Below are the results to date for the 2023 State of the CF Union survey. This is the seventh part of the Survey, about how you deploy, host, containizer, build and secure your CF apps.
For those of you who don’t have time to read it now, here is a link to Download the PDF and read it later.
If you want to see the other 7 parts, just click on the part below.
1. Server Environment | 2. Your Environment | 3. Frameworks and Methodology | 4. Tools | 5. Your Programming Background | 6. ColdFusion Community | 7. Deployment | 8. Wrap up
Contents
- 7. Deployment
- 35. What types of DEVELOPMENT setups do you use? (Check all that apply)
- 36. What types of PRODUCTION deployments do you use? (Check all that apply)
- 37. What hosting services do you use for your PRODUCTION deployments? (Check all that apply)
- 38. What Docker Image(s) are you using, if applicable? (Check all that apply)
- 39. What deployment/build tools do you use? (Check all that apply)
- 40. What monitoring tools are you using? (Check all that apply)
- 41. How do you lock down your servers for security? (Check all that apply)
- 42. Have your CF servers suffered from a hacking exploit in the last 2 years due to a CF-based vector? (Remember, this is anonymous) (Check all that apply)
- 43. Are you using or planning to use AWS Lambda (serverless) (Check all that apply)
7. Deployment
35. What types of DEVELOPMENT setups do you use? (Check all that apply)
Others
| dev server is shared, but we each have our own sites, hooked to our own source control workspace and dev db (on a shared dev db server) |
| We have multiple dev/test/prod environments |
| Azure VMs |
| EC2 |
| Local install on WSL |
| migrating to docker at some point this year |
| Separate QA or pre-release shared server |
36. What types of PRODUCTION deployments do you use? (Check all that apply)
Others
| dunno |
| ColdFusion Servers hosted in a 3 node cluster |
| VMs in our own virtualization cluster in our own datacenter |
| Servers provided by State Data Center / Admin Services |
| copy and paste from dev |
| Oracle Cloud |
| google compute engine |
| Bare Metal Servers |
| Migrating to Azure Web Apps running Lucee this year |
| azure, aws, google cloud, on bare metal, dedicated virtual machines |
| Dedicated Server |
| Commandbox as service on EC2 |
| GCP Cloud Run |
| Moving to Azure App Service |
| ant |
37. What hosting services do you use for your PRODUCTION deployments? (Check all that apply)
Others
| Ayera |
| Other |
| CFML is intranet only - IIS |
| Azure |
| Vultr |
| Google Compute Engine |
| Boeing Intranet |
| CFDynamics.com |
| CFDynamics |
| CFDynamics |
| On premise |
| Azure |
| LiquidWeb dedicated servers, self managed |
| likely to move to Amazon in the future |
| we are 100% on-prem |
| QTS Data center |
| alibaba, tencent |
| VMWare |
| copy and paste from dev |
| Hetzner |
| none |
| none |
| NorthC Datacenters |
| homegrown services |
| Google Cloud |
38. What Docker Image(s) are you using, if applicable? (Check all that apply)
Others
| SQL Server |
| Plausible analytics |
| SQL server |
| fork of https://github.com/isapir/lucee-docker |
| minibox |
39. What deployment/build tools do you use? (Check all that apply)
Others
| Deploybot |
| https://buddy.works |
| homegrown |
| None for CF |
| deploy via source control promotes and manually run sql scripts |
| springloops |
| Custom scripts |
| TeamCity |
| AWS CodeCommit |
| Capistrano |
| Google Cloud Platform |
| TeamCity |
| Gitbot.cfc |
| Rundeck |
| bat files |
| Maven |
| custom |
| HQDeply |
| buddy works |
| Gitea |
| CodeShip |
| Buddy |
| teamcity, octodeploy |
| Homegrown |
| capistrano |
40. What monitoring tools are you using? (Check all that apply)
Others
| Monastic, Uptime Robot |
| Site 24x7 |
| Don't know |
| zabbix |
| Alertra |
| PRTG |
| Pingdom for external, PRTG for internal |
| Logic monitor |
| AppDynamics |
| AppDynamics |
| Better Uptime |
| Raygun |
| Azure |
| Splunk |
| uptime robot |
| siteimprove |
| uptime monitoring |
| Glow worm |
| Logstash, Grafana, Zabbix |
| Don't know |
| dynatracert |
| Prometheus JMX Exporter + Prometheus + Alertmanager + Grafana |
| Let hostek |
| SolarWinds DPA |
| Dynatrace |
41. How do you lock down your servers for security? (Check all that apply)
Others
| Not sure. I don't handle that part |
| Follow HackMyCF advice |
| Don't know |
| In-house app not on public internet |
| in house scanner |
| restrict access to RDP by IP at cloudflare |
| AWS Security Groups |
| pray |
| published lock down guides by organization |
| Security Audits |
| CFB Security Analyzer, 3rd party penetration testing |
| Consultants |
| SecurityMetrics Pen Testing |
42. Have your CF servers suffered from a hacking exploit in the last 2 years due to a CF-based vector? (Remember, this is anonymous) (Check all that apply)
Others
| Unsure |
| Not answering - if it hasn't happened (and I'm not saying it hasn't), it will |
| crypto miner |
| I don't know |
| My production deployments are for demo purposes only. Deploy, test and erase. |
| Hope not. |
| no ha I know of |
| PEN-tests have been very enlightning though 😁 |
43. Are you using or planning to use AWS Lambda (serverless) (Check all that apply)
Others
| yes, but with Node |
| Would like to try, but is this maintained? |
| yes but not with CF |
| Unsure |
| Don't know |
| Yes, but with Node.js and Python, not CFML |
| Yes, already in use in conjunction with AWS API gateway. |
| Waiting on Adobe ;<( |
| probably azure container services/functions |
| No. |
| Not sure |
| Maybe |
| I'm curious, but don't have any plans. |
| not sure |
| Maybe |
| I've used Lambda but not with CFML |
| Yes- Unknown implementation |
| Yes, with neither |
| Didn't even occur to us to write it in CFML, or that that would be an option. |
| Quarkus |
| didn't know it was a thing. python on aws is our use |
| No, but want to learn more |
| need to know more about it first before I decide |
Previous: 6. ColdFusion Community
Michaela Light is the host of the CF Alive Podcast and has interviewed more than 100 ColdFusion experts. In each interview, she asks "What Would It Take to make CF more alive this year?" The answers still inspire her to continue to write and interview new speakers.
Michaela has been programming in ColdFusion for more than 20 years. She founded TeraTech in 1989. The company specializes in ColdFusion application development, security and optimization. She has also founded the CFUnited Conference and runs the annual State of the CF Union Survey.
