Below are the results to date for the 2023 State of the CF Union survey. This is the seventh part of the Survey, about how you deploy, host, containizer, build and secure your CF apps.
For those of you who don’t have time to read it now, here is a link to Download the PDF and read it later.
If you want to see the other 7 parts, just click on the part below.
1. Server Environment | 2. Your Environment | 3. Frameworks and Methodology | 4. Tools | 5. Your Programming Background | 6. ColdFusion Community | 7. Deployment | 8. Wrap up
Contents
- 7. Deployment
- 35. What types of DEVELOPMENT setups do you use? (Check all that apply)
- 36. What types of PRODUCTION deployments do you use? (Check all that apply)
- 37. What hosting services do you use for your PRODUCTION deployments? (Check all that apply)
- 38. What Docker Image(s) are you using, if applicable? (Check all that apply)
- 39. What deployment/build tools do you use? (Check all that apply)
- 40. What monitoring tools are you using? (Check all that apply)
- 41. How do you lock down your servers for security? (Check all that apply)
- 42. Have your CF servers suffered from a hacking exploit in the last 2 years due to a CF-based vector? (Remember, this is anonymous) (Check all that apply)
- 43. Are you using or planning to use AWS Lambda (serverless) (Check all that apply)
7. Deployment
35. What types of DEVELOPMENT setups do you use? (Check all that apply)
Others
| Separate QA or pre-release shared server |
| migrating to docker at some point this year |
| Local install on WSL |
| EC2 |
| Azure VMs |
| We have multiple dev/test/prod environments |
| dev server is shared, but we each have our own sites, hooked to our own source control workspace and dev db (on a shared dev db server) |
36. What types of PRODUCTION deployments do you use? (Check all that apply)
Others
| ant |
| Moving to Azure App Service |
| GCP Cloud Run |
| Commandbox as service on EC2 |
| Dedicated Server |
| azure, aws, google cloud, on bare metal, dedicated virtual machines |
| Migrating to Azure Web Apps running Lucee this year |
| Bare Metal Servers |
| google compute engine |
| Oracle Cloud |
| copy and paste from dev |
| Servers provided by State Data Center / Admin Services |
| VMs in our own virtualization cluster in our own datacenter |
| ColdFusion Servers hosted in a 3 node cluster |
| dunno |
37. What hosting services do you use for your PRODUCTION deployments? (Check all that apply)
Others
| Scala |
| Own datacenter |
| Ekco |
| Equinix |
| ovh |
| On Prem servers |
| Local Datacenter |
| GCP |
| Netcup GmbH |
| Homegrown |
| Ek.co |
| Hetzner vm server |
| Google Cloud |
| GCP |
| Self-hosted |
| Third party hosting provider; you don't need to know who |
| Strato |
| Hetzner |
| Vultr |
| Vultr |
| Databank |
| CFDynamics |
| The NorthC |
| Hyve |
| Google Cloud, Vultr |
38. What Docker Image(s) are you using, if applicable? (Check all that apply)
Others
| minibox |
| fork of https://github.com/isapir/lucee-docker |
| SQL server |
| Plausible analytics |
| SQL Server |
39. What deployment/build tools do you use? (Check all that apply)
Others
| Deploybot |
| Subversion |
| Own tools |
| In-house |
| custom cfml script to deploy git repo update |
| Google Cloud Build |
| Its a hybrid form of git version control combined webpack bundling and sFTP |
| Maven |
| Custom |
| Custom |
| Webpack |
| AWS Amplify |
| capistrano |
| Homegrown |
| teamcity, octodeploy |
| Buddy |
| CodeShip |
| Gitea |
| buddy works |
| HQDeply |
| custom |
| Maven |
| bat files |
| Rundeck |
| Gitbot.cfc |
40. What monitoring tools are you using? (Check all that apply)
Others
| PRTG |
| don't know |
| homegrown monitor |
| Centreon |
| site24x7.com |
| betteruptime, zabbix, nagios |
| zabbix |
| Zabbixx |
| not my job |
| papertrail |
| DataBank monitors for us |
| Icinga |
| UptimeRobot |
| cbdebugger |
| healthchecks.io |
| Uptime Robot |
| Uptime Robot (not sure if that counts as monitoring tool?) |
| atternity |
| Buglog |
| Dynatrace |
| SolarWinds DPA |
| Let hostek |
| Prometheus JMX Exporter + Prometheus + Alertmanager + Grafana |
| dynatracert |
| Don't know |
41. How do you lock down your servers for security? (Check all that apply)
Others
| SecurityMetrics Pen Testing |
| Consultants |
| CFB Security Analyzer, 3rd party penetration testing |
| Security Audits |
| published lock down guides by organization |
| pray |
| AWS Security Groups |
| restrict access to RDP by IP at cloudflare |
| in house scanner |
| In-house app not on public internet |
| Don't know |
| Follow HackMyCF advice |
| Not sure. I don't handle that part |
42. Have your CF servers suffered from a hacking exploit in the last 2 years due to a CF-based vector? (Remember, this is anonymous) (Check all that apply)
Others
| PEN-tests have been very enlightning though 😁 |
| no ha I know of |
| Hope not. |
| My production deployments are for demo purposes only. Deploy, test and erase. |
| I don't know |
| crypto miner |
| Not answering - if it hasn't happened (and I'm not saying it hasn't), it will |
| Unsure |
43. Are you using or planning to use AWS Lambda (serverless) (Check all that apply)
Others
| need to know more about it first before I decide |
| No, but want to learn more |
| didn't know it was a thing. python on aws is our use |
| Quarkus |
| Didn't even occur to us to write it in CFML, or that that would be an option. |
| Yes, with neither |
| Yes- Unknown implementation |
| I've used Lambda but not with CFML |
| Maybe |
| not sure |
| I'm curious, but don't have any plans. |
| Maybe |
| Not sure |
| No. |
| probably azure container services/functions |
| Waiting on Adobe ;<( |
| Yes, already in use in conjunction with AWS API gateway. |
| Yes, but with Node.js and Python, not CFML |
| Don't know |
| Unsure |
| yes but not with CF |
| Would like to try, but is this maintained? |
| yes, but with Node |
Previous: 6. ColdFusion Community
Michaela Light is the host of the CF Alive Podcast and has interviewed more than 100 ColdFusion experts. In each interview, she asks "What Would It Take to make CF more alive this year?" The answers still inspire her to continue to write and interview new speakers.
Michaela has been programming in ColdFusion for more than 20 years. She founded TeraTech in 1989. The company specializes in ColdFusion application development, security and optimization. She has also founded the CFUnited Conference and runs the annual State of the CF Union Survey.
