Skip to main content
Verify the version tags to ensure you are consuming the intended content or, complete the latest version.

Deployment responsibilities of LSAs

Review of the Security Checklist and compliance score

The first responsibility of the lead system architect (LSA) is to assess the application security. The LSA can make this assessment by verifying the Security Checklist. Failure to complete the application Security Checklist blocks your application deployment. This task:

  • Performs a detailed assessment of your current security configuration to determine whether the settings follow best practices for application development.
  • Provides status on each task in the Security Checklist page and blocks your application deployment if any task fails.
  • Stores an audit trail of the security configuration analysis and status at the time of deployment.

Sample error report generated by Verify security checklist task in DevOps release pipeline:

Error encountered in Verify Security checklist gate 34/34 tasks are incomplete.<br />
Please log into development environment and complete all tasks in the Application Guide: Application security checklist. <br />
Failed tasks:
  1. SECURITY_ADMINISTRATORS : Determine who is responsible for this checklist
  2. RULE_SECURITY_ANALYZER : Eliminate vulnerabilities in custom code
  3. SECURITY_ALERTS : Address security alerts promptly
  4. CONFIGURE_RULES : Configure rules appropriately
  5. PASSWORD_POLICY : Configure authentication security policies

Please check deployment logs for the complete list of failed tasks.

deployment-manager-verify-security-checklist
This diagram shows the failed status of the DevOps release pipeline if any of the tasks are errored out. In this example, verify security checklist task has failed.
 


In a Pega Deployment Manager release pipeline, Check guardrail compliance task validates the compliance score of the application during deployment. Check guardrail compliance task returns an error, if guardrail compliance for the application is less than the configured compliance score. Pega recommends a compliance score of 97 or higher for high performing applications.

Draft flow cross-check

The deployment manager now blocks deployments in systems with a production level of 5 if the artifact contains draft flows. If the production level is lower than 5, a warning message is displayed in the Deployment History and Reports section, which indicates that draft flows might cause production failures.

Application-level rollback to a restore point

Application-level rollbacks now provide a more granular approach to restore points, which you can use to revert rules and data instances in a specific application. This feature requires Pega Platform 8.4 and later.

Rollback relies on the Restore Points feature of Pega Platform™. The Rollback option is presented to the user only when a step errors out in a deployment. A restore point is automatically generated every time an import happens. Any changes that happen after the import and before the next restore point is generated by any application is rolled back when the rollback action is triggered from release pipeline.

deployment-manager-rollback
This diagram shows how to perform the Rollback of the failed deployment in a DevOps release pipeline.
 

 

deployment-manager-rollback-confirmation
This diagram shows the Rollback process completed for the failed deployment and restored to the previous state in a DevOps release pipeline.
 

The following image depicts the high-level interaction diagram of the release pipeline and the process involved in rollback.

release-pipeline-rollback
Sequence # Description
1 Release Manager creates CICD pipeline for an application 
2 Trigger CICD
3 Publish package to Dev repository
4 Deploy the package from Dev repository to Staging environment
5 Pega creates restore point after every product deployment
6 Execute pipeline steps (Compliance score, Security checklist and Test coverage)
7 Skip and continue
8 Publish package to PROD repository
9 Rollback
10 Get RAP with restore point from Database
11 Delete individual rule instances
12 Post status update Release Manager

The following log entries from the Deployment manager release pipeline are displayed when rollback occurs:

<code>2020-11-03 07:32:01,580 [DM release administrator] [BookingApp] [Booking01.01.03] [Booking_010232_1] INFO Build ROLLBACK, Build ID:BO-4
=============== Beginning of remote server logs for task: rollback, Server:Quality Assurance ===============
2020-11-03 07:32:01,958 [PegaRULES-Batch-3] [Rule_Obj_Activity.pzCreateTaskWrapper.Pega_Int_Pipeline.Action] INFO Task execution started for task  type: rollback
Request object: {
"pxObjClass":"Pega-Int-Pipeline"
,"pyApplicationName":"Booking"
,"pyApplicationVersion":"01.01.03"
,"pyCallBackURL":"http://192.168.125.144:9080/prweb/PRRestService/cicd/v1/task/rollback/status?FlowName=pzRunPegaUnits&FlowActionName=pzPauseTask"
,"pyID":"PEGA-PIPELINE-CD BO-4"
,"pyPipelineName":"BookingApp"
,"pyRestorePointName":"RP_20201103T073104.595_qfjj"
}
 
2020-11-03 07:32:02,031 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.restorepoint.AbstractRollback] INFO Rolling back Application using restore point - RP_20201103T073104.595_qfjj</code>

<code>2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO      Import summary for {PageKeeperArchive}
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO      Total instances in archive:  6
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO      Instances imported: 0
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO      Instances skipped: 0
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO      Instances not imported due to error: 0
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO      Instances not processed: 6
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Operation Status: Import Complete
2020-11-03 07:32:02,215 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Operation Status: Deleting instances marked for removal.
2020-11-03 07:32:02,225 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-RULESET-VERSION BOOKING 01-02-32
2020-11-03 07:32:02,350 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-ADMIN-PRODUCT BOOKING 01.01.04 #20201103T103303.222 GMT
2020-11-03 07:32:02,397 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-DECLARE-PAGES D_BOOKINGCONST #20201103T105955.944 GMT
2020-11-03 07:32:02,439 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-HTML-SECTION FSG-BOOKING-UIPAGES ROOMSREQUESTCONTENT #20201103T104359.657 GMT
2020-11-03 07:32:02,613 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-OBJ-ACTIVITY FSG-BOOKING-DATA-CONSTPROP LOADBOOKINGCONSTDP #20201103T110029.016 GMT
2020-11-03 07:32:02,657 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-OBJ-WHEN DATA-PORTAL ISEVENTMANAGEMENTWG #20201103T104313.416 GMT
2020-11-03 07:32:02,691 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Operation Status: Completed
2020-11-03 07:32:02,691 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.restorepoint.AbstractRollback] INFO Application has been rolled back using restore point - RP_20201103T073104.595_qfjj
2020-11-03 07:32:02,760 [PegaRULES-Batch-3] [Rule_Obj_Activity.pzCreateTaskWrapper.Pega_Int_Pipeline.Action] INFO Task execution completed for task : rollback
Posting status to release manager system. Status object:
{
"pxObjClass":"Pega-Int-Pipeline"
,"pyApplicationName":"Booking"
,"pyApplicationVersion":"01.01.03"
,"pyCallBackURL":"http://192.168.125.144:9080/prweb/PRRestService/cicd/v1/task/rollback/status?FlowName=pzRunPegaUnits&FlowActionName=pzPauseTask"
,"pyID":"PEGA-PIPELINE-CD BO-4"
,"pyPipelineName":"BookingApp"
,"pyRestorePointName":"RP_20201103T073104.595_qfjj"
,"pyRollbackLevel":"ApplicationRollback"
,"pyStatusMessage":"Restored to RestorePointName :RP_20201103T073104.595_qfjj"
,"pyStatusValue":"SUCCESS"
,"pySystemNodeID":"35669bb013e2b46be6206f71e7307c11"
}</code>

<code>=============== End of remote server logs for task: rollback, Server:Quality Assurance ===============
2020-11-03 07:32:05,102 [DM release administrator] [BookingApp] [Booking01.01.03] [Booking_010232_1] INFO Remote task execution completed.</code>

Manual deployment with restore points to enable error recovery

For the manual deployments using Import wizard, use the prpcServiceUtils tool to roll back your system to a restore point if any problem arises during a product import.

Pega Platform automatically creates restore points after an archive import. While importing product files, do not select Do not set restore point or save metadata during the import. Otherwise, the option enables Pega to create a restore point as a part of product file import.

restore-point-manual import
This diagram shows the options available to create the restore point during the Import process of the product file.
 

Limitations with restore points

There are limitations to what you can restore when you rollback. Pega Platform uses historical records to return most of the system to the restore point state. Changes to the following items do not generate history records and are not rolled back by the rollback feature. Decide on a case-by-case basis whether to remove these changes manually, or whether they can remain on the system.

  • SQL changes
  • Java .jar imports
  • Some custom data instances

When you configure the class for a data type, you can specify not to generate a history record for instances of that type. If the data instance does not generate a history record, changes to the data instance cannot be rolled back.
You can specify which rule and data instances are returned to the previous state:

  • System: Rollback every rule and data instance with a historical record. This is the default setting.
  • User: Rollback rule and data instances modified by a specific user. 
    Note: If any rule is changed by more than one user, you see an error message and must use the system rollback.
  • Application: Rollback rule and data instances in a specific application.

For more information on restore points, see Using restore points to enable error recovery.


This Topic is available in the following Module:

If you are having problems with your training, please review the Pega Academy Support FAQs.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Academy has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice