Mais conteúdo relacionado


DevOps to DevSecOps Journey..

  1. DevOps to DevSecOps Siddharth Joshi
  2. What is DevOps ? Is DevOps a Methodology ? Is DevOps a Technology ? Is DevOps a Process ?
  3. If…then. What ?
  4. DevOps is all about..
  5. How to follow DevOps culture? Devops is a Culture which needs to be Practiced in order to do achieve organizational goals in a better and quicker way. In Technical Aspect … “Devops is a set of practices and cultural changes – supported by automation tools and Lean Processes – that creates an automated software delivery pipeline, enabling organizations to deliver better – quality services and applications faster”.
  6. Why DevOps ?
  7. DevOps CALMS Model
  8. DevOps Best Practices
  9. Infrastructure as code (IaC) What is meant by IAC ? It is a method to provision and manage IT infrastructure through the use of source code, rather than through standard operating procedures and manual processes.
  10. 6 C’s of DevOps Adoption
  11. Buzzword “Pipeline”
  12. Continuous Delivery? Still you have any doubts about CI/CD ? Yes, what about Continuous Delivery ?
  13.  It is a state of being ready and able to release any version at any time on any platform.  This does not mean the code or project is 100% complete, but the feature sets that are available are vetted, tested, debugged and ready to deploy, although you may not deploy at that moment.  Continuous Delivery is a small build cycle with short sprints.  It is being able to continually deploy.  With Continuous Deployment, every change that is made is automatically deployed to production. This approach works well in enterprise environments where you plan to use the user as the actual tester and it can be quicker to release. Continuous Delivery Continuous Deployment
  14. Delivery vs Deployment
  15. Containerization Containerization is a lightweight alternative to a virtual machine that involves encapsulating an application in a container with its own operating system and to run on every environment from physical computers to virtual machines, from bare-metal, Clouds, etc
  16. Orchestration Container orchestration is the automatic process of managing or scheduling the work of individual containers for applications based on microservice within multiple clusters. 1.Configuring and scheduling of containers. 2.Provisioning and deployments of containers. 3.Availability of containers. 4.Scaling of containers. 5.Allocation of resources between containers. 6.Load balancing, traffic routing and service discovery of containers. 7.Health monitoring of containers. 8.Securing the interactions between containers.
  17. Netflix - DevOps Transformation  Netflix : From moving DVD sales to world’s leading internet television company.  With more than 100 million members worldwide enjoying 125 million hours of TV shows and movies each day.  Netflix operates a cloud-based infrastructure comprised of hundreds of microservices.  Developers can automatically build pieces of code into deployable web images without relying on IT operations.  Using more than 100000 instances on AWS.  Centralizing Flow Logs Using Amazon Kinesis Streams.  Netflix Realizes Multi-Region Resiliency Using Amazon Route 53.  Netflix Tunes Amazon EC2 Instances for Performance.  Journey to the cloud at Netflix began in August of 2008.  Experienced a major database corruption.  Realized that they had to move to relational databases in their datacenter, towards highly reliable, horizontally- scalable, distributed systems in the cloud.
  18. Transition to DevSecOps DevSecOps was founded by Security Practitioners dedicated to the science of how to incorporate Security within Agile and DevOps practices. DevSecOps is the practice of integrating automated security tasks within DevOps processes. It is about going fast and safe. DevSecOps is about creating a #SecurityFirst culture, where security is a part of everyone’s job
  19. Why DevSecOps ? It’s tough to get important security fixes, controls, and coding standards into a project that's "done and dusted" as far as the development team is concerned. So what happens? The product goes out the door with known, and unknown, security vulnerabilities with possibly some promise to "fix them in the next release." This is what you get when you put security after development — "Dev" then "Sec" then "Ops."
  20. “Sec” “Dev” “Ops” Security controls, guidelines, coding standards, and policies must be integrated completely into the software development process. This is done by making security part of the process and pipeline from the beginning — "Sec" then "Dev" then "Ops." With automation, you can shift- left your approach to security for a SecDevOps strategy
  21. Security as Code (SaC) Security as Code (SaC) is managing the security through code.  Privilege management  Define Policies  Internal Build and Deployment Security  Test policies regularly
  22. Exploring DevSecOps Workflow  Developers create the code and tests, which are managed by a version control system like Git.  Changes are committed to the Git.  Jenkins pulls the code from the repo. and builds and runs unit tests, as well as static code analysis to identify code quality bugs and security defects.  An IaC tool, like Chef, provisions an environment, deploys the application, and applies security configurations to the system.  Jenkins runs a test automation suite against the newly deployed application, including UI, back-end, integration, API, and security tests.  If the application successfully passes all tests, the application is deployed to production using the same infrastructure-as-code tool used in the previous environments.  The production environment is continuously monitored by tools like New Relic and Splunk to detect active cyber security threats.