DevOps isn't something you buy - DevOpsDays Cape Town

DevOps isn't something you buy - DevOpsDays Cape Town

• 1.
  DEVOPS ISN’T SOMETHINGYOU BUY KEN MUGRAGE
• 2.
  @kmugrage TODAY’S TALK ▸ Whatis DevOps? ▸ Organizational Concerns ▸ Architectural Concerns ▸ Continuous Delivery ▸ There’s no test, but there is homework
• 3.
  @kmugrage WHO AM I? ▸From Seattle, Washington, USA ▸ Technology Evangelist at ThoughtWorks ▸ DevOpsDays Organizer ▸ Infrequent blogger at ken.wtf and gocd.org
• 4.
  @kmugrage WHAT ISN’T DEVOPS ▸A Toolset ▸ A Role ▸ A Team
• 5.
  @kmugrage CAMS ▸ Culture ▸ Automation ▸Measurement ▸ Sharing https://blog.chef.io/2010/07/16/what-devops-means-to-me/
• 6.
  @kmugrage CAMS ▸ Culture ▸ Automation ▸Lean ▸ Measurement ▸ Sharing https://blog.chef.io/2010/07/16/what-devops-means-to-me/
• 7.
  @kmugrage “DEVOPS: A CULTUREWHERE PEOPLE, REGARDLESS OF TITLE OR BACKGROUND, WORK TOGETHER TO IMAGINE, DEVELOP, DEPLOY AND OPERATE A SYSTEM.” –Me https://kenmugrage.com/2017/05/05/my-new-definition-of-devops/
• 8.
  @kmugrage TRADITIONAL MODEL Development TeamsTesting Team Operations Team
• 9.
  @kmugrage “ANY ORGANIZATION THATDESIGNS A SYSTEM (DEFINED BROADLY) WILL PRODUCE A DESIGN WHOSE STRUCTURE IS A COPY OF THE ORGANIZATION'S COMMUNICATION STRUCTURE.” –Mel Conway http://www.melconway.com/Home/Conways_Law.html
• 10.
  @kmugrage TRADITIONAL MODEL Development TeamsQA Team Operations Team
• 11.
  @kmugrage RENAMING OPS WON’TSOLVE THE ISSUE Development Teams QA Team DevOps Team
• 12.
  @kmugrage CREATING ANOTHER SILODOESN’T SOLVE SILOS Development Teams QA Team Operations Team DevOps Team
• 13.
  @kmugrage PRODUCT TEAMS
• 14.
  @kmugrage “YOU BUILD IT,YOU RUN IT” –Werner Vogels, Amazon https://queue.acm.org/detail.cfm?id=1142065
• 15.
  @kmugrage “GIVING DEVELOPERS OPERATIONALRESPONSIBILITIES HAS GREATLY ENHANCED THE QUALITY OF THE SERVICES, BOTH FROM A CUSTOMER AND A TECHNOLOGY POINT OF VIEW. THE TRADITIONAL MODEL IS THAT YOU TAKE YOUR SOFTWARE TO THE WALL THAT SEPARATES DEVELOPMENT AND OPERATIONS, AND THROW IT OVER AND THEN FORGET ABOUT IT. NOT AT AMAZON. YOU BUILD IT, YOU RUN IT. THIS BRINGS DEVELOPERS INTO CONTACT WITH THE DAY-TO-DAY OPERATION OF THEIR SOFTWARE. IT ALSO BRINGS THEM INTO DAY-TO-DAY CONTACT WITH THE CUSTOMER. THIS CUSTOMER FEEDBACK LOOP IS ESSENTIAL FOR IMPROVING THE QUALITY OF THE SERVICE.” –Werner Vogels, Amazon https://queue.acm.org/detail.cfm?id=1142065
• 16.
  ARCHITECTURAL CONCERNS BUT THATWON’T WORK WITH MY…
• 17.
  @kmugrage MONOLITHS CAN BEHARD ▸ All functionality is in one process ▸ Scale by replicating the monolith on multiple servers https://www.thoughtworks.com/insights/blog/microservices-nutshell
• 18.
  @kmugrage DEVELOP SMALLER PIECES MICROSERVICEARCHITECTURE ▸ Each element of functionality is in a separate service ▸ Scale by distributing these services across servers, replicating as needed https://www.thoughtworks.com/insights/blog/microservices-nutshell
• 19.
  @kmugrage HOMEWORK http://samnewman.io/books/building_microservices/ http://nealford.com/books/
• 20.
  @kmugrage PRODUCT TEAMS Rental Cars Consumer Tax Hotels Businessto Business Airlines Payments
• 21.
  @kmugrage THE HEART OFDOING EVOLUTIONARY ARCHITECTURE IS TO MAKE SMALL CHANGES, AND PUT IN FEEDBACK LOOPS THAT ALLOW EVERYONE TO LEARN FROM HOW THE SYSTEM IS DEVELOPING. Martin Fowler Foreword to Building Evolutionary Architecture
• 22.
  WE STILL HAVETO DEPLOY SOMEWHERE
• 23.
  @kmugrage CAR AS ASERVICE https://www.k3syspro.com/cloud-computing-choosing-right-deployment-method/
• 24.
  @kmugrage AN EXAMPLE OFPLATFORM AS A SERVICE CLOUD.GOV ▸ Official service of the US Government ▸ 325 required security controls ▸ 269 handled by cloud.gov ▸ 42 shared ▸ 15 handled by customer https://cloud.gov/overview/technology/responsibilities/
• 25.
  @kmugrage THE CLOUD ISJUST SOMEBODY ELSE’S COMPUTER Someone at every single DevOpsDays conference
• 26.
  @kmugrage PRODUCT TEAMS
• 27.
  @kmugrage PRODUCT TEAMS Platform TeamCompliance Team Security Team
• 28.
  CONTINUOUS DELIVERY GETTING STUFFTO CUSTOMERS
• 29.
  @kmugrage CONTINUOUS DELIVERY ISTHE ABILITY TO GET CHANGES OF ALL TYPES—INCLUDING NEW FEATURES, CONFIGURATION CHANGES, BUG FIXES AND EXPERIMENTS—INTO PRODUCTION, OR INTO THE HANDS OF USERS, SAFELY AND QUICKLY IN A SUSTAINABLE WAY. Jez Humble https://continuousdelivery.com/
• 30.
  @kmugrage MORE HOMEWORK
• 31.
  @kmugrage CONTINUOUS DELIVERY ISWHAT YOU “DO” AS PART OF A DEVOPS CULTURE Me
• 32.
  CONTINUOUS INTEGRATION A PREREQUISITETO CD
• 33.
  @kmugrage CI THEATRE The ThoughtWorkstech radar recently recommended putting a hold on the tech team anti-pattern, CI Theatre. CI Theatre describes the illusion of practicing continuous integration (CI) while not really practicing it. https://www.gocd.org/2017/05/16/its-not-CI-its-CI-theatre/
• 34.
  @kmugrage CI THEATRE In ourstudy only 10% of participants acknowledged that having a CI server was not the same as practicing CI. https://www.gocd.org/2017/05/16/its-not-CI-its-CI-theatre/
• 35.
  @kmugrage ARE YOU PRACTICINGCI?
• 36.
  @kmugrage CONTINUOUS DELIVERY PIPELINE
• 37.
  @kmugrage CD VS CD http://gofor.cd/cd_vs_cd
• 38.
  @kmugrage OUR TEAMS Product TeamSecurity Team Compliance Team
• 39.
  @kmugrage OUR CONTINUOUS DELIVERYPIPELINE UNIT TESTS FUNCTIONAL TESTS DEPLOY STAGING DEPLOY PRODUCTION
• 40.
  @kmugrage EXAMPLES OF THINGSWHICH ARE BAD ▸ Deploying insecure software ▸ Deploying non-performant software ▸ Deploying non-complying software ▸ Deploying ineffective software
• 41.
  @kmugrage …OF THE 106COMPONENTS PER APPLICATION, THE REPORT’S ANALYSIS REVEALED AN AVERAGE OF 24 (I.E., 23%) HAVE KNOWN CRITICAL OR SEVERE SECURITY VULNERABILITIES… Derek Weeks http://blog.sonatype.com/2015/06/rework-is-choking-software-2015-state-of-the-software-supply-chain-report/
• 42.
  @kmugrage THE PURPOSE OFA CONTINUOUS DELIVERY PIPELINE IS TO KILL A RELEASE CANDIDATE Me, and a lot of other people
• 43.
  @kmugrage OUR CONTINUOUS DELIVERYPIPELINE UNIT TESTS FUNCTIONAL TESTS DEPLOY STAGING DEPLOY PRODUCTION SECURITY TESTS (OWASP, OTHERS) COMPLIANCE TESTS (SERVERSPEC, INSPEC)
• 44.
  SORRY, THERE’S NO SILVERBULLET
• 45.
  @kmugrage SUMMARY ▸ You’ve cometo the right place to learn more ▸ Ideas for open space conversations ▸ “DevOps” as a title or team name ▸ It’s not CI if you’re not pushing to master every day ▸ Build or Buy your PAAS?
• 46.
  THANK YOU! For moreinformation about our products https://www.thoughworks.com/products/ https://www.gocd.org/