Post on 11-Feb-2017
#whoami
Ricky Sanders@GM> Cloud Security Architect> Young Self-Taught Technology Hobbyist so I don’t know everything
and I don’t have formal training> Stay up late at night teaching myself Angular2, Node.JS, NoSQL,
O-auth, VMware, Docker, Open Shift/Kubernetes, Virtual Network Infrastructure, DevOps, Puppet, Ethical Hacking, Crypto, because its fun..
> Read a lot!> Started off with a MS in Management and BS in Economics> Fascinated by organizational behaviors in IT
Rickyleesanders88@gmail.comwww.linkedin.com/in/ricky-sanders-988b0119
Good Reads
“Any organization that designs a system (defined broadly) will produce a design whose structure is a copy of the organization’s communication structure.”
- Melvin Conway, 1968
“Dysfunctional organizations tend to create dysfunctional applications.”
- Melvin Conway
Well known philosophy in modern IT
Are there other patterns of organizational behavior that foster
or stifle cloud innovation?
Which made me wonder….
Anti-Cloud Patterns & Behaviors
Break the anti-patterns
Pro-Cloud Patterns & Behaviors
Anti-Cloud Symptoms: Fragility, In-disposability, Un-Scalable , Little Capacity, Lost CustomersWhat is it?• Servers and systems are seen as fragile. The behavior of most people is to not dispose of
these systems and never touch them. Process and behaviors are built around preserving and maintaining not upgrading or innovating.
Causes – Cloud-Anti-Patterns• Centralized Service Organizations• Hand-Cranked Automation • Maintenance Mode• Monolithic Architectures• Snowflake Factory / Handcrafted Servers• Custom Scripts/ Bash Scripts
Impacts• Business disruption • Reduced time-to-market for projects• Un-scalable and inflexible systems• Underutilized capacity • Linear capacity planning thinking• More operations and less innovation• Bad Security Posture
Anti-Cloud-Pattern: Centralized Service over Self-Service What is it?• Centralized ITIL “service delivery” teams are offering “self-service resources”• This is typically because an older service model supporting a technology
that’s more fit for the cloud• Teams may be able to provision one of three types of servers/systems• Little to No ability to customize it themselves
Signs• Server that are pre-made. • “Pre assembled Lego-toy already glued together”• File tickets to request a server. An IT person creates each server, working
under an SLA that gives them a few days to do the work.
Impacts• Reduced time-to-market waiting on retrofitting pre-built servers• Doesn’t meet customer needs
“The anti-pattern to avoid is allowing a single platform-operations team to become the new “infrastructure” team that locks the business capability teams out.”
What is it?Hand-cranked infrastructure uses advanced tools to manage hardware resources, but doesn’t provide them to users dynamically or with a self-service model.
Signs • Centralized “Cloud Service team” using expensive virtualization, automation, and
orchestration software but …• Users request tickets or service-requests to request a server. • An IT person creates each server• IT person works under SLA that gives them a few days to do the work• IT person returns the login details to the user. • IT person uses remote access and custom bash scripts to provision system
Impacts• Less capacity due to hugging VM’s• Discourages automation & orchestration• Discourages users from ever decommissioning their servers• App teams are not held accountable for their work• Reduced time to market because of onboarding processes• Snowflake Servers• Longer time to market results in people hugging VM’s longer to re-purpose
Anti-Cloud-Pattern: Hand-Cranked Automation
Anti-Cloud-Pattern: Deploying to a Production-like Environment Only after Development Is Complete
What is it?“In this pattern, the first time the software is deployed to a production-like environment (for example, staging) is once most of the development work is done— at least, “done” as defined by the development team.”
Signs• If testers have been involved in the process up to this point, they have tested
the system on development machines. • Releasing into staging environments is the first time that operations people
interact with the new release.• The development team assembles the correct installers, configuration files,
database migrations, and deployment documentation to pass/handoff to the people who perform the actual deployment.
Impacts• Technical Dependency Issues which create lead times troubelshoot• Rework to make code or server fit for purpose
Anti-Cloud-Pattern: Monolithic Architectures
What is it?Monolithic Architecture is an application design pattern that hosts all the code and logic on a single server. Typically, this creates tight coupling to the host and a common shared library supports many services and functions.
Signs• Managing and automating Java Enterprise Application files (EAR Files)• Building JEE Applications• Building on Servers not Containers• Shared libraries
Impacts• Discourages users to perform tests and make changes• Longer time-to-market because of longer Unit, Regression, Security testing
because your testing more code• More likely to break the entire application because of dependencies on
shared libraries• Less scalable because you need a whole new server• Sessions States typically tied to server or physical machine
Anti-Cloud-Pattern: Snowflake Factory / Handcrafted Servers
What is it?• Users login to server user-interface to configure the image itself instead of
using configuration management tools. There is no version control on independent server configs resulting in opportunity for snowflakes.
Signs• Use of management interfaces• User Remote Access to Servers (RDP/SSH)• Privileged Access of Server Admins• Privileged Access Management
Impacts• Discourages automation and orchestration • Discourages immutability and better security • Encourages Technology drift• Discourages scalability• Complex Access Management Systems
Anti-Cloud-Pattern: Maintenance ModeWhat is it?Maintenance Mode is when servers and VM’s are patched not upgraded. This is opposite of a phoenix project. Typically remote access, reboots, and restarts are required.
Signs• Patching systems not upgrading them • Putting VM’s in maintenance mode• Bringing systems offline• Remote access • Rebooting / Restarting Services• Change Windows for scheduled Downtime
Impacts• Downtime of systems, disrupted innovation or production • Inconsistencies in configuration across systems from different users applying
patches/hotfixes• Snowflake servers, not phoenix projects• Discourages automation and orchestration • Stale Systems
Anti-Cloud-Patterns: Others
• Manual Configuration Management • Deploying Software Manually • CMDB Audit and Fix• Hot Cloned Servers• Handcrafted Infrastructure• Per-Environment Definition Files• Large-Scale/Sprawling infrastructure Definitions & Manifests• Reflecting Configuration Unit Tests
Credits
• The Phoenix Project by Gene Kim, Kevin Behr, George Spafford • Continuous Delivery by Jez Humble and David Farley• Building Micro Service O ’Riley • Architecting Micro Service O ’Riley • Infrastructure as Code by O ’Riley • Immutable Infrastructure O ’Riley • The DevOps Toolkit 2.0• https://12factor.net/• AWS Publications & Whitepapers: architecting for the Cloud 2012• http://melconway.com/Home/Committees_Paper.html