Professional Documents
Culture Documents
:Registered Trade ~itlrks of AXEL OS in the Ulliu:d Kingdom end other countries
COOIT® is 3 registered IrndcJllllrk oflhc Inforneuion Syt'tcnls AIKtit tII~ Comml Associ:llioll (IS;\CA) and Ihe rr Governance lnsritutc (ITGI)
TOGAFlM and IT4rrtM arc ImdC!mJrks onne Open G«)UP
SIAl\i® is u registered trademark 01"EXIN
1. Why DevOps?
2. DevOps principles
3. DevOps concepts
4. DevOps practices
5. DevOps people
6. DevOps controls
eFN
02018 • "1' ••
Why OevOps?
1III1,\·(nlfiQI1:
R(rtlt}lIt' 81Ulllt,,(JlII'1
02018 . .•.
..,
What is DevOps?
ContfnlJOUSOellvto/..Rellobfe So/cW()tt ReleoSl:S ("'ough Build, Test, ond Depfoyment AVfontolfon, by Jel Hvmhle
and David Forley. 2010
CF!'
02018 • "'1' u.
What is DevOps?
eFN Cu,,<,,11
02018 • ""l' HI
A brief history of DevOps
, DevOps relies on old and proven concepts such as lean, it service management, agile
devetopment, theory of constraints, resilience engineering, learning organisations, etc,
J At the 2008 Agile conference in Toronto, Canada, Patrick Debois and Andrew Schafer held a
"birds of a feather" session on applying Agile principles to infrastructure as opposed to
application code.
) Later, at the 2009 Velocity conference, John Allspaw and Paul Hammond gave the semlnat
"10 Deploys per Day: Dev and Ops Cooperation at Flickr" presentation.
, Patrick Debois was not there, but was so exited by Allspaw and Hammond's idea that he
created the first DevOps Days in Ghent, Belgium in 2009. There the term "OevOps" was
coined.
J In 2010 Jez Humble and David Farley in their book "Continuous Delivery", extended the
concept 10 continuous delivery, which defined the role of a "deployment pipeline" to ensure
that code and infrastructure are always in a deployable stale, and lhat all code checked in 10
trunk can be safely deployed into production.
, In 2013 Gene Kim et. al. published their novel "The Phoenix Project: A Novel AboullT,
DevOps, and Helping Your Business Win" that made DevOps commonly known in the
Industry.
J In 2016 Gene Kim, Jez Humble, Patrick Debois and John Willis published "The OevOps
Handbook"
02018
eFr-. • "1' u.
Principles, Concepts, Practices and People
02018
eFr-. '1' HI
The three OevOps Principles
1. FLOW
02018 ,. .
<:.. 11,-1111
The three OevOps Principles
2. FEEDBACK
j
of the process
Establish pervasive production telemetry
ensuring that problems are detected and
corrected as they occur
Dev
...
......._ _-_ ..../
Ops
r ---.
> Enabling organisational learning Dev ~ Ops
j Institutionalise the improvement of daily ,..,__ ./
work
j Transform local discoveries into global
improvements
j Inject resilience patterns into daily work
j Encourage leaders to reinforce a learning
culture
J Experiment, fail fast - If it hurts, do it more
often
CF[\.
02()18
Principles, Concepts, Practices and People
02018
eFr-. '1' HI
Product
LikJ! this!
"The minimum viable product (MVP) is
that product which has just those features
and no more that allows you to ship a
product that early adopters see and, at ~
least some of whom resonate with, pay t
you money for. and start to give you IIIU$frotlon; Hel'lrfk Knlbefg
feedback on"
Tho L08n St8rtUp. by Eric Rio s, 2011
CFr-.
02018 • "'1' u.
Product
Theme
Epic Epic
02018
CF" . ..,.. ~
Product
J Create with the End in Mind: Understanding the real needs of customers .
.J Before we build a feature, we should rigorously ask ourselves, "Should
we build it, and why?'
J We should then perform the cheapest and fastest experiments possible
to validate through user research whether the intended feature will
actually achieve the desired outcomes.
J Think about each feature as a hypothesis and use production releases as
experiments with real users to prove or disprove that hypothesis.
J We can use techniques such as hypothesis-driven development,
customer acquisition funnels, and NB testing.
23 EUR
27%
I'lver1ge
con ...erslon
order sue
SO% of vlsl10rs see
variation A
1-
27 EUR
13%
.w~ra&e
conversion
order sue
50% of visitors see
variation 9 Vatlatlon 8 eFN
02018 • "1'_.
Value stream
The series of events that take a feature from code commit through to
production.
(Build.
package,
contlnuou~
intcgration.
automated
ce stage
(Deployment
. automated
acceptance
lest~)
ry testing
(Manuallv
detect
defects not
caugru by
eutemated
..
unit tests) tests)
02018
eFr-. U)l151111
'1' .~
Value stream mapping
1- -I
I
CIT: Cycle TIme; C/O: ChangeoverTIme;fJ4CjA: Percent complete and accurate; I: Inventory
eFN
02018 .. "1'_.
Loosely-coupled architecture
CFr-.
02018 • "'1' u.
Loosely-coupled architecture
02018
CFr-.
. ..,...
U)l151111
Loosely-coupled architecture
eFN
02018 • "'1' UI
Loosely-coupled architecture
Good practices
o Automate building and configuring the environment using virtualized environments.
environment creation processes that start from "bare metal". "infrastructure as code"
configuration managemenllools. automated operating system configuralion tools.
assembting an environmenl from a set of virtual images or containers. spinning up new
environments In public cloud etc.
) Embrace 'everything as code' concepts. In Ihe Iraditional operations space, more and more
components can be defined wilh code. such as soflware-defined networks, Define more and
more artefacts with code,
, Creale our single repository of truth for Ihe entire system, Pul all application source files and
configurations as well as all produclion artefacts in version control. Version control is for
everyone in our value stream, including QA, Operations, Infosec, as well as developers
J Make Infrastruclure easier to rebuild than 10repair. When we can quickly rebuild and re-
create our applications and environments on demand, we can also quickly rebuild them
instead of repairing them when things go wrong,
) Design a loosely-coupled architeclure with well-defined Interfaces that enforce how modules
connect with each other 10promote productivity and safely,
02018
eFr-. • ""l' u.
Loosely-coupled architecture
Applications
Data Data
Runtime Runtime
Middleware Middleware
Virtualization
Servers
Storage
Networking
Host Build Consume
eFr-. UII1~111c
02018 .. "'l'.'
Autonomous teams
"A team is a small number of people with complementary skills who are committed to a common
purpose. set of performance goals. and approach for which they hold themselves mutually
responsible:
The Wisdom of Teems, by Kotzenbac.h & Smith. 1993
eFr-.
02018 • "'1' u.
Autonomous teams
Good practice
J Think values over culture
J Share stories and experiences
J What kinds of problems are we trying to solve?
) Are we solving the right problems?
J Does our team have the necessary knowledge and experience to acknowledge
the problem and to understand the repercussions that their potential solutions
might have?
Product owner
Developer ~
Operations engineer
ISys admin, mldcleware,
DBA. .. c.,
!
In(oSee
Release manager
eFr-.
02018 • ""l' u.
Autonomous teams
Allow small product teams to work safely and architecturally decoupled from the work
of other teams who use self-service platforms that leverage the collective experience
of Operations and Information Security
} Productteam'
- - - - - - - - - - (A.PlISeIfS(!(Vlce - - - - - - - - - - -
02018
eFr-. .. ..,...
(.AU1~111c
Autonomous teams
02018
eFr-. • "'1' u.
Autonomous teams
Conway's Law, states that "organizations which design systems ...are constrained to
produce designs which are copies of the communication structures of these
organizations .... The larger an organization is, the less flexibility it has and the more
pronounced the phenomenon."
Source: Conway. Melvin E., 1968
CFr-.
02018 • "1' u.
Autonomous teams
Teams of teams
Scaling at Spotify with Tribes, Squads, Chapters & Guilds
...... _ ...... _
Source; hlrps://uCVOJ(./lfct.wordp(I!$$.com/ZOJ1/Jl/J1361790S·scofing-4gilt:·spoa/y·n.pdf
02018
(;Fi\
. ..,...
Autonomous teams
e
Influencing work
Easy to release
Process that fits team
O~ O~
O~ {II@
0..4IIlJi0l
O. ~~
e~
®J)~ CIIiJI~
O~
O~
®.
$<0
~ Im,..w,g
..
Good
&ellCly
CFr-. UU151111
02018 • "'l'.'
Principles, Concepts, Practices and People
02018
eFr-. '1' HI
OevOps practices
•
4. Measurement and feedback
: Approval
The deployment pIpeline, from COIIt/nuou$CJelllll!fYJby If!l Humble ond DCtvidForley. ZOJO
CF~
02018 • "'l'.'
Continuous integration
Continuous Integration (CI) Is the practice, in software engineertng, of merging all developer
working copies to a shared mainline several times a day,
J Once a team member commits a number of code changes into Software Configuralion
Management, the changes can be merged automatically, analysed, compiled, unit lested,
and assembled automatically.
) The automated build process can create a new deployment package and publish it to a trunk.
In this manner, a continuous now from code commit 10validated deployment package can be
implemenled.
) The automated build process is important for a fail·fast strategy. For example, if there are
code merge confltcts, the build should fail so the team members can fix the conflicts.
Applkation ccrnpcnem
I> U.e. miCtoscrvlce)
Good practice
J Adopt trunk-based development practices where all developers check in
their code to trunk at least once per day.
) Frequent code commits to trunk means that all automated tests can be
run on the software system as a whole and alerts received when a
change breaks some other part of the application or interferes with the
work of another developer.
J The discipline of daily code commits forces the developers to break the
work down into smaller chunks while still keeping trunk in a working.
releasable state
CFr-.
02018 • "1' u.
Fast and reliable automated testing
Good practice
J Catch errors as early in the automated testing as possible
o Ensure tests run quickly (in parallel, if necessary)
J Write automated tests before writing the code ("Test-driven
development")
J Automate as many manual tests as possible
J Integrate performance testing into the test suite
J Integrate non-functional requirements testing into the test suite
..) Pull the andon cord when the deployment pipeline breaks
CFr-.
02018 • "1' u.
Fast and reliable automated testing
Catching errors as early in the testing as possible always pay back later in
the process.
8S~
_ -.Defeas
found"
thS ph.lst
- sCostto
,_oJ!
....... d<!fea
" Ihk ph.lst
I $100
02018
eFr-. unlSll"
• "'1' HI
Automated continuous deployment & provisioning
Applications &
services
- - (API) Self Servfce - -
• •••• •
Continuous
Automated
Provisioning
•• laaS (lnfr...
sttuctut~)
02018
cr-1'. UU1Sl11c
• "'1' HI
Automated continuous deployment & provisioning
CFr-.
02018 • ""l' u.
Automated continuous deployment & provisioning
CF!'.
02018 • "'1' u.
Automated continuous deployment & provisioning
Good practice
J Standardize the platforms and reduce the number of variations
J Automate the deployment and provisioning processes using the same
deployment mechanism for every environment.
J Enable automated self-service deployments for both build, test and deployment.
J Automate as many of the manual steps as possible, such as:
j Packaging code in ways suitabte for deptoyment
J Creating pre-configured virtuaJmachine images or containers
• Automating the deployment and configuration of middleware
) Copying packages or files onto production servers
) Restarting servers, applications, or services
j Generating configuration files from temptates
j Running automated smoke tests to make sure the system Is working and correcUy
configured
) Running testing procedures
) Scripting and automating database migrations
02018
eFr-. • "1' u.
Automated continuous deployment & provisioning
eFN
02018 • "'l' ••
Automated continuous deployment & provisioning
Release patterns
environment-based release patterns: This is where we have two or more environments that we
deploy into. but only one environment is receiving live customer traffic
J The simplest pattern is called btue-green deployment. In this pattern. we have two production
environments: blue and green. At any time. only one of these Is serving customer traffic
J The canary release pattern automates the release process of promoting to successively
larger and more crilical environments as we confirm that the code is operating as designed.
When something appears to be going wrong. we roll back: otherwise. we deploy to the next
environment.
) The cluster immune system expands upon the canary release pattern by linking our
production monitoring system with our release process and by automating the roll back of
code when the user-facing performance of the production system deviates outside of a
predefined expected range
Application-based release patterns: This is where we modify our application so that we can
selectivety release and expose specific application functionality by small configuration changes
) tntroduce feature toggles. which provide us with the mechanism to selectively enable and
disable features without requiring a production code deployment. e.g. to enable dark
launches.
02018
eFr-. • "1' u.
Measurement and feedback
Pervasive production telemetry in both the code and production environment ensure
that problems are detected and corrected quickly:
J In applications
J In the environment
) In the deployment pipeline
eFN
02018 • "1'_.
Measurement and feedback
Monitoring framework
J Collect data at the business Event Routt, ...
logic, application, and
environments layer
J In each of these layers, create
telemetry in the form of events,
logs, and metrics.
J Establish an event router
... Appl;"t.on
responsible for storing events
and metrics
) This capability enables
visualization, trending, alerting
... OperatIng System
Monitoring Ft.mtwork
anomaly detection, and so forth
The Arr oj Monitoring, by James Tvrllbull, 20J4
02018
erN • "'l' UI
Measurement and feedback
Good practice
Create telemetry to enable seeing and solving problems
.) Create a centralized telemetry infrastructure
.) Create application logging telemetry that helps production. Dillerent logging levels, some of
which may also trigger alerts, such as Debug, Info, Waming, Error, Fatal
.) Create the infrastructure and libraries necessary to make It as easy as possible for anyone in
Development or Operations to create telemetry for any functionality they build
J Create self-service access to telemetry and information radiators
Analyze telemetry to belter anticipate problems and achieve goals
J Use means, standard deviation and anomaly detection techniques to detect potential
problems.
Enable feedback so Development and Operations can safely deploy code
.) Use telemetry to make deployments safer
) Have developers follow work downstream, One of the most powerful techniques in
Interaction and user experience design (UX) is contextual inquiry. This is when the product
team watches a customer use the application in their natural environment, often working at
their desk.
Have developers initially selt-manaqe their production service
J
02018
eFr-. • ""l' u.
Measurement and feedback
Human feedback
The key tool that leaders should use and stimulate Is human feedback. Giving and
receiving feedback is the basis for all improvement and development of teamwork. It
is vital for both leaders and team members to leam and practice giving and receiving
feedback in a respectful manner.
CF1\
02018 .. "'1' UI
Continuous delivery tools
-..
Om
..
-·
Lb
.
..
~--
~-.-
... .. ,-...
.. .. .. ..,_ ·.. ·..
~
(-, "-
.--
PERIODIC TASLE OF DEVOPS TOOLS evn
._ •• .--
.- .e-.
.-.. . .--
.....
.-
.-
.-
.... ..
.
I_
.~ - Ch
-
Ot
..
.. "".
,
·v.
·An
.. -
SI
. .
.
,
Ok Az
...-.. . .. ..-. --
BI Rk
-
Ge
Tf
- '
Aws
.,'
~
.. - .. .. .. ·-
Mv G,
-
.. . -
At Fn
. -- Se
.. . ..
_... . --
G. Oh
..- ...- -
Jn Ba T,
..
Gd Sf Cn Be
'
Mo Rs
_._-
· .. .. .. - .. .. ,~
-· "'sb
Dp
..
Sb
.. Mk
. .. ..
Ck
,_
- ·-- ..- .. ., ..-- .- ..-. - .. - .. --
Jt
· ..
Jm Tn Ay Tc Sh
- . ,,-
Cc
.. .. -
Ry
,
Cy Oc No Kb H,
..
.
- - - - ',_ - - - - -
"
- --
Id Rk Pk
,_ Me Km Jm N, CO Eb ~
Ca
'-'~
So Xid Ud Nm Os
-_--
XebiaLabs
Mii 5 •
Source:hrrps·//xebia/obs.comloeriodic-robte-o(.devops·roots/
CFN UU1~111c
02018 .. "'l'.'
Continuous Delivery Maturity Model
NJ c:nvfnmmllnu
~"", ••'.:i.'I~~'
Pn;.wiIQllina
lI~tCd.
II .r.""y
O~l'Jllof\SlIr'Id
('f8U .,tyeob'~a
tOnM~C!rlskSMld
It' m::,m()ufl
'''''''''':1::
.... """"''d'
fideiSf' to(C!'~.ast
fHdbtdtklOpcl
d31~
~Orm.),n((' ~nd
Vi"~II~uog~edIf rt'duce cyde time. lely. deployment pfOCe$S.
~P9lti •
Oiltllbdse
u~
Envlf01lme1'ltand Dndto Ibat ~ted
~ttIM:M,.,ttd ~~~~~
rr:=n:ii,j,NM
0ev1l101M!1l(hl!(k In
_~~"m. rm:t:~
I!9I~fI'Iel'lts aWlicatlon he-31th withewtv
lNlIar, •RtIN$(' monilor~:lnd fundfonll d~~;L to
prOK! tv
an rollbacl(
~tC!Sled.
periorm;J.ncc lk.7':I~:lls~
=..
lor . mC!~$urC!d. monW;lr~""d
091mlltd.
Au.tDmlltt'd build IMld
10'" CVt~ CYII~ tin14:
~i
Ol!~d(!nc
butt~=ror
:;w=:~~Cha'iUfftJI~m~t
diCW)'
tw~rc,
me prOttiS to
Automillt'dunit.a;r
~.''''
Rtt: OIYoind ..
Pt· app~t:rd aott"l)1oln<clem,'
wi Ilttetwtitll!l'I
t~,e,s. T~tiltfI»orl
o'develo~.t
..
,. ,
Dall1b~clg,n~s
"'tgr~t;,i:~,f'"
"~'" ma:!£
nd
. mlon
con tot uSlt!!
P01"tdN~mj~
ckl",e
milnill JtH~Or ploy 10 Il'ItfY (~. nsmH. process. process. mll"1I8('mlll'll
SCripts 111M!1 • erMronment. con proce$$.
Automilte<! VeNloncon'~ In
Re~liU .utom.:n~ dtPloymcnt lOSOrne: Pilirifuland
bUI::,,,,ndlCS;tins· &~I~,:rn~wreliable.re'e.~.
infr~uf!nt. oot Aj,lIOfNited ttsU d~l
..~t~83J:
~" r=i~~t:m,~'e
Arrt lidcan be fII,~.
crco<llttd'fOro SoOUrce etlYJr:~w.eWIS
control usfna
autolNtod proc~). (On~r~tiOtI
L1rnlte-d
tfKll'able
rro'1~~rJ~~n"
wrlUefi#1IW1of
story dQYClOptl"lC!lu. ~=~ntts
IIppic.uiOl'I,
software: source
~~ldco~r;llion.
Uwi~~~~OY
tlIletilaited I
Yenlon~. rnli"'~!ons,
MDn~proc:cu 'Of
1:~lpr=: fOf ~IIP'oyjn, soft~r~. Ve,siol\ cOlurot
u Idliia twUCl. nY'r~a~';ge<i c Inrt~etlt lIind M.nu~testll'lllllftH Oatil!~18T'Jrn'S eithoerl"l()t
uJtod,Of
~~rnq1'lto' unreJllIbietek'UM. un""" on ",nd
cHNefOl)p)el"lL performed
iltUr~ilnd II'IOInu,jity. ct"~(k·iM I\lI!i)ttI
lnfrtcluenlJV.
rel)Oft$, E:~?1
mallv' Iv.
Ol'!iffly. R(IioO/t SO!IW'b,t~
COIW;nl100 1J\ro4Io1l8uiJ4.
1m ond ~nf AIIlOtnOliI)n.&y JtJHl.Im&k ondDt1rid 1001ey.2OJ~
eFN UU1~111c
02018 "'l'.'
Principles, Concepts, Practices and People
02018
eFr-. '1' HI
Customer-centric
It is imperative to have
short feedback loops
with real customers
and end-users.
Therefore. all aotivlties
involved in building IT
products and services
should revolve around
customers.
CFN UU1~111c
02018 . "'l'.'
Customer-centric
Good practice
J Begin with end in mind, in retrospectives: ask peopte why?
J Start off with defining customer objectives (the Voice of Customer). A common
understanding of the Voice of Customer (VoC) is important because in later
stage you will determine with the team, which activities are really adding to this
VoC and which steps are not.
J Encourage customers to attend demos, implement user feedback into a
storyboard, allow customers to write about product and respond, organize people
around the product, encourage the team to write blogs about product (you build
it; you run it).
CFr-.
02018 • "1' u.
End-to-end responsibility
In a DevOps organization, teams are vertically organized so that they can be fully accountable for
the producls and services they deliver. End-lo-end responsibility means thai the learn holds ilself
accountable for the quality and quantity of services it provides 10its customers.
,
... ----.. , ,
...----, 1
,----- .. , r .. ----, I
I Product I I Product I I Product I I Product I
I team I I team I team I I team I
Design
Integrate Oevelope-r
~
...
Operattons
I I engineer
I I
I I
Test
I I
i,
QA/Tes-tcr
!
In(oSee:
Deploy
f I I I I Release managcr
Deliver End-to-end responslbta
, , , , ,-----;1'
02018
eFr-. . ..,...
(.AU1~111c
End-to-end responsibility
Good practice
Caring about the end-to-end responsibility might be the most crucial ingredient for
DevOps. When people care and have the required skills, knowledge, and resources,
they can and will collaborate to live up to their responsibility. If they care, they will
learn, adapt, improve, and provide great services and value.
'J All team members are responsibte for the complete product, which includes the
full delivery cycle as well as operatinglproviding customer support throughout the
lifecycle of the product.
) Quality is built in from the initiation of the teams up to discharge. It is at the heart
of every activity. It is never compromised. We value full transparency.
) Encourage the team to utilize their skills as they know the best; avoid cutting
corners; practice automation (test, deploy, and provision), continuous
improvement, and transparency (monitors).
J Do not explain 'how' to do, ask 'what' is required, address derailment openly, let
people figure out how to do things, reward responsibility, reward failure, bring
transparency in what everyone is doing.
02018
eFr-. • ""l' u.
Collaboration
CFN
02018 • "1'_.
Collaboration
Good practice
Visual Management is one of the strongest tools to stimulate collaboration and
ensures that pitfalls are uncovered. The tool helps ensure the work done by a team is
constantly visible on boards including:
J Identify work and impediments.
) Communicate important
information.
J Show how to perform a task. Day board Week board
When we work within a complex system, it is impossible for us to predict all the
outcomes for the actions we take
To enable us to safely work within complex systems, our organizations must become
ever better at self-diagnostics and self-improvement and must be skilled at detecting
problems, solving them, and multiplying the effects by making the solutions available
throughout the organization.
r ~
Dev ~ Ops
..... :/
CF1I.
02018 • "1' u.
Learning and improvement
Good practice
Continuous improvement is about problem-solving:
o Seeing and prioritizing problems
, Uncover problems
, Accept problems as a part of daily life.
_, Initiate an action to identify the problems that need immediate solutions
_, Solving problems
, Invest time and other resources
) Understand the root causes of problems
.> Resolve the problems completely
) Sharing lessons leamed
) Schedule blameless post-mortem meetings after accidents occur. The better Question
to focus on is. Why did it make sense to me when I took that action?"
) Share the lessons learned with others in the IT organization, so they can benefit from it
_, Decrease Incident tolerances to find ever-weaker failure signals, by amplifying
weak failure signals
) Because we care about quality, we even inject faults into our production
environment to learn how our system fails in a planned manner
CF!'.
02018 • ""l' u.
Learning and improvement
Good practice
J Create a single, shared source code repository for our entire organization
J Use chat rooms and chat bots to automate and capture organizational
knowledge. Put automation tools into the middle of the conversation in chat
rooms, helping create transparency and documentation.
~ Reserve time to create organizational learning and Improvement. Dedicated
rituals for improvement work has also been called spring or fall cleanings and
ticket queue inversion weeks. Other terms have also been used, such as hack
days, hackathons, and 20% innovation time.
C) Enable everyone to teach and learn
) Create internal consulting and coaches to spread practices
J Furthermore, everyone is constantly learning, fostering a hypothesis-driven
culture where the scientific method is used to ensure nothing is taken for
granted.
02018
eFr-. • "1' u.
Learning and improvement
Good practice
J Automate standardized processes in software for re-use
J Design for operations through codified non-functional requirements
J Spread knowledge by using automated tests as documentation (test-driven
development) and communities of practice
J Build reusable operations user stories into development
J Convert local discoveries into global improvements
CFr-.
02018 • ""l' u.
Experimentation and risk taking
CFN
02018 • ""l'JI.
Experimentation and risk taking
Good practice
J Create an environment in which people perform at best, where they feel inspired,
where they want to be, feel welcomed and are encouraged to think out of the
box.
J Provide time, use instant sandbox environment, remove hurdles, applaud ideas,
fail safely. Award failure!
J Institute game days to rehearse failures. The goal for a game day is to help
teams simulate and rehearse accidents to give them the ability to practice.
J Inject production failures to enable resilience and learning. For example Netflix
has invented a surprising and audacious service called Chaos Monkey, which
simulates server failures by constantly and randomly killing production servers
J Hire people with matching ambitions, move away from function-title model,
support experimentation, support automating manual tasks, do not focus only on
utilization.
0..) Provide good coffee, create nice and open environments, invest in additional
facilities like games, conduct contests or arrange drinks at the end of the week,
allow teams to modifyltailor the office to their needs.
02018
eFr-. • ""l' u.
Controls
1. Change
management
2. Information
security
3. Separation of
duties
err-.
02018 • "1' U.
Change management
Traditional change controls can lead to unintended outcomes, such as contributing to long lead
times, and reducing the strength and immediacy of feedback from the deployment process.
Fea~essly cut bureaucratic processes.
Enable coordination and scheduling of changes. Even in a loosely-coupled architecture, when
many teams are dOing hundreds of independent deployments per day, there may be a risk of
changes interfering with each other. To mitigate these risks. we may use chat rooms to announce
changes and proactively find collisions that may exist.
Effective change management policies will recognize that there are different risks associated with
different types of changes and that those changes are all handled differently, These processes are
defined in ITIL, which breaks changes down into three categories:
J Standard changes
j Normal changes
) Urgent changes
Re-categorize the majority of the lower risk changes as standard changes
Integrate security and compliance into change approvat processes
Integrate deployment activities with the change approval processes
CFr-.
02018 • "'1' u.
Change management
Enable pair programming to improve all our changes. In one common pattern of pairing. one
engineer fills the role of the driver. the person who actually writes the code. while the other
engineer acts as the navigator, observer, or pointer, the person who reviews the work as it is being
performed. Another pair programming pattern reinforces test-driven development (TOO) by having
one engineer write the automated test and the other engineer imptement the code.
Enabte peer review of changes. Instead of requiring approval from an external body prior to
deployment. require engineers to get peer reviews of their changes.
) Everyone must have someone to review their changes (e.g .• to the code. environment. etc.)
before committing to trunk.
J Everyone should monitor the commit stream of their fellow team members so that potentiat
conflicts can be identified and reviewed.
J Define which changes qualify as high risk and may require review from a designated subject
matter expert (e.g .. database changes. security-sensitive modules such as authentication.
etc.).
, If someone submits a change that you can't understand Its impact after reading through It a
couple of times - it should be split up into multiple. smaller changes that can be understood
at a glance.
02018
eFr-. • "'1' u.
Information security
Instead of inspecting security Into our product at the end of the process, we will create
and integrate security controls into the daily work of Development and Operations, so
that security is part of everyone's job, every day
J Making security a part of everyone's job
, Integrate security into development iteration demonstrations
> Integrate security into defect tracking and post-mortems
o Integrating preventative controls into our shared source code reposttory
) Integrating security with the deployment pipeline
'J Integrating security with the telemetry to better enable detection and recovery
> Creating security telemetry in our appl1cations
> Creating security telemetry in our environment
) Ensure security of the application, the environment and the deployment pipeline
~ Reduce reliance on separation of duty
CFr-.
02018 • ""l' u.
Separation of duties
CFr-.
02018 • "1' u.
Training and getting started
eFN C :UI1!\lIlc
02018 "1'_ •
OevOps training
http://devopslnstltute.com/
02018
eFr-. • "'1' HI
OevOps training - OevOps Institute
OevOps Master
J The candidates are expected to
have basic knowledge of OevOps
principles and Lean and Agile
concepts, This knowledge can be
acquired:
J
J
through e-learnlnq:
through an additional training day
•
.,.
'Introduction to DevOps': Or
J by reading The Phoenix Project.
') Training is a mandatory part of the
certification
J 2 day theoretical classroom training
+ 3 day practical training (without
preparation)
J 2 days theoretical classroom
training + 1 day practical training
(with preparation)
htlDS:/lwww.exin.com/en/c.ertificatlons/e>J.ln.devops.masler.exam
02018
eFr-. • "'1' HI
Further reading
J The DevOps Handbook, by Gene Kim, Jez Humble, Patrick Debois and John
Wlilis, 2016
J The Phoenix Project, A Novel About IT, DevOps, and Helping Your Business
Win. By Gene Kim. Kevin Behr, and George Spafford, 2013
J The Lean Startup. How Today's Entrepreneurs Use Continuous Innovation to
Create Radically Successful Businesses, By Eric Ries, 2011
J Continuous Delivery, Reliable Software Releases through Build, Test, and
Deployment Automation, By Jez Humble and David Farley, 2010
Links:
~,
J http://itrevolution.com/
J https:/lwww.devopsdays.org/
J
J
J
hltps:lldevops-research.coml
https:/lconllnuousdellverv.com/
https:lldevops.com/ -'~.
-_
Th.
~nlx
eFr-. (.AU15111c
02018 • '1"~
Training and getting started
eFN C :UI1!\lIlc
02018 "1'_ •
Where do you start?
5. Integrate
.3. Design
.4.
arganisation
Design
architecture
operations
into the daily
work of
development
• 2; IJnderstand
and make the
value stream
.1.Selecta
product
visible
02018
eFr-. • "1' UI
Where do you start?
1. Select a product
) The age of the application is not a significant predictor of performance;
instead, what predicts performance is whether the application is
architected (or could be re-architected) for testability and deployability.
) Start with the most sympathetic and innovative groups
) Demonstrate early wins and broadcast successes
eFN
02018 • ""l'JI.
Where do you start?
3. Design organisation
o The teams should only be as large as can be fed with two pizzas
o Design the teams to be cross-functional and independent
J Enable every team member to be a generalist
o Fund not projects, but services and products
CFN
02018 • "1' ••
Where do you start?
4. Design architecture
) Ideally, software architecture should enable small teams to be
independently productive, sufficiently decoupled from each other so that
work can be done without excessive or unnecessary communication
and coordination.
) Create loosely-coupled architectures to enable developer productivity
and safety
eFN
02018 • ""l'JI.
Where do you start?
eFN
02018 • ""l'JI.
TIltCAtM$ ocronym was otlgfnofly dtflfelo(Xtd by John WIllis and Oomon Edwords
In 2010. and toterfurther refined by ter Humble as a means to describe DevOps.
Conclusion
J Culture: It involves current values, beliefs, and attitudes that signify the
corporate environment surrounding and supporting development,
operations, and QA.
J Automation: It is the belief that anything can be effectively automated
to improve processes and reduce errors.
J Lean: It means reducing waste, such as team size, number of tools,
and meeting frequency, to the minimum in order to maximize customer
value.
J Measure: It refers to measuring everything and ensuring there
are mechanisms built to provide visibility into all systems and events,
which should be accessible through a unified interface, like a
dashboard.
o Sharing: It is the necessity of maintaining communication between
development and operations for an effective integration between the
two.
eFN
02018 • ""l'JI.
Questions and comments
CFf\ c :"",,,11
02018 • "1' u.
Christian F. Nissen
CI'l\
cfn@dnconsulLdk
.4S 4019 414S
02018
eFN c •• ",,,iI
"1'_ •