Delivering Software at SpeedAWS OpsWorks for Chef AutomateAmazon Web Services Sydney User Group

Matt Ray

Manager, Solutions Architect for APJ

February 1, 2017

5x

Apps and experiences are the new interface

Disrupt or be disrupted. Outperform the competition with digital transformation.

Success with digital transformation is key to business growth

Idea Ship

PROBLEMMost enterprises aren’t very good at shipping software

▪ Slow time-to-market

▪ Poor user experience

▪ High cost

▪ Poor predictability

▪ Vulnerabilities and risk

POTENTIAL

1—Gartner, Delivering Value at Speed2—GartnerApps, November 2016

REQUIREMENT

For organizations that have implemented DevOps, 66% saw faster realization of business value1.

Gartner predicts that through 2021 market demand for app development will outstrip supply by 5x.

66%

1. BMC 2. Splunk 3. IBM 4. HP 5. New Relic 6. AWS 7. Servicenow 8. CA 9. Microsoft

10. Chef 11. Solarwinds 12. Atlassian

Chef has driven the automation revolutionOur platform is a leader in Continuous Automation

Infrastructure Automation

Compliance Automation

Application Automation

Strategic Vendor of F500OSS LeadershipWith which vendor do you think you will be spending the most on IT tools in three years?

Goldman Sachs Spending Survey, 2016

Key Partners

Sliding Scale of Hybrid

% of TraditionalInfrastructure

% of ModernInfrastructure

Legacy toolingLegacy process

Modern toolingModern process”

Most enterprises are going to operate in hybrid mode for many years to comeAndy Jassy, CEO, Amazon Web Services (re:Invent 2016)

Product SoftwareDevelopment

QualityAssurance

Operations Security

Current Infra Team’s ChallengeR

UN

TIM

E

Grid PaaS Containers & Discovery Traditional Applications

INFR

AS

TR

UC

TU

RE

Bare Metal Virtualization Cloud & IaaS OS

Application Delivery

LOBLOB

FOCUS ON SPEED

Tension caused by the demands placed on teams…

…can be resolved by vertical integration and automation…

…to deliver a future of developer services and software at speed

SHARED SERVICES

Vertical Integration is key to velocityA balance of increasing speed, improved efficiency and decreasing risk

FOCUS ON RISK

SHARED SERVICES

DEVELOPER SERVICESBUILD • DEPLOY • MANAGE

LOBLine of

Business

LOBLine of

BusinessLOB

SHARED SERVICES

LOB

”Business Value with Developer ServicesShifting capabilities to match business requirements

Developer Services EngineerLine of Business Development TeamI provide services that developers and development teams use to build and deliver applications.

Developer Services TeamsTraditional Central IT

System AdministratorCentralized Enterprise IT TeamI manage and deliver infrastructure required to run software in my organization.

MANAGE Enabling development teams to get insights into speed, efficiency and risk of delivery of their software

Reducing risk to my organization from my infrastructure and software that runs on it

Enabling development teams to ship software at speed while maintaining quality and reducing risk

Reliably managing changes to infrastructure requirements DEPLOY

Providing on-demand, self-service infrastructure and services tailored to developer needs

Managing and lowering costs of running, configuring, and maintaining infrastructure

Don’t measure me on traditional IT metrics, but on the metrics of the businessJim Fowler, CIO, GE Capital

BUILD

The impact of outperformance5x Revenue Growth, 8x Profitability Growth, 2x Shareholder Return Growth

4.3% 13.5% 18.1%

0.8%

-1.8%

10.3%

B2B digital leaders turn in stronger financial performance.

Top-quartile digital B2B companies

Rest of B2B sample

Revenue growth,CAGR,2010-15

Operating profit (EBIT)Growth, CAGR, 2010-15

Return to shareholder (TRS)growth, CAGR, 2010-15

~5X ~8X ~2X

Firms with high performing IT organizations were twice as likely to exceed their profitability, market share, and productivity goalsThe State of DevOps, 2016

HIGH PERFORMING IT ORGANIZATIONS:▪ 200x more frequent releases

▪ 24x faster at recovering from failures

▪ 3x lower change failure rate

▪ 255x shorter lead times

No high velocity company has gotten there without automation as a foundation

2x

Velocity: time from idea to ship

Software success metricsQuantifying outcomes to deliver software at speed

Deployment frequency

Time fromcommit to deploy

Mean timeto resolve

Time deploying remediation

Change failurerate

SPEEDMeasure of rate

of software change

EFFICIENCYMeasure of effectiveness

of software change

RISKMeasure of qualityof software change

Compliance testing coverage

Idea Ship

Standard Bank pushes ideas from commit to deploy in 18 minutes with Chef

Focus on SpeedMeasuring the rate of software change

HIGH ITPERFORMERS

MEDIUM IT PERFORMERS

LOW ITPERFORMERS

On-demand Week - MonthMonth – 6

Month

< 1 Hour Week - MonthMonth - 6

month

USE CASES INCLUDE:▪ Application Delivery

▪ Build Pipelines

DEPLOYMENT FREQUENCY

TIME FROM COMMIT TO DEPLOY

Delivering software at speedThe capabilities needed across infrastructure, applications and compliance

Workflow • Local development • Integration • Tooling (APIs & SDKs)

COLLABORATE

▪ Package▪ Test▪ Approve

BUILD

▪ Provision▪ Configure▪ Execute▪ Update

DEPLOY

▪ Secure▪ Comply▪ Audit▪ Measure▪ Log

MANAGE

“Continuous configuration automation tools (aka infrastructure as code) are foundational to DevOps initiatives.

—Gartner, Inc.Market Guide for Continuous Configuration

Automation Tools, Dec 2016

“How..?CAN YOU DELIVER SOFTWARE AT SPEED FOR YOUR BUSINESS

The Chef Automate PlatformContinuous Automation for High Velocity IT

Workflow • Local development • Integration • Tooling (APIs & SDKs)

COLLABORATE

▪ Package▪ Test▪ Approve

BUILD

▪ Provision▪ Configure▪ Execute▪ Update

DEPLOY

▪ Secure▪ Comply▪ Audit▪ Measure▪ Log

MANAGE

Infrastructure Automation Compliance AutomationApplication Automation

OSS AUTOMATION ENGINES

Increase Speed

▪ Package infrastructure and app configuration as code

▪ Continuously automate infrastructure and app updates

Improve Efficiency

▪ Define and execute standard workflows and automation

▪ Audit and measure effectiveness of automation

Decrease Risk

▪ Define compliance rules as code

▪ Deliver continuous compliance as part of standard workflow

Chef

▪ Manages deployment and on-going automation

▪ Define reusable resources and infrastructure state as code

▪ Scale elegantly from one to tens of thousands of managed nodes across multiple complex environments

▪ Community, Certified Partner, and Chef supported content available for all common automation tasks

Infrastructure automation and delivery at scale

windows_feature ‘IIS-WebServerRole’ doaction :install

end

windows_feature ‘IIS-ASPNET’ doaction :install

end

iis_pool FooBarPool doruntime_version “4.0”action :add

end

package "apache" doaction :install

end

template “/etc/httpd/https.conf” dosource “httpd.conf.erb”mode 0075owner “root”group “root”

end

service “apache2” doaction :start

done

PART OF A PROCESS OF CONTINUOUS COMPLIANCE

Scan for Compliance

Build & Test Locally

Build & Test CI/CD Remediate Verify

A SIMPLE EXAMPLE OF AN INSPEC CIS RULE

InSpec

▪ Translate compliance into Code

▪ Clearly express statements of policy

▪ Move risk to build/test from runtime

▪ Find issues early

▪ Write code quickly

▪ Run code anywhere

▪ Inspect machines, data and APIs

Turn security and compliance into code

control ‘cis-1.4.1’ dotitle ‘1.4.1 Enable SELinux in /etc/grub.conf’desc ‘

Do not disable SELinux and enforcing in your GRUB configuration. These are important security features that prevent attackers from escalating their access to your systems. For reference see …

‘impact 1.0expect(grub_conf.param ‘selinux’).to_not eq ‘0’expect(grub_conf.param ‘enforcing’).to_not eq ‘0’

end

Habitat

▪ Ease the burden of managing microservice apps and bring benefits of apps architected for microservices to traditional applications

▪ Gain consistent management of new and traditional applications across their lifecycle

▪ Provides application portability for new and traditional apps

▪ Autonomous nodes self-manage runtime state of application based upon policy you define

▪ APIs expose application behaviors as data for better management

▪ Works in tandem with infrastructure automation

▪ Makes applications running on containers, PaaS, virtual machines, bare metal, … better

Automation that travels with the app

The Chef Automate PlatformContinuous Automation for High Velocity IT

Workflow • Local development • Integration • Tooling (APIs & SDKs)

COLLABORATE

▪ Package▪ Test▪ Approve

BUILD

▪ Provision▪ Configure▪ Execute▪ Update

DEPLOY

▪ Secure▪ Comply▪ Audit▪ Measure▪ Log

MANAGE

Infrastructure Automation Compliance AutomationApplication Automation

OSS AUTOMATION ENGINES

Increase Speed

▪ Package infrastructure and app configuration as code

▪ Continuously automate infrastructure and app updates

Improve Efficiency

▪ Define and execute standard workflows and automation

▪ Audit and measure effectiveness of automation

Decrease Risk

▪ Define compliance rules as code

▪ Deliver continuous compliance as part of standard workflow

Chef Automate is at the heart of software deliveryThe vendors you trust, trust Chef for continuous automation

Technology Partners:

Workflow • Local development • Integration • Tooling (APIs & SDKs)

COLLABORATE

▪ Package▪ Test

BUILD

▪ Secure▪ Comply

MANAGE

Infrastructure Automation

Compliance Automation

Application Automation

OSS AUTOMATION ENGINES

▪ Provision▪ Configure

DEPLOY

FORMAT RUNTIME

WORKFLOW

ENVIRONMENT

Chef Automate: Jumpstart your automation

● A complete suite of enterprise capabilities for workflow, visibility and compliance

● Workflow: A pipeline for continuous delivery of infrastructure and applications

● Compliance: Customizable analytics to identify compliance issues, security risks and outdated software

● Visibility: Gives you views into operational, compliance and workflow process events

Workflow: Continuous delivery of any codeImprove collaboration across infrastructure & applications

● Cross-team productivity enhanced by consistent overall pipeline shape

● Specific teams given flexibility to configure pipeline automation specific to their app

● Service dependencies across pipelines are easily mapped and tested

Stakeholder visibility keeps teams in the know and involved as needed

Robust governance ensures compliance controls are enforced

Visibility: Real-time data collection & analysis● Search, analyze, audit, and report on workflow

processes and environment behaviors

○ Multiple Chef Servers○ Chef Solo○ InSpec○ Chef Compliance○ Habitat○ Chef Automate Workflow

● Better manage ephemeral, long-lived, and large federated environments

● Easily export data to 3rd party analytic platforms and event notification systems

Continuous Compliance/Audit: Compliance built into Automation

● Discovery and analysis of compliance risks across environments

● Automated checking of compliance criteria with analytics

● Embed compliance into the software delivery pipeline

● Move compliance risk checking from runtime into build/test stage

● Structured review process during development

● Improve patch management and remediation

AWS OpsWorks for Chef AutomateNative Amazon Service

Managed Chef Server

▪ Utilizes RDS and other native services

▪ May be externally accessible

AWS Native

▪ Auto Scaling in your VPC

▪ Automatic backups and upgrades

OpsWorks Stacks

▪ New name for previous version of OpsWorks

● Partnership between Amazon and Chef, jointly developed and maintained

● Fully managed AWS service with frequent updates

● Fully compatible with open source Chef

● Amazon is your support and billing

● All Chef Automate features will be supported

○ Visibility and Workflow today

○ Compliance soon

○ Currently Northern Virginia, Oregon & Ireland with more planned