Want to successfully adopt DevOps? Change Everything

A presentation at ThoughtWorks Webinar in September 2018 in by Ken Mugrage

Slide 1

Slide 1

WANT TO SUCCESSFULLY ADOPT DEVOPS? CHANGE EVERYTHING.

Slide 2

Slide 2

THE CHANGES IN TODAY’S TALK ▸ Redefine words for your organization ▸ Change your organization to enable DevOps ▸ Use modern architectures and technologies ▸ Use Continuous Delivery to safely deploy more often @kmugrage https://www.gocd.org

Slide 3

Slide 3

WHO AM I? ▸ From Seattle, Washington, USA ▸ Technology Evangelist at ThoughtWorks ▸ DevOpsDays Organizer ▸ @kmugrage on Twitter @kmugrage https://www.gocd.org

Slide 4

Slide 4

REDEFINE WORDS FOR YOUR ORGANIZATION

Slide 5

Slide 5

WHAT ISN’T DEVOPS ▸ A Toolset ▸ A Role ▸ A Team @kmugrage https://www.gocd.org

Slide 6

Slide 6

IT’S VERBS, NOT NOUNS developING and operatING @kmugrage

Slide 7

Slide 7

CAMS ▸ Culture ▸ Automation ▸ Measurement ▸ Sharing https://blog.chef.io/2010/07/16/what-devops-means-to-me/ @kmugrage https://www.gocd.org

Slide 8

Slide 8

CALMS ▸ Culture ▸ Automation ▸ Lean ▸ Measurement ▸ Sharing https://blog.chef.io/2010/07/16/what-devops-means-to-me/ @kmugrage https://www.gocd.org

Slide 9

Slide 9

“DEVOPS: A CULTURE WHERE PEOPLE, REGARDLESS OF TITLE OR BACKGROUND, WORK TOGETHER TO IMAGINE, DEVELOP, DEPLOY AND OPERATE A SYSTEM.” –Me @kmugrage https://kenmugrage.com/2017/05/05/my-new-definition-of-devops/

Slide 10

Slide 10

CHANGE YOUR ORG TO ENABLE DEVOPS

Slide 11

Slide 11

TRADITIONAL MODEL Development Teams @kmugrage Testing Team Operations Team

Slide 12

Slide 12

“ANY ORGANIZATION THAT DESIGNS A SYSTEM (DEFINED BROADLY) WILL PRODUCE A DESIGN WHOSE STRUCTURE IS A COPY OF THE ORGANIZATION'S COMMUNICATION STRUCTURE.” –Mel Conway @kmugrage http://www.melconway.com/Home/Conways_Law.html

Slide 13

Slide 13

TRADITIONAL MODEL Development Teams @kmugrage QA Team Operations Team

Slide 14

Slide 14

RENAMING OPS WON’T SOLVE THE ISSUE Development Teams @kmugrage QA Team DevOps Team

Slide 15

Slide 15

CREATING ANOTHER SILO DOESN’T SOLVE SILOS Development Teams QA Team DevOps Team @kmugrage Operations Team

Slide 16

Slide 16

PRODUCT TEAMS @kmugrage

Slide 17

Slide 17

“YOU BUILD IT, YOU RUN IT” –Werner Vogels, Amazon @kmugrage https://queue.acm.org/detail.cfm?id=1142065

Slide 18

Slide 18

“GIVING DEVELOPERS OPERATIONAL RESPONSIBILITIES HAS GREATLY ENHANCED THE QUALITY OF THE SERVICES, BOTH FROM A CUSTOMER AND A TECHNOLOGY POINT OF VIEW. THE TRADITIONAL MODEL IS THAT YOU TAKE YOUR SOFTWARE TO THE WALL THAT SEPARATES DEVELOPMENT AND OPERATIONS, AND THROW IT OVER AND THEN FORGET ABOUT IT. NOT AT AMAZON. YOU BUILD IT, YOU RUN IT. THIS BRINGS DEVELOPERS INTO CONTACT WITH THE DAY-TO-DAY OPERATION OF THEIR SOFTWARE. IT ALSO BRINGS THEM INTO DAY-TO-DAY CONTACT WITH THE CUSTOMER. THIS CUSTOMER FEEDBACK LOOP IS ESSENTIAL FOR IMPROVING THE QUALITY OF THE SERVICE.” –Werner Vogels, Amazon @kmugrage https://queue.acm.org/detail.cfm?id=1142065

Slide 19

Slide 19

USE MODERN ARCHITECTURES AND TECHNOLOGIES

Slide 20

Slide 20

MONOLITHS CAN BE HARD ▸ All functionality is in one process ▸ Scale by replicating the monolith on multiple servers @kmugrage https://www.thoughtworks.com/insights/blog/microservices-nutshell

Slide 21

Slide 21

DEVELOP SMALLER PIECES MICROSERVICE ARCHITECTURE ▸ Each element of functionality is in a separate service ▸ Scale by distributing these services across servers, replicating as needed @kmugrage https://www.thoughtworks.com/insights/blog/microservices-nutshell

Slide 22

Slide 22

PRODUCT TEAMS Rental Cars Consumer Business to Business Tax Payments Hotels @kmugrage Airlines

Slide 23

Slide 23

HOMEWORK @kmugrage http://nealford.com/books/ http://samnewman.io/books/building_microservices/

Slide 24

Slide 24

WE STILL HAVE TO DEPLOY SOMEWHERE

Slide 25

Slide 25

CAR AS A SERVICE @kmugrage https://www.k3syspro.com/cloud-computing-choosing-right-deployment-method/

Slide 26

Slide 26

AN EXAMPLE OF PLATFORM AS A SERVICE CLOUD.GOV ▸ Official service of the US Government ▸ 325 required security controls ▸ 269 handled by cloud.gov ▸ 41 shared ▸ 15 handled by customer @kmugrage https://cloud.gov/overview/technology/responsibilities/

Slide 27

Slide 27

THE CLOUD IS JUST SOMEBODY ELSE’S COMPUTER Someone at every conference @kmugrage

Slide 28

Slide 28

PRODUCT TEAMS @kmugrage

Slide 29

Slide 29

PRODUCT TEAMS Platform Team @kmugrage Compliance Team Security Team

Slide 30

Slide 30

https://commons.wikimedia.org/wiki/File:Continous_Delivery_by_Jez_Humble _and_David_Farley.jpg USE CONTINUOUS DELIVERY TO SAFELY DEPLOY MORE OFTEN

Slide 31

Slide 31

CONTINUOUS DELIVERY IS THE ABILITY TO GET CHANGES OF ALL TYPES—INCLUDING NEW FEATURES, CONFIGURATION CHANGES, BUG FIXES AND EXPERIMENTS—INTO PRODUCTION, OR INTO THE HANDS OF USERS, SAFELY AND QUICKLY IN A SUSTAINABLE WAY. Jez Humble @kmugrage https://continuousdelivery.com/

Slide 32

Slide 32

MORE HOMEWORK @kmugrage

Slide 33

Slide 33

CONTINUOUS DELIVERY IS WHAT YOU “DO” AS PART OF A DEVOPS CULTURE Me @kmugrage

Slide 34

Slide 34

A PREREQUISITE TO CD CONTINUOUS INTEGRATION

Slide 35

Slide 35

CI THEATRE The ThoughtWorks tech radar recently recommended putting a hold on the tech team anti-pattern, CI Theatre. CI Theatre describes the illusion of practicing continuous integration (CI) while not really practicing it. @kmugrage https://www.gocd.org/2017/05/16/its-not-CI-its-CI-theatre/

Slide 36

Slide 36

CI THEATRE In another ThoughtWorks study only 10% of participants acknowledged that having a CI server was not the same as practicing CI. @kmugrage https://www.gocd.org/2017/05/16/its-not-CI-its-CI-theatre/

Slide 37

Slide 37

ARE YOU PRACTICING CI? @kmugrage

Slide 38

Slide 38

CONTINUOUS DELIVERY PIPELINE @kmugrage

Slide 39

Slide 39

CD VS CD @kmugrage http://gofor.cd/cd_vs_cd

Slide 40

Slide 40

OUR TEAMS Product Team @kmugrage Security Team Compliance Team

Slide 41

Slide 41

OUR CONTINUOUS DELIVERY PIPELINE UNIT TESTS @kmugrage FUNCTIONAL TESTS DEPLOY STAGING DEPLOY PRODUCTION

Slide 42

Slide 42

EXAMPLES OF THINGS WHICH ARE BAD ▸ Deploying insecure software ▸ Deploying non-performant software ▸ Deploying non-complying software ▸ Deploying ineffective software @kmugrage https://www.gocd.org

Slide 43

Slide 43

…OF THE 106 COMPONENTS PER APPLICATION, THE REPORT’S ANALYSIS REVEALED AN AVERAGE OF 24 (I.E., 23%) HAVE KNOWN CRITICAL OR SEVERE SECURITY VULNERABILITIES… Derek Weeks @kmugrage http://blog.sonatype.com/2015/06/rework-is-choking-software-2015-state-of-the-software-supply-chain-report/

Slide 44

Slide 44

THE PURPOSE OF A CONTINUOUS DELIVERY PIPELINE IS TO KILL A RELEASE CANDIDATE Me, and a lot of other people @kmugrage

Slide 45

Slide 45

OUR CONTINUOUS DELIVERY PIPELINE UNIT TESTS FUNCTIONAL TESTS DEPLOY STAGING SECURITY TESTS (OWASP, OTHERS) COMPLIANCE TESTS (SERVERSPEC, INSPEC) @kmugrage DEPLOY PRODUCTION

Slide 46

Slide 46

Slide 47

Slide 47

SORRY, THERE’S NO SILVER BULLET BUT THESE ARE SOLVED PROBLEMS AND THERE IS A LOT OF HELP

Slide 48

Slide 48

SUMMARY ▸ Redefine words for your organization ▸ Change your organization to enable DevOps ▸ Use modern architectures and technologies ▸ Use Continuous Delivery to safely deploy more often @kmugrage https://www.gocd.org

Slide 49

Slide 49

For more information about our products https://www.thoughworks.com/products/ https://www.gocd.org/