1. VSHN - The DevOps Company
Glenfis Cloud Talk
NEXT GEN Betriebsmodelle
Aarno Aukia, CTO @ VSHN - The DevOps Company
Zürich, 20.11.2019
2. VSHN - The DevOps Company
@aarnoaukia http://about.me/aarno aarno.aukia@vshn.ch
ETH → Google → Atrila → VSHN
VSHN - The DevOps Company
Since 2014, currently 42 VSHNeers in Zürich, Switzerland
Helping Developers run applications on any infrastructure making both visitors
happy with stability and developers happy with agility
22
About Aarno & VSHN.ch
3. VSHN - The DevOps Company 3
OPS = Firefighting-as-a-Service ?
3
4. VSHN - The DevOps Company
Capability Maturity Model Integration (CMMI)
44
Operations
2014
How to get to
this level?
5. VSHN - The DevOps Company
DevOps: CMMI Level 5:
People, Processes & Tools
55
6. VSHN - The DevOps Company
● CMMI Level 5
● Why?
● Challenges for traditional IT-organizations
● DevOps / DevSecOps
● Software-Container (Docker), Container-orchestration (Kubernetes)
● Cloud Native Computing
● Cloud Migration
● IT Governance: traditional vs. cloud native
Agenda
7. VSHN - The DevOps Company
● Self-service on usage demand, no back and forth with the provider
● Accessing services using standard protocols (e.g. over the internet)
● Resource scaling within a large pool, provisioning of resources anytime and
in any quantity (SLA)
● Billing according to transparent KPI, based on usage & time (e.g. hours of
computing resources, number of users per month, etc)
● management/ordering/scaling of the services using API
○ enables automation
○ enables ready-to-use integrations with other services
1010
Capability Maturity in the cloud
8. VSHN - The DevOps Company
● Self-service provisioning
○ IaaS: VM, storage, network
○ PaaS: Application Runtime/container
○ DBaaS: DB instance
○ SaaS: Application
● Automatable -> API
● Usage based billing -> incentive for
just-in-time provisioning
1111
CMMI Level 5 services
Infrastructure
IaaS
Platform
PaaS
Application
SaaS
9. VSHN - The DevOps Company
● Highly standardized, highly automated -> economies of scale
○ Efficiency, focus and expert knowledge of the provider
○ Lots of pre-integrated services -> low barrier for adoption
○ Large number of new innovative services available
● (low CAPEX), less over-provisioning for many years in advance
● Billing: agility, elasticity, focus on Business-KPI (e.g. number of users for
SaaS)
● Cost of personnel, training, opportunity cost, redundancy (24/7)
○ Is providing commodity services a core-competency of your company?
Why cloud services?
10. VSHN - The DevOps Company
● Transformation from (internal) infrastructure to service provider
○ Procurement instead of production of standard services
● Combining and enriching services with IT governance
○ Security: authentication, logging, network-access to other services
○ Controlling: procurement, billing, budgeting, cost control
● Automation and self-service
○ Optimizing time-to-market: provide agility and proactivity to internal stakeholders
1313
Challenges for traditional IT
11. VSHN - The DevOps Company
Collaboration between Software Development (Dev) and IT-Operations (Ops)
● Automate as much as possible (“Infrastructure as code”)
● use standard services (layers of abstractions with clear API) to abstract
complexity
● Cost efficient and lean way of working
● Agility: ability to react to new/changing requirements
● One team with a common goal: ship stable features
● Continuous improvement
●
1414
DevOps
12. VSHN - The DevOps Company
DevOps + Security Engineering = DevSecOps
1515
13. VSHN - The DevOps Company
● “Docker”
○ Kernel-based process isolation based on lxc/libcontainer/runc (CNCF open standard)
○ Open Source Tools for container image creation and management (“Docker CE”)
○ Company based in San Francisco (“Docker inc”)
○ Enterprise software product (“Docker EE”)
○ Online portal for public docker containers (“Dockerhub” hub.docker.com)
● “Dockerfile”
○ Text file containing all the instructions to build and assemble the application into a container
including application code, appserver, plugins, modules, libraries down to libc
○ Goal: document & automate the build process
○ Usually in the application GIT repository
○ References a base image to incrementally add the application to
2121
Container technology: Docker
14. VSHN - The DevOps Company
● Use declarative formats for setup automation
● Have a clean, portable contract with the underlying operating system
● Are suitable for deployment on modern cloud platforms, obviating the need
for servers and systems administration;
● Minimize divergence between development and production, enabling
continuous deployment for maximum agility;
● And can scale up without significant changes to tooling, architecture, or
development practices.
2222
12 Factor App Patterns: https://12factor.net/
15. VSHN - The DevOps Company
From container
to production?
2323
16. VSHN - The DevOps Company
● How many container instances should be running per service?
● On which IP/port/server are they running on?
● Service discovery
● What happens if a container/server goes away?
● scaling, load balancing, rolling deployments, persistent storage, networking
2424
Container orchestration: Kubernetes
17. VSHN - The DevOps Company
Docker
Kubernetes
3131
Layers of abstraction
Hardware Infrastructure
Operating System
Service discovery & Load
balancing
Application Server
Application
Cloud/Onprem
18. VSHN - The DevOps Company
● Free & open standard
● Adopted by all major vendors (Google, AWS, MS, Redhat, Suse, IBM, etc)
● available as managed service both on-premises and (private) cloud based
● Provides integration in infrastructure (compute, storage, networking)
● Provides optional integration in plattform (e.g. DBaaS, S3) services
● Infrastructure as code, automation, tools for DevOps processes
● Large ecosystem of auxiliary tooling & integration available
● Is being adopted as standard runtime by ISVs (Avaloq, Finnova, Abacus,
Adcubum, Ergon, etc)
3232
Benefits of Kubernetes as abstraction
19. VSHN - The DevOps Company 3333
Global reach through
standardization & Automation
20. VSHN - The DevOps Company
● platform technology based on open standards and open source software
implementations
● Abstraction layer on infrastructure
● Cloud Native Computing Foundation (CNCF)
○ Daughter-foundation of the Linux Foundation
● Projects: Kubernetes and many more
3434
Cloud Native Computing
21. VSHN - The DevOps Company
The CNCF Landscape
3535
23. VSHN - The DevOps Company
● “Full Stack Audit”
● Review design document
● Every layer was custom built
○ physical hardware
○ handcrafted servers
○ manual application deployment
● Review each layer
● Review each layer again next year...
3737
Traditional IT governance
24. VSHN - The DevOps Company
● Standardized components
○ already audited, some even externally certified
○ re-used, economies of scale, CMMI level 5
○ tech controls (AAI, RBAC, logs/SIEM) implemented once
○ financial controls implemented once
● Infrastructure: private/public cloud
● Ops: Container orchestration platform
● Review design document & platform
configuration
3838
Cloud native IT governance
25. VSHN - The DevOps Company
● prevent configuration drift
○ immutable (application) infrastructure using containers
○ deploy dev/test/stage/prod envs from CI/CD
● prevent manual errors
○ validate configuration in CI/CD before deployment
○ standardization on (minimal, hardened) OS and container orchestrator
○ deployment automation removes need for (most) root prod access
● security by default
○ image scanning, dependency vulnerability management
○ process/storage/network separation of applications/environments
○ volumes & ingresspoints best practice (documentation, monitoring, backup, SSL/TLS/WAF)
○ AAI for admin & application, audit trail logging of CI/CD, control & application planes
○ key & secrets management
● 3939
IT governance controls in container platforms
26. VSHN - The DevOps Company
● compute resources billable by project
● self-service-onboarding possible
● autoscaling, scale-down dev envs outside office hours
● vendor procurement/due diligence/certification management
● SLA, 24x7, service process, escalation management clearly defined
4040
IT governance financial/compliance controlling
27. Come visit us for a coffee!
VSHN AG - Neugasse 10 - CH-8005 Zürich - +41 44 545 53 00 - https://vshn.ch/ - info@vshn.ch
https://vshn.ch/kontakt/
Follow us on Twitter!
@vshn_ch
41