Lessons from DevOps: Taking DevOps practices into your AppSec ...
XebiaLabs Top Enterprise DevOps Lessons for 2016
Transcript of XebiaLabs Top Enterprise DevOps Lessons for 2016
TopEnterpriseDevOpsLessonsfor2016December2015
2
AboutthePresenter
▪ Beenonbothsidesofthe“Dev…Ops”fence▪ Lotsofenterpriseso<waredevelopmentonhigh-performancesystems
▪ AcDveopensourcecontributorandcommiFer
▪ Regularmeetup,conferenceetc.presenterAndrewPhillips
3
V I S I B I L I T Y
AUTOMATION
CONTROL
§ ConDnuousDeliveryandDevOpspioneer,authorityandtechnologyleader
§ GlobalteaminUS,Europe&APAC
§ Consistentlyrecognizedbyleadingindustryanalysts
ConnecDngthedotsforConDnuousDeliveryatenterprisescale
AboutXebiaLabs
G l o b a l L e a d e r s D e l i v e r S o < w a r e w i t h X e b i a L a b s
4
VISIBILITY
CONTROL
AUTOMATION
Award-winningtools,recognizedbyleadingindustryanalysts
XebiaLabsSoluLons:ConnecLngthedotsforConLnuousDeliveryatenterprisescale
5
Agenda
▪ 2015:TheDevOpsyearinreview▪ WhathavewelearnedaboutEnterpriseDevOps?
▪ DOs,DON’TsandopenquesDons▪ Whattofocusonin2016
2015:TheDevOpsYearinReview
7
Highlightsfrom2015
From unicorns…
8
Highlightsfrom2015
▪ …to “the rest of us”:
9
Highlightsfrom2015
▪ Seeing the first outcomes and success stories from “non-unicorn” organizations
▪ Common theme: “it’s not easy or quick, but it’s doable and worth it”
10
Highlightsfrom2015
Growing ecosystem of support & services for DevOps
▪ Broad and growing ecosystem of tools
▪ Specialist “DevOps consultancies”
▪ DevOps included in the portfolio of global software vendors and mainstream IT service suppliers
11
Highlightsfrom2015
"I need me some DevOps"
▪ CIO of major organization: “What is DevOps and what do I need to do about it? I’m concerned about missing the boat, but have no idea what DevOps means for my organization”
▪ Lack of clear definition and overlapping marketing messages create confusion
▪ No clear implementation blueprint or best practice for organizations
WhatHaveWeLearnedAboutEnterpriseDevOps?
13
Whatwehavelearned…
…about what DevOps means in practice in the enterprise:
▪ Internal IT initiative: the business is largely not involved ▪ Largely looking at internal IT metrics: reduction of error, improved efficiency, etc.
▪ DevOps as a “game changer” for the business? Not yet.
14
Whatwehavelearned…
…about what DevOps means in practice in the enterprise:
▪ Two distinct types: “type 1” and “type 2”
15
Whatwehavelearned…
…about what DevOps means in practice in the enterprise:
▪ Two distinct types: “type 1” and “type 2” ▪ Type 1:
− Automation, automation, automation
16
Whatwehavelearned…
…about what DevOps means in practice in the enterprise:
▪ Two distinct types: “type 1” and “type 2” ▪ Type 1:
− Automation, automation, automation
▪ Type 2: − Agile, continuous delivery & small changes − product teams & experimental organizations − cultural responsibility shift
17
Whatwehavelearned…
…about what DevOps means in practice in the enterprise:
▪ Two distinct types: “type 1” and “type 2” ▪ Most enterprise success stories so far are type 1
▪ Most of the “unicorn” stories are type 2
▪ Moving to type 2 is significantly harder than implementing type 1
▪ Requires far more wide-reaching changes: org structure, company culture etc.
18
Whatwehavelearned…
…about how to implement DevOps in an enterprise context:
▪ Top-down engagement, bottom-up growth ▪ Automation and implementation needs to happen at the team level
▪ Resources to overcome obstacles, and prioritization to make that possible, comes via top-down support
19
Whatwehavelearned…
…about how to implement DevOps in an enterprise context:
▪ Automation and coding fundamentals are key for New Ops ▪ System administration in a DevOps environment = software development
▪ Train team members with an appetite for automation
20
Whatwehavelearned…
…about how to implement DevOps in an enterprise context:
▪ Measure things and make them visible ▪ Communicate what’s happening in the bottom-up implementations to the top-
down support layer
▪ Open culture – there will be successes and failures
▪ Helps to distinguish means from goals
21
Whatwehavelearned…
…about how to implement DevOps in an enterprise context:
▪ Incremental approach - managers as problem solver not “conductors” ▪ Existing management not in a position to guide the implementation
▪ Critical role in evaluating and following up on data
▪ Essential ability: understanding the organizational processes that cause bottlenecks and possessing the authority to address them
22
Whatwehavelearned…
…about how to implement DevOps in an enterprise context:
▪ Expect failures and pushback ▪ A DevOps transformation is a long haul, especially if the goal is to get to Type 2
▪ Introducing automation can be perceived as a threat
▪ Cultural change and breaking down silos will challenge existing authorities
23
Whatwehavelearned…
…about how to implement DevOps in an enterprise context:
▪ Spreading knowledge is key ▪ Experience with the tooling, and around process and culture, will be thin on the
ground in most organizations
▪ Plan to “seed” other teams rather than sending in “the DevOps SWAT team”
24
Whatwehavelearned…
…about how to implement DevOps in an enterprise context:
1. Top-down engagement, bottom-up growth 2. Automation and coding fundamentals are key for New Ops 3. Measure things and make them visible 4. Incremental approach - managers as problem solver not “conductors” 5. Expect failures and pushback 6. Spreading knowledge is key
DOs,DON’Ts&OpenQuesLons
26
DOs
▪ DO invest in automation training for your Ops team and identify if your staff there have the mindset for change
27
DOs
▪ DO invest in automation training for your Ops team and identify if your staff there have the mindset for change
▪ DO introduce visibility, communication, training/education and potentially even reward/recognition structures that emphasize the end-to-end picture for the product/project, rather than a silo-based view
28
DOs
▪ DO invest in automation training for your Ops team and identify if your staff there have the mindset for change
▪ DO introduce visibility, communication, training/education and potentially even reward/recognition structures that emphasize the end-to-end picture for the product/project, rather than a silo-based view
▪ DO define your own goals and interpretation of what DevOps means for your organization, and communicate that clearly
29
DON’Ts
▪ DON'T rely on a bottom-up approach for enterprise-wide adoption
30
DON’Ts
▪ DON'T rely on a bottom-up approach for enterprise-wide adoption
▪ DON'T lose sight of the fact that DevOps and CD practices are means to an end rather than ends in themselves
31
DON’Ts
▪ DON'T rely on a bottom-up approach for enterprise-wide adoption
▪ DON'T lose sight of the fact that DevOps and CD practices are means to an end rather than ends in themselves
▪ DON'T forget to include accelerated/automated quality verification in your delivery pipeline
32
5OpenQuesLons
1. What role should the business play? What level of involvement should they have?
33
5OpenQuesLons
1. What role should the business play? What level of involvement should they have?
2. Can I make DevOps work in a siloed organization? If so, what does that look like?
34
5OpenQuesLons
1. What role should the business play? What level of involvement should they have?
2. Can I make DevOps work in a siloed organization? If so, what does that look like?
3. Is DevOps possible with outsourced development/QA/operations? Type 2? Type 1? Neither?
35
5OpenQuesLons
1. What role should the business play? What level of involvement should they have?
2. Can I make DevOps work in a siloed organization? If so, what does that look like?
3. Is DevOps possible with outsourced development/QA/operations? Type 2? Type 1? Neither?
4. Under which circumstances do I need to move from shared ownership of the full stack and process to a platform model?
36
5OpenQuesLons
1. What role should the business play? What level of involvement should they have?
2. Can I make DevOps work in a siloed organization? If so, what does that look like?
3. Is DevOps possible with outsourced development/QA/operations? Type 2? Type 1? Neither?
4. Under which circumstances do I need to move from shared ownership of the full stack and process to a platform model?
5. How does an Enterprise DevOps initiative starting in 2016 relate to developments around containers and microservices?
WhattoFocusOnin2016
38
Focuspointsfor2016
▪ Ensure you have a central group with executive support in place - not to control the DevOps initiative, but to support it, provide expertise, gather data and facilitate adoption
39
Focuspointsfor2016
▪ Ensure you have a central group with executive support in place - not to control the DevOps initiative, but to support it, provide expertise, gather data and facilitate adoption
▪ Figure out whether and where your organization is suited to “Type 1" or “Type 2" Devops: Are we suited to the delivery of small changes? Can we embrace an experimental approach to innovation?
40
Focuspointsfor2016
▪ Ensure you have a central group with executive support in place - not to control the DevOps initiative, but to support it, provide expertise, gather data and facilitate adoption
▪ Figure out whether and where your organization is suited to “Type 1" or “Type 2" Devops: Are we suited to the delivery of small changes? Can we embrace an experimental approach to innovation?
▪ Decide how you want your new DevOps delivery model to interact with your existing "framework" processes of programme/portfolio mgmt, project/backlog management, change/release management etc.
41
Focuspointsfor2016
▪ Ensure you have a central group with executive support in place - not to control the DevOps initiative, but to support it, provide expertise, gather data and facilitate adoption
▪ Figure out whether and where your organization is suited to “Type 1" or “Type 2" Devops: Are we suited to the delivery of small changes? Can we embrace an experimental approach to innovation?
▪ Decide how you want your new DevOps delivery model to interact with your existing "framework" processes of programme/portfolio mgmt, project/backlog management, change/release management etc.
▪ Keep an eye out for containers but resist hasty hype-driven decisions: what is the use case vs. our current cloud plan? Are we going to microservices? Can we handle the immaturity of the space?
42
Focuspointsfor2016
▪ Interested in avoiding reinventing the implementation wheel and starting with a structured approach? Get in touch!
▪ Don't "go from Dinosaur to DINOsaur"
Resources
44
GreatResources
▪ GetStartedwithXebiaLabsToday!www.xebialabs.comwww.xebialabs.com/products
blog.xebialabs.com
@xebialabs
youtube.com/xebialabs
▪ ThePeriodicTableofDevOpshFps://xebialabs.com/periodic-table-of-devops-tools/
▪ eBook:TheITManager’sGuidetoCDhFps://xebialabs.com/resources/whitepapers/the-it-managers-guide-to-conDnuous-delivery/
Q&A
46
HappyHolidays!
47
HappyHolidays!
Thankyou!