As DevOps practices have been put into wide use, it's become evident that developers and operations aren't merging to become one discipline. Nor is operations simply going away. Rather, DevOps is leading software development and operations - together with other practices such as security - to collaborate and coexist with less overhead and conflict than in the past.
In his session at @DevOpsSummit at 19th Cloud Expo, Gordon Haff, Red Hat Technology Evangelist, will discuss what modern operational practices look like in a world in which applications are more loosely coupled, are developed using DevOps approaches, and are deployed on software-defined, and often containerized, infrastructures - and where operations itself is increasingly another "as a service" capability from the perspective of developers.
How does the operations tool chest change? How does the required skill set differ? How are the interactions between operations and other IT and business organizations different from in the past? How can operations provide the confidence to the entire organization that this new pipeline is still delivering non-functional requirements such as regulatory compliance and a secure and certified operating environment? How does operations safely consume vendor and upstream dependencies while meeting developer desires for the latest and greatest?
Operations is more important than ever for a business to derive value from its IT organization. But the roles and the goals of operations are significantly different than they were historically.
5. FOCUS ON IMPROVED
AND LESS ISOLATED
DEVELOPER WORKFLOWS
● Collaboration
● CI/CD
● Issue tracking
● Source code control
● Code review
● IDE
● xPaaS
Source: Mike McGarr, Netflix
6. AN OPPOSING VIEW
"I want to change my job because there is this horrible concept of
"pager duty" or "oncall". Where the developer has to be ready for
any issues that may occur. Are most software jobs like this? Is this
a norm? Where can I find software development positions without
such concepts?"
Anonymous Quora user
7. WE ALSO TALK
ABOUT CULTURE A LOT
● Empathy
● Trust
● Learning
● Cooperation
● Responsibility
11. NO OPS? (OR IS IT EVOLVED DEVOPS?)
"We have built tooling that removes many of the
operations tasks completely from the developer, and
which makes the remaining tasks quick and self
service. There is no ops organization involved in
running our cloud, no need for the developers to
interact with ops people to get things done, and less
time spent actually doing ops tasks than developers
would spend explaining what needed to be done to
someone else."
Adrian Cockroft, Netflix, 2012
12. FOCUS ON PROVIDING CORE SERVICES
AND GETTING OUT OF THE WAY
● Deploy a modern container platform
● Enable automated developer workflows
● Mitigate risk and automate security
14. NEW CLOUD PLATFORM NEEDS
What? Why?
Scale-out to meet highly elastic service
requirements
Scale-up is not flexible or scalable enough to
meet changing business needs
Software-defined everything
Software functions running on standardized
hardware increase flexibility
Focused on applications composed of
loosely-coupled services
Large monolithic applications are fragile and
can’t be updated quickly
Enable lightweight iterative software
development and deployment
Modern applications are often short-lived and
require frequent refreshes/replacements
18. OPERATED AT SCALE
• Different aspects of scale:
• Large scale workloads
• Diverse workloads (batch and services)
• Complex resource management (QoS,
latency sensitivity, etc.)
• Focus on lightweight containerized instances
• Orchestration and resource management
19. HYBRID MANAGEMENT SERVICES
SERVICE
AUTOMATION
Complete lifecycle and
operational management
that allows IT to remain in
control.
POLICY &
COMPLIANCE
Deploy across virtualization,
private cloud, public cloud and
container-based
environments.
UNIFIED HYBRID
MANAGEMENT
Draws on continuous
monitoring and deep
insights to raise alerts or
remediate issues.
Streamline complex service
delivery processes, saving
time and money.
OPERATIONAL
VISIBILITY
25. TRADITIONAL SECURITY
What we did The problem
Code audited for current compliance
New vulnerabilities constantly
discovered and exploited with no
opportunity for rapid remediation.
Applications and systems deployed on
“secured” platform
There is no perimeter.
Largely relied on checklists, written
processes, and manual actions
Limited throughput and prone to errors.
“Patch Tuesdays” last all month.
Primarily an end-of-process checkpoint Security is such a bottleneck!
26. DevSecOps
● Build on the mindset that "everyone is responsible for security"
● It’s the practice of building security into development processes
● Security as code
● Flips security from a defensive to an offensive posture that is both automated and
constant
27. BAKE IN SECURITY AND ASSURANCE
● Components built from source code using a secure, stable, reproducible build
environment
● Careful selection, configuration, and security tracking of packages
● Automated analysis and enforcement of security practices
● Active participation in upstream and community involvement
● Thoroughly validated vulnerability management process
28. INTEGRATED SECURITY
"Our goal as information security architects must be to
automatically incorporate security controls without manual
configuration throughout this cycle in a way that is as transparent
as possible to DevOps teams and doesn't impede DevOps agility,
but fulfills our legal and regulatory compliance requirements as
well as manages risk. "
DevSecOps: How to Seamlessly Integrate Security Into DevOps
Gartner. DevSecOps: How to Seamlessly Integrate Security Into DevOps. September 2016. G00315283
31. AN OPEN HYBRID CLOUD JOURNEY
Hybrid policy & management
Data, workflow, & API integration
Automation
Software-defined infrastructure
Legacy modernization
Self-service & flexibility
Optimized virtualization
Cloud migration
Orchestrated container platform
DevOps tooling
Mobile
Open Innovation Labs
Secured software supply chain
32. CREDITS
Dev: Nelson Pavlosky/flickr under CC http://www.flickr.com/photos/skyfaller/113796919/
Ops: Leonardo Rizzi/flickr under CC http://www.flickr.com/photos/stars6/4381851322/
Rainbows and Unicorns: http://kaigumo.deviantart.com/art/Unicorns-Fart-Rainbows-3-151273843
Piggy bank: https://www.flickr.com/photos/marcmos/3644751092
Stop: https://www.flickr.com/photos/r_grandmorin/6922697037
34. TRADITIONAL SECURITY
What we did
Code audited for current compliance
Applications and systems deployed on
“secured” platform
Largely relied on checklists, written
processes, and manual actions
Primarily an end-of-process checkpoint
35. TRUSTED CONTAINER CONTENT
"From a security and governance perspective, trusting the
container image is a critical concern throughout the software
development lifecycle. Ensuring that images are signed and
originate from a trusted registry are solid security best practices. "
5 keys to conquering container security, Amir Jerbi, Infoworld
4 August 2016
http://www.infoworld.com/article/3104030/security/5-keys-to-docker-container-security.html
36. NoOps?
"This is part of what we call NoOps. The developers used to
spend hours a week in meetings with Ops discussing what they
needed, figuring out capacity forecasts and writing tickets to
request changes for the datacenter. Now they spend seconds
doing it themselves in the cloud."
Adrian Cockroft, Netflix, 2012
37. BACK TO ADRIAN
" We have built tooling that removes many of the operations tasks
completely from the developer, and which makes the remaining
tasks quick and self service. There is no ops organization involved
in running our cloud, no need for the developers to interact with
ops people to get things done, and less time spent actually doing
ops tasks than developers would spend explaining what needed
to be done to someone else. "
Adrian Cockroft, Netflix, 2012
38. Strategies for sourcing software
Wild West
Go ahead
and grab it!
Blacklist
Is it from a
known bad
source?
Whitelist
Is it a known good source?
Digitally signed/securely delivered
Rapid updates for vulnerabilities
Repeatable release processes
39. THE MOVE TO HYBRID INFRASTRUCTURES
BRINGS ADDITIONAL MANAGEMENT CHALLENGES
APPLICATION
ARCHITECTURE
INFRASTRUCTURE
PLATFORM
OPERATIONAL
MODEL
OPERATIONAL
CHALLENGES
Traditional Applications
Virtualization
Operational
Automation
Orchestration
Automation
Private Cloud
Scalable
Applications
Public Cloud
SaaS and PaaS
Cloud Native
Service
Brokering
Containers
Microservices
Self-service
Automated provisioning
Lifecycle management
Root cause analysis
Performance and
capacity management
Hybrid Management
Policy compliance
Quota enforcement
Chargeback
40. WHAT DEFINES A MODERN PLATFORM?
● Built through collaborative innovation in Linux and other open source communities
● Composed of integrated core software services
● Open container format, runtime, and orchestration
● Focused on large distributed system scale points
41. THE NEEDED MANAGEMENT SERVICES
SERVICE
AUTOMATION
Complete lifecycle and
operational management
that allows IT to remain in
control.
POLICY &
COMPLIANCE
Deploy across virtualization,
private cloud, public cloud and
container-based
environments.
UNIFIED HYBRID
MANAGEMENT
Draws on continuous
monitoring and deep
insights to raise alerts or
remediate issues.
Streamline complex service
delivery processes, saving
time and money.
OPERATIONAL
VISIBILITY
42. OPERATIONAL VISIBILITY CHALLENGES
Systems that are not being utilized
should be retired to reclaim resources.
Budgets are tight. We have to
make sure that we are utilizing
our systems efficiently.
Tracking problems across infrastructure
layers can be a challenge.
I’ve got to project infrastructure usage
out into the future for planning purposes.
CHALLENGES
LIFECYCLE MANAGEMENT
ROOT-CAUSE ANALYSIS CAPACITY MANAGEMENT
RESOURCE OPTIMIZATION
43. OPERATIONAL VISIBILITY WITH HYBRID MANAGEMENT
We now have complete lifecycle
management: provisioning, reconfiguration,
deprovisioning, and retirement.
Automatic resource optimization
intelligently places VMs and offers
right-sizing recommendations.
I can drill-down through infrastructure
layers to determine the root cause.
Resource tracking and trending aids in
capacity and what-if scenario planning.
CHALLENGES
LIFECYCLE MANAGEMENT
ROOT-CAUSE ANALYSIS CAPACITY MANAGEMENT
RESOURCE OPTIMIZATION