Logo

dev-resources.site

for different kinds of informations.

Power Platform - Direct to Prod?

Published at
11/11/2024
Categories
powerplatform
powerapps
powerautomate
lowcode
Author
wyattdave
Author
9 person written this
wyattdave
open
Power Platform - Direct to Prod?

I read an interesting article recently (Straight to Production), it highlighted how someone working directly in prod can be exponentially more productive. It hit a chord with me because of the Power Platform, Microsoft's original vision for the Power Platform was Direct to Prod.

The Default environment was and is production, and Microsoft enforces that everyone that wants any interaction with the platform has access to that environment (and that includes SharePoint users of custom App forms).

So in this blog I want to talk about 3 main things:

  1. The Pros of Direct to Prod
  2. The Cons of Direct to Prod
  3. How to Walk the Line

1. The Pros of Direct to Prod

The main benefits of Direct to prod is simplicity and speed.

Simplicity is evident in the overheads created by following ALM, there are 3 main overheads:

Systems
To enforce ALM you need additional systems, these systems come at a cost to uses, cost to train, and time cost to use.

As an example you will most likely need:

  • Repository like GitHub (though that isn't bad idea for Direct to Prod too)
  • Pipeline implementation like GithHub Actions
  • Testing like Smartbear
  • Project management like Jira
  • Change Approvals like Service Now

You will have to pay license costs, you will need support staff for each, trained developers to use them, and all of the time interacting with them instead of coding.

And this is not just for pro code, Power Platform should have similar requirements

  • How do you back up your solutions
  • How do you deploy across environments
  • How do you track your work
  • How do you manage change controls

Code
Working with ALM adds additional code to your projects. For pro-code its pipeline configs, testing scripts, libraries, etc. And its even the same for low-code and the Power Platform. When it launched there was no environment variables or connection references, guess why, yep because you don't need them if you are working directly in prod.

Adding this extra code not only takes straight development time, it adds complexity to your main code. This complexity makes it even harder to read for other developers, so you invest in documentation and knowledge transfers, and all future development work takes longer.

Storage
Similar to code but this is just around duplicates. Instead of storing your code in 1 or 2 places (Prod and backup), you now have:

  • Dev
  • Test
  • Staging (not always)
  • Production
  • Backup

That's at least double the storage (and don't forget storage is not free). This can be mitigated if you spin down your Dev/Test/Staging but not all do, especially in the Power Platform.

As for speed, well this one is quite evident, and its all about the process.

Process
If you are updating straight to prod, it generally looks a little like this:

  • Requirements for change
  • Make changes
  • Unit test
  • Finish

If its a real simple change (10 mins of development), then this whole process can be in the minutes, now lets look at a ALM process:

  • Requirements for change
  • Added to project management tool
  • Dev spun up from repo
  • Environment variables configured
  • Make changes
  • Unit test
  • Create test cases
  • Update management tool
  • Create test environment
  • Deploy to test
  • Complete test cases
  • Deploy to staging
  • Add change request to change approval tool
  • Product owner and tester approve changes
  • Deploy to prod

This is not an exhausted list and could be less depending on systems/organisation

4 steps compared to 15, and just imagine that simple change, the value added time is 10 mins. Yet above will take over hour of productivity time, and most likely weeks of wait time (waiting for approval, can't deploy and test in same sprint etc).

steps to prod

Finally there are other misc benefits like:

One Version of the Truth
One version of the truth code, if you have a dev and prod instance they can get misaligned. Example I see is there are undocumented edits to dev, and then when a bug fix is required, those changes are missed and get pushed to production.

More Developers
Requiring your developers to know the full ALM cycle means they need to be skilled more, this shuts off a pool of citizen developers that could do the dev work but not the rest.

2. The Cons of Direct to Prod

So why would we not go direct to prod if all those benefits, well 1 main reasons, risk.

Risk will never go away but needs to be managed and processes added to both decrease the likely hood of it happening and limiting the impact if it does happen. And this is why we do not edit directly in prod.

Lower the likely hood of the risk
The first key one to this is the Test environment. By having a separate but identical (and it really should be) we are able to fully check the code. Every developer will make a mistake and having a process to check for them is key. Even when the code is perfect there might be unexpected configuration or external dependencies that cause issues. Having the Test environment allows a "dry run", making sure all the moving parts work.

The stage gate approach as allows for validation checks like Code reviews. Code reviews can spot bugs as well as ensure coding standards. Coding standards help ensure that future updates by different developers are easier, again generating less bugs.

stopping bugs

Lower the Impact
By its very nature the ALM process creates redundancy and rollbacks. By having previous deployments any critical issues in prod can be rolled back to the previous version.

Additionally having Dev and Test environments means that any bug cause can be identified quicker and fixed quicker. In an ideal solution for a critical incident would be:

  • The bug would be documented
  • Previous version redeployed
  • The bug replicated in Test
  • Solution built in Dev
  • Validated fixed in Test
  • Redeployed to Prod

This process has the minimum impact to the end user, quickest and most efficient fix development, and definitely not possible in a Direct to Prod approach.

limit bug impact

There are also additional benefits like:

Accountability
Ensuring UAT pass and Go Live approval ensures that the right people take account for any results of the deployment

Communication
By having a process and accountability communication is a beneficial by-product. The users and connected system owners will have advance notice of changes and have preparation time.

3. How to Walk the Line

How to get the benefits of Direct to Prod but not the risks is an age of question. The Power Platform was originally focuses on Citizen Developers, who by their very nature are perfect for Direct to Prod. They don't have the training and tools, they are single dev teams, and the solutions are small and low risk.

But the Power Platform did not stand still, it got more powerful, it got broader adoption, and that lead to big business critical solutions, and more instances, both of which raised the risk. Not to mention that when a platform evolves like this external threats will focus more resources on it, raising the risk again. This has not gone unnoticed by Microsoft and its enterprise customers, who have driven the rollout of:

  • Solutions
  • Environment Variables
  • Connection References
  • Sharing Limits
  • Pipelines
  • Granular DLP
  • Solution Checkers
  • Test Studio

and more, but it has never changed its spots. The Default is still the same, and they have added improvements like version control to flows (creating a mini dev/prod with rollback capability). So how do we walk the line, well for me its around a simple scale, low risk then Direct to Prod, higher risk, then ALM.

risk chart

Call outs:
low risk = low impact and low instances, as a thousand small risk add up to a high risk
hard level of criticality that above will always be high risk, even low instances
hard limit of high instances that above will always be high risk, even low criticality

The metrics I recommend are:

Low Risk Flows

  • Personal solutions - they fix my problem and failures are contained to my role.
  • Low impact - the automation is not expected within my role, so if it fails I have the time and skills to complete manually
  • Low quantity - individual developers should not have high quantities of flows (20 limit)
  • Non Sensitive Data - sensitive data should not be risked and needs to be disclosed for legislation like GDPR

Low Risk Apps

  • Limited sharing - only used by a small team / max 5 users
  • Limited connections - should not be using custom integrations
  • Low quantity - individual developers should not have high quantities of apps (10 limit)
  • Non Sensitive Data - sensitive data should not be risked and needs to be disclosed for legislation like GDPR
  • Focused - solves one small specific problem

The app rating can be thought of as harsh, but apps have 2 critical considerations for risk:

They use the users connections, so bad actors could miss uses those permissions and access secure data.

They can scale rapidly, a app could quite easily go from being used by a handful of users to the entire organisation. At that point if it went down its impact could be catastrophic. The developer might not even know how many users it has or how important it is to those users.

Once you reach these limits then you then need to move over to a ALM process. That process needs to be as automated and simple as possible to ensure that citizen developers can still use the platform.

Implementing this is practice is all around your environment strategy, your Direct to Prod environments should have sharing controls (ideally using managed environment features else retrospective flows that remove sharing, and please please turn off 'Share with Everyone') and a limited DLP policy (ideally just the non-block able). Monitoring and communication should be a focus, with new developers getting intro email explaining limits of platform and anyone building high quantities of flows or high api call flows should be contacted to validate it is not business critical.

The normal practical split is:

environments

powerautomate Article's
30 articles in total
Favicon
Building a Smart Feedback Agent with Copilot Studio, Adaptive cards and Power Automate
Favicon
How to Publish a Power Platform Connector
Favicon
Looking for a mentor who could lead me to a right way for RPA developers
Favicon
How to Shutdown Azure VM
Favicon
The Art of Over Engineering on the Power Platform
Favicon
Invoke an HTTP request without a premium license: connectors summary
Favicon
What is Power Automate: A Complete Guide
Favicon
Get SharePoint library info from Teams context
Favicon
Think You Know Teams Chats? Discover the Workflows
Favicon
AWS Resource Listing Script: A DevOps Shell Scripting Project
Favicon
From Template to Tailored:The Power Platform Way
Favicon
Power Automate vs UiPath: Choosing the right automation tool
Favicon
Hacking Excel Files in Power Automate
Favicon
My Power Platform - Your Year in a Dashboard
Favicon
Power Automate - Handling XML
Favicon
Let's Talk About the Power Platform Dataverse For Teams
Favicon
Securing Plain Text using SHA hashing: SHA-256 Sorcery
Favicon
Mastering Tiered Pricing for Business Growth: A Detailed Guide
Favicon
Dataverse Security Roles
Favicon
Becoming a Power Platform Developer: A Beginner’s Guide
Favicon
Power Platform - Direct to Prod?
Favicon
Power Automate - How to Fix Missing Dependencies
Favicon
Power Automate - Expressions
Favicon
Updating SharePoint items without modifying System columns
Favicon
Power Automate - The Code Review Onion
Favicon
Use Client API Object model in Power Apps
Favicon
Power Up Your SharePoint Embedded Solutions with the Starter Kit
Favicon
Data Source Environment Variables in Power Automate actions
Favicon
Simplify Workflows Using Microsoft Power Automate and Syntex
Favicon
Extract table data from Documents using Azure AI Document Intelligence

Featured ones: