End of Year Timeline
Hello all! Hope you all still hang in there and stay healthy in these hectic weeks in Q4.
This end of year is full of new product launches, new feature launches and key marketing events as follows:
Nov 14 (today) - Staging of our v2.9 release containing:
- Newest version of our app, flight, hotel
- Bell (connectivity product) - Android
- Columbus (experience reservation product) - Android
- Cimahi (train reservation product) - Android, iOS
(Please keep confidentiality of new products to external parties before they launch)
Nov 21 - RC for v2.9 available
Nov 21-27 - Strategic marketing event to position Traveloka as a leading travel brand in Google's "Festival Jalan-Jalan".
Nov 28 - Launch of v2.9 with new products feature controlled to launch in the dark
Nov 29-Dec 12 - Enabling of new product based on backend and supplier readiness, and launch of web desktop & m-web Train
Dec 5 - Beginning of freeze period. Only dark launch & case by case approved change in production is allowed
Dec 5 - Key marketing campaign for Bell (connectivity)
Dec 19 - Key marketing campaigns for all travel products (Flight, Hotel, Train, Experience)
Dec end - Mongostrack decommission, as much as possible. It relies on hundreds of collections worth up to a few Terabytes being deprecated, so help is appreciated! It's a huge technical debt we remove.
Since this end of year is very important and also might attract external attackers, we did some preparation. Here is some guides for you:
- End of Year Freeze Period notice: https://docs.google.com/document/d/19SIQAEFz696jrR6SK4s3OrFHbp2oty3eVqf4t86h8gc/edit#heading=h.pbw2j7mop6k6
- End of Year Prep Master document, including operational toolings https://docs.google.com/document/d/134Vr9rB8bazNnZwfngybxAkVNZf9FMh-82gy1xz-VRk/edit#
- DDoS protection - we chose Akamai as the best CDN + WAF + DDoS mitigation provider who can handle our potentially dynamic load and execute integration within our timeline so far. Expecting to go live by Nov 21. Other vendors will be considered later. We're expecting some attacks during end of year. https://docs.google.com/document/d/1w0P-hE7CPSK3IwH2H_m5DXZcUDuUQFi2pM4DVxAPE5w/edit#
- Web infra team installed node.js rate limiter and nginx fail2ban for extra mitigation, and attempts to auto-scale their node.js servers within these 1-2 weeks as extra mitigation
- Certain central tech assets have been upgraded by site infra team in terms of capacity and also underlying infrastructure
- Your heads of engineering and team leads should have prepared for each team's readiness in scalability
- Certain projects like Flight Postgres migration that is not deemed critical for end of year scalability can be paused for the sake of more important actionables
- We're still enforcing SSH lockdown and production access to leads only. For case by case operational needs in production for emergency situation, you should contact Sergei for figuring out best solution
- User team has prepared user identity security measures for defending against attempted authentication break-in (this one will double check soon)
- Mas Mada will monitor new release pre and post-production for security bugs
Also, the company is willing to supply dinner for you who expect to consistently work overtime in some weeks during this end of year. Just private message me and specify for which team!
Really appreciate the hard work of you all making this happen!
If you see anything missing let us know!