Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News How Palo Alto Approaches Platform Engineering

How Palo Alto Approaches Platform Engineering

Ramesh Nampelly, senior director of cloud infrastructure and platform engineering at Palo Alto, recently wrote about how Palo Alto approaches platform engineering. They built their own internal developer platform (IDP) based on the open-source tool Backstage. Their platform covers infrastructure provisioning, policy management, observability, and cost management.

Nampelly explains that Palo Alto had troubles with legacy practices leading to independent automation approaches with disparate documentation. Gary Nieman, product manager at Spotify, noted similar fragmentation within Spotify's development teams and shared that it led to a form of "rumour-driven development" where "the only way to find out how to do something was to ask your colleague".

Palo Alto's goal with its platform was to encourage self-service developer tooling. With this in mind, one of the first pieces they tackled was a service catalog to "help developers or SREs to find out the details of a given production service easily and quickly". Matthew Skelton, founder at Conflux, shared a similar idea that simplifying how to find information is an effective means of improving flow:

What if the most important part of "platform engineering" is maintaining a high quality wiki with proven, empathic patterns for Stream-aligned teams to follow?

In building this, Nampelly notes that the team had to decide whether to build the tooling internally or purchase something off the shelf. The decision was made that the tool should be built in-house to meet their specific use cases. They decided to use Backstage as a starting point: "[w]e've forked out [B]ackstage OSS code and added required abstractions and named it as "Palo Alto Networks DevClues"."

Overview of the Palo Alto Networks IDP

Overview of the Palo Alto Networks IDP (credit: Palo Alto)

Nampelly shared that they categorize their platform capabilities and tools into three phases (based on the 2022 Gartner Innovation Insight for Internal Developer Portals Report): discover and create, integrate and deploy, and operate and improve. Discover and create covers "day-0" activities focused on the "initial part of the development lifecycle, including onboarding, training, bootstrapping, local development".

Integrate and deploy covers "day-1" tasks focused on deploying the application into staging and production environments. This includes both infrastructure and application management. The operate and improve phase covers the ongoing tasks associated with operating a service including automation, observability, and incident management.

However, building the right tools is only part of the problem. As Galo Navarro, principal software engineer at Midokura, succinctly summarized, the value of platform engineering is not in what tools are built, but in the outcomes generated:

We're seldom told "build this tool", but rather "power-up product teams", and it's expected that we'll walk up and down the organization to understand what challenges product teams have and which are worth solving.

Nampelly's team worked to empower their teams through service templates focused on improving common tasks:

Palo Alto Networks DevClues provide ready to use service templates for developers to create new software applications, services and infrastructure components with embedded best practices.

Effective platform teams also work to gather ongoing feedback from their users to help craft the platform direction. Adam Hansrod, principal engineer at Equal Experts, states that "building the platform incrementally based on the feedback from the customer teams drives stronger adoption of the platform." Nampelly notes that the platform team at Palo Alto "is focused and committed to continuously innovate IDP capabilities by managing its adoption, roadmap, [and by] gathering feedback from our engineering teams."

More information about Palo Alto's internal developer platform can be found on the Palo Alto blog.

About the Author

Rate this Article