Production Checklist

Open Table of contents

Intro
Requirements for production
Availability
Scalability
Security & privacy
- Access management
Traceability and observability
Maintenance
Conclusion

Intro

Designing and developing applications is fun. When the go-live time nears, there are couple of things you want to have answers ready and documented. All of the following things should be considered on design and development time, not just before going live.

Requirements for production

The first and the most important thing is to understand the functional and non-functional requirements of the Application. Pay attention at least to the following.

Availability

Must the Application be reachable at all times? How is it ensured?

How can the platform ensure the realiability or scalability requirements? What is the platform, that the Application is designed run on?

A single or clustered bare-metal Linux / Windows server? Where does it run, on-premise or public cloud?
Some kind of PaaS, e.g. Heroku, or the services that Amazon Web Services, Microsoft Azure or Google Cloud Platform offers?
Something else?

What needs to be backed up, and how is it done? The backup and restoration processes have been tested?

Scalability

How many simultaneous users / transactions per second etc.? See Availability.

How much (storage) capacity does the Application need? How does the platform and application scale?

Security & privacy

What kind of data does the Application generate, process or store? Does the EU GDPR apply?

What kind of vulnerabilities can occur in the Application, including the platform? How are they observed and alerted on? How are they mitigated (in design/development phase, and in production)?

Access management

How are the users and administrators authenticated and authorized? What needs to be logged?

Traceability and observability

What kind of compliance requirements does the Application have? Is there a need to follow some legal/regulatory requirements or standard?

What should be logged? Where should the logs be stored and how?

How are anomalies detected (security issues, system failures, etc.)? Who is alerted and how?

Maintenance

What kind of maintenance does the selected platform need? How is the platform patched and tested?

How is the Application deployed to the production? CI/CD pipeline, manually via e.g. SCP, as a container or something else?

How are new Application versions tested, and installed on production? What kind of activities does the development / release process contain?

Conclusion

This is a starting point for the production planning. The above list most certainly does not contain all the things, that your business case and Application requires, so feel free to add new things and modify the existing ones, as necessary. I tried to keep the list as universal, yet practical as possible.