SOURCE: www.dilbert.com

It’s hard to see through these Clouds

#whoami

Ricky Sanders@GM> Cloud Security Architect> Young Self-Taught Technology Hobbyist so I don’t know everything

and I don’t have formal training> Stay up late at night teaching myself Angular2, Node.JS, NoSQL,

O-auth, VMware, Docker, Open Shift/Kubernetes, Virtual Network Infrastructure, DevOps, Puppet, Ethical Hacking, Crypto, because its fun..

> Read a lot!> Started off with a MS in Management and BS in Economics> Fascinated by organizational behaviors in IT

Rickyleesanders88@gmail.comwww.linkedin.com/in/ricky-sanders-988b0119

Good Reads

“Any organization that designs a system (defined broadly) will produce a design whose structure is a copy of the organization’s communication structure.”

- Melvin Conway, 1968

“Dysfunctional organizations tend to create dysfunctional applications.”

- Melvin Conway

Well known philosophy in modern IT

Are there other patterns of organizational behavior that foster

or stifle cloud innovation?

Which made me wonder….

Anti-Cloud Patterns & Behaviors

Break the anti-patterns

Pro-Cloud Patterns & Behaviors

Anti-Cloud Symptoms: Fragility, In-disposability, Un-Scalable , Little Capacity, Lost CustomersWhat is it?• Servers and systems are seen as fragile. The behavior of most people is to not dispose of

these systems and never touch them. Process and behaviors are built around preserving and maintaining not upgrading or innovating.

Causes – Cloud-Anti-Patterns• Centralized Service Organizations• Hand-Cranked Automation • Maintenance Mode• Monolithic Architectures• Snowflake Factory / Handcrafted Servers• Custom Scripts/ Bash Scripts

Impacts• Business disruption • Reduced time-to-market for projects• Un-scalable and inflexible systems• Underutilized capacity • Linear capacity planning thinking• More operations and less innovation• Bad Security Posture

Anti-Cloud-Pattern: Centralized Service over Self-Service What is it?• Centralized ITIL “service delivery” teams are offering “self-service resources”• This is typically because an older service model supporting a technology

that’s more fit for the cloud• Teams may be able to provision one of three types of servers/systems• Little to No ability to customize it themselves

Signs• Server that are pre-made. • “Pre assembled Lego-toy already glued together”• File tickets to request a server. An IT person creates each server, working

under an SLA that gives them a few days to do the work.

Impacts• Reduced time-to-market waiting on retrofitting pre-built servers• Doesn’t meet customer needs

“The anti-pattern to avoid is allowing a single platform-operations team to become the new “infrastructure” team that locks the business capability teams out.”

What is it?Hand-cranked infrastructure uses advanced tools to manage hardware resources, but doesn’t provide them to users dynamically or with a self-service model.

Signs • Centralized “Cloud Service team” using expensive virtualization, automation, and

orchestration software but …• Users request tickets or service-requests to request a server. • An IT person creates each server• IT person works under SLA that gives them a few days to do the work• IT person returns the login details to the user. • IT person uses remote access and custom bash scripts to provision system

Impacts• Less capacity due to hugging VM’s• Discourages automation & orchestration• Discourages users from ever decommissioning their servers• App teams are not held accountable for their work• Reduced time to market because of onboarding processes• Snowflake Servers• Longer time to market results in people hugging VM’s longer to re-purpose

Anti-Cloud-Pattern: Hand-Cranked Automation

Anti-Cloud-Pattern: Deploying to a Production-like Environment Only after Development Is Complete

What is it?“In this pattern, the first time the software is deployed to a production-like environment (for example, staging) is once most of the development work is done— at least, “done” as defined by the development team.”

Signs• If testers have been involved in the process up to this point, they have tested

the system on development machines. • Releasing into staging environments is the first time that operations people

interact with the new release.• The development team assembles the correct installers, configuration files,

database migrations, and deployment documentation to pass/handoff to the people who perform the actual deployment.

Impacts• Technical Dependency Issues which create lead times troubelshoot• Rework to make code or server fit for purpose

Anti-Cloud-Pattern: Monolithic Architectures

What is it?Monolithic Architecture is an application design pattern that hosts all the code and logic on a single server. Typically, this creates tight coupling to the host and a common shared library supports many services and functions.

Signs• Managing and automating Java Enterprise Application files (EAR Files)• Building JEE Applications• Building on Servers not Containers• Shared libraries

Impacts• Discourages users to perform tests and make changes• Longer time-to-market because of longer Unit, Regression, Security testing

because your testing more code• More likely to break the entire application because of dependencies on

shared libraries• Less scalable because you need a whole new server• Sessions States typically tied to server or physical machine

Anti-Cloud-Pattern: Snowflake Factory / Handcrafted Servers

What is it?• Users login to server user-interface to configure the image itself instead of

using configuration management tools. There is no version control on independent server configs resulting in opportunity for snowflakes.

Signs• Use of management interfaces• User Remote Access to Servers (RDP/SSH)• Privileged Access of Server Admins• Privileged Access Management

Impacts• Discourages automation and orchestration • Discourages immutability and better security • Encourages Technology drift• Discourages scalability• Complex Access Management Systems

Anti-Cloud-Pattern: Maintenance ModeWhat is it?Maintenance Mode is when servers and VM’s are patched not upgraded. This is opposite of a phoenix project. Typically remote access, reboots, and restarts are required.

Signs• Patching systems not upgrading them • Putting VM’s in maintenance mode• Bringing systems offline• Remote access • Rebooting / Restarting Services• Change Windows for scheduled Downtime

Impacts• Downtime of systems, disrupted innovation or production • Inconsistencies in configuration across systems from different users applying

patches/hotfixes• Snowflake servers, not phoenix projects• Discourages automation and orchestration • Stale Systems

Anti-Cloud-Patterns: Others

• Manual Configuration Management • Deploying Software Manually • CMDB Audit and Fix• Hot Cloned Servers• Handcrafted Infrastructure• Per-Environment Definition Files• Large-Scale/Sprawling infrastructure Definitions & Manifests• Reflecting Configuration Unit Tests

Credits

• The Phoenix Project by Gene Kim, Kevin Behr, George Spafford • Continuous Delivery by Jez Humble and David Farley• Building Micro Service O ’Riley • Architecting Micro Service O ’Riley • Infrastructure as Code by O ’Riley • Immutable Infrastructure O ’Riley • The DevOps Toolkit 2.0• https://12factor.net/• AWS Publications & Whitepapers: architecting for the Cloud 2012• http://melconway.com/Home/Committees_Paper.html