture
Web Services provides Development, Quality Assurance (QA), and Production instances of all sites on shared hosting environments and recommends them for dedicated environments (where appropriate). By establishing separate Development, QA, and Production instances, we can maintain the stability of our production service while allowing testing and development to proceed without interference with each other or the production service. The Deploy Tool is provided to move content from Development to QA and then from QA to Production. Developers are provided direct access to their files in Development, but must use the Deploy Tool to update or delete files in QA and Production. No direct access to QA and Production is permitted.
Purpose and Use of the Development Tier
- Development is where active changes are made by developers.
- This is the only tier where developers have direct access to edit files.
- Development is restricted to be accessible for editing files and browsing sites only from within the University network. This helps to prevent search engines indexing sites that are not ready for production and prevents untested code being accessed by the world.
- Development sites should only access development databases.
Purpose and Use of the Quality Assurance (QA) Tier
- QA is configured as closely as possible to production for the purpose of testing and validation.
- Developers have no direct access to this tier to edit files.
- Content/Code is moved to QA using the Deploy Tool.
- QA should be used for final pre-production testing, including security scans and load testing. New vulnerability scans should be considered any time there is a significant change in or enhancement to the functionality of a site.
- QA is restricted to be accessible from only within the University network. This helps to prevent search engines indexing sites that are not ready for production and prevents untested code being accessed by the world.
- QA sites should only access QA databases. If a QA database is not available, QA sites should access development databases.
- When the QA tier does not exist, the functions associated with QA should be applied to Development instead.
Purpose and Use of the Production Tier
- Production is the stable, public-facing site.
- All Production sites are accessible to the world. Restrictions to specific IP ranges may be requested by the site owner.
- Developers have no direct access to this tier to edit files.
- Content/Code is moved to Production using the Deploy Tool.
- Production should not be used for load testing or vulnerability scanning. Some testing may impact other production sites on the server.
- Production sites should only access production databases.
Deployment
- Web Services provides tools for deploying content from Development to QA and from QA to Production. Access to these tools requires a campus IP or connection to Purdue’s VPN service.
- The standard deployment path is from Development to QA, then from QA to Production.
- Basic site validation should occur in all tiers (and before deploying to the next tier) after any change. More extensive testing should occur as the scope of the change increases.
- Developers are responsible for testing their site and Web Services encourages thoroughly testing sites in QA prior to deploying to Production.
- Information about using our Deploy Tool can be found here.
Determining the Tier in Code
Web Services provides an environment variable called “TIER” that may be queried by site code when it must take different actions depending on whether it is running in Development, QA, or Production. The most common use for this would be to select the correct database connection information. This variable will have one of the following values:
- dev – on the Development system
- qa – on the QA system
- prod – on the Production system
Developers are encouraged to use this variable rather than other mechanisms (such as the server’s host name). Developers are also cautioned to limit the code that is conditionalized on this variable as it is not possible to test the alternate code paths except on the respective tier.