Continuous Delivery: Rapid and Reliable Releases with DevOps Practices
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Continuous Delivery: Rapid and Reliable Releases with DevOps Practices

on

  • 232 views

DevOps is an emerging set of principles, methods, and practices that empower teams and organizations to rapidly deploy systems and application updates while maintaining—and even improving—quality. ...

DevOps is an emerging set of principles, methods, and practices that empower teams and organizations to rapidly deploy systems and application updates while maintaining—and even improving—quality. By lowering barriers between development, testing, and operations, DevOps practices can add tremendous business value to software projects and systems. Bob Aiello explains how to prepare for and implement continuous delivery—in both agile and non-agile environments—employing industry standard processes and automated frameworks. Bob shares DevOps best practices starting with its role early in the application lifecycle through release and application maintenance. He introduces the emerging “Infrastructure as Code” concept that automates server and system provisioning within cloud computing environments. Learn ways to overcome technical, process, and cultural challenges with DevOps. Take back a set of practical and proven practices—for automated application build, automated packaging, and automated deployment—that will put your organization on the path to rapid and reliable releases.

Statistics

Views

Total Views
232
Views on SlideShare
229
Embed Views
3

Actions

Likes
1
Downloads
12
Comments
0

2 Embeds 3

http://www.stickyminds.com 2
http://www.cmcrossroads.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Continuous Delivery: Rapid and Reliable Releases with DevOps Practices Document Transcript

  • 1.     TB Full‐day Tutorial  6/4/2013 8:30 AM              "Continuous Delivery: Rapid and Reliable Releases with DevOps Practices"       Presented by: Bob Aiello CM Best Practices Consulting               Brought to you by:        340 Corporate Way, Suite 300, Orange Park, FL 32073  888‐268‐8770 ∙ 904‐278‐0524 ∙ sqeinfo@sqe.com ∙ www.sqe.com
  • 2. Bob Aiello CM Best Practices Consulting Editor-in-chief of CM Crossroads and author of Configuration Management Best Practices: Practical Methods that Work in the Real World, Bob Aiello is a consultant and software engineer specializing in software process improvement, including software configuration and release management. He has more than twenty-five years of experience as a technical manager at top New York City financial services firms, where he held company-wide responsibility for configuration management. Bob served as vice chair of the IEEE 828 Standards Working Group on CM Planning and a member of the IEEE Software and Systems Engineering Standards Committee (S2ESC) Management Board. Contact Bob at bob.aiello@ieee.org, via LinkedIn, or visit cmbestpractices.com.  
  • 3. Continuous Delivery (DevOps Best Practices) Bob Aiello, Principal Consultant and Author of Configuration Management Best Practices : Practical Methods that Work in the Real World http://www.linkedin.com/in/BobAiello http://cmbestpractices.com 1 CM Best Practices Consulting © 2013
  • 4. Who am I? • CM/DevOps Lead & Consultant for over 25 years • Editor-in-Chief at CM Crossroads • Author of CM Best Practices • IEEE Management Board • Tools and process agnostic • The guy called in the middle of the night when the release doesn’t work! http://cmbestpractices.com © 2013 2 April 9, 2013
  • 5. Goals of this Course • Understand Continuous Delivery • Configuration Management roots • Control Dependencies & Configuration • Continuous Integration • Build and Deployment Automation • Deployment Pipeline is an Art! Agile Release Train http://cmbestpractices.com © 2013 3 April 9, 2013
  • 6. DevOps Focus • Understand DevOps Best Practices • A Little History of DevOps • Scope of DevOps and how to get started • The People side of DevOps Establish your own plan for DevOps! http://cmbestpractices.com © 2013 4 April 9, 2013
  • 7. And Don't Forget • Delivery Ecosystem • Components & Dependencies • Test vs Verification & Validation (V&V) • Don't forget the Data • Establish IT governance and compliance So what is Continuous Delivery? http://cmbestpractices.com © 2013 5 April 9, 2013
  • 8. Continuous Delivery • Methodology for getting software from development to release • Focus on the Deployment Pipeline • Rapid incremental deployment • Minimize Risk • Many small deployments better than big bang http://cmbestpractices.com © 2013 6 April 9, 2013
  • 9. Continuous Integration • What is Continuous Integration • Why does CI work? • Martin Fowler reminds us to test • Let's consider the ergonomics http://cmbestpractices.com © 2013 7 April 9, 2013
  • 10. Lessons from Aviation • Cockpit of a plane • Controls are easy to read • Traceability • Designed to avoid mistakes How does this relate builds? http://cmbestpractices.com © 2013 8 April 9, 2013
  • 11. Ergonomics of the Build • “Bob-proof” your build • Implicit verification and validation • Avoid the possibility of mistakes • Each step should be easy to understand • One step should not break the stream • Use dashboards and reports to communicate status http://cmbestpractices.com © 2013 9 April 9, 2013
  • 12. Knight Capital Group • August 1st 2012 trading disaster • Related to NYSE systems upgrade • Resulted in a $440 million loss • Loss grew as customers left the firm • Knight Capital Group merged with GETCO holding company DevOps doesn't cost $440 million http://cmbestpractices.com © 2013 10 April 9, 2013
  • 13. Introducing the Trusted Base • Ensure that you know exactly what you built • Verify that the release gets deploy • Ensure that there are no unauthorized changes Understanding Continuous Integration http://cmbestpractices.com © 2013 11 April 9, 2013
  • 14. Features of CI • Source Code Management • Building the Code • Database integration • Testing • Source code inspection • Deployment Controlling isolation http://cmbestpractices.com © 2013 12 April 9, 2013
  • 15. Controlled Isolation • Developers work in sandboxes • Deliver (actually published) your changes • Rebase before you deliver • Private builds • Manage variants Consider the ergonomics http://cmbestpractices.com © 2013 13 April 9, 2013
  • 16. Ergonomics of CI/CD • Small incremental changes • Early Warning • Reduce risk • Easier to triage • Easier to backout What about life support systems? http://cmbestpractices.com © 2013 14 April 9, 2013
  • 17. I was once asked... • What if you were upgrading a life support system and your loved one was impacted • How do we ensure that there are no mistakes • Join me in Detroit in July How do we keep CI lean? http://cmbestpractices.com © 2013 15 April 9, 2013
  • 18. Keeping CI Lean • Too many builds • Too much noise • Tag interesting builds What about pilots and landings? http://cmbestpractices.com © 2013 16 April 9, 2013
  • 19. Pilots Abort Landings • Recently I was on a plane when another plane was on the same runway • You want to fail early when necessary • Abort bad builds and identify the cause What are the best practices? http://cmbestpractices.com © 2013 17 April 9, 2013
  • 20. Seven Practices, Duvall p. 39 • Commit code frequently • Don't commit broken code • Fix broken builds immediately • Write automated developer tests • All tests & inspections must pass • Run private builds • Avoid getting broken code http://cmbestpractices.com © 2013 18 April 9, 2013
  • 21. Chicago Board Options Exchange • Planned systems upgrade • Problem with staging software • Employees reported there was a problem • CBOE did not fail over Could DevOps have helped the CBOE? http://cmbestpractices.com © 2013 19 April 9, 2013
  • 22. What is DevOps? • New Term for... • Portmanteau • Agile Systems Administration • Agile Operations • Group of Principles Now that we cleared that up! http://cmbestpractices.com © 2013 20 April 9, 2013
  • 23. New Term • Group of concepts • Been around for a while • Use case is compelling • Stimulating discussion • Necessary to meet demand http://cmbestpractices.com © 2013 21 April 9, 2013
  • 24. Portmanteau • Combination of two words • Development • Operations Development and Operations have very different goals http://cmbestpractices.com © 2013 22 April 9, 2013
  • 25. Conflict Between Dev & Ops • Development focused on delivering new functionality • Operations is focused on providing continuous (reliable) services • Manage risk! One time I was asked to break the rules http://cmbestpractices.com © 2013 23 April 9, 2013
  • 26. Trying to make the deadline • Trading system was tested and passed • Few bugs discovered • I was asked to deliver a different version than was tested How does DevOps help balance? http://cmbestpractices.com © 2013 24 April 9, 2013
  • 27. DevOps is also • Emerging Best Practices • Collaboration between Dev & Ops • Application and Systems Deployment • Software and Systems Development But is DevOps Agile? http://cmbestpractices.com © 2013 25 April 9, 2013
  • 28. What about Agile? • Agile Systems Administration • Agile Operations • Waterfall needs DevOps too! Release Antipatterns... http://cmbestpractices.com © 2013 26 April 9, 2013
  • 29. Release Antipatterns Deploying software manually  Deploying to a production-like environment only after development is complete  Manual configuration of production environment.  So what really is DevOps? http://cmbestpractices.com © 2013 27 April 9, 2013
  • 30. DevOps is Really... • Developer and Operations collaboration • Crossfunctional team • Knowledge Management • Better communication Time to get rid of silos http://cmbestpractices.com © 2013 28 April 9, 2013
  • 31. What is Ops? • Blanket term • Systems engineers • Systems administrators • Operations staff What's honesty got to do with all this? http://cmbestpractices.com © 2013 29 April 9, 2013
  • 32. Agile on What We Know • Don't try to define requirements we do not yet understand • Last responsible moment • Requirements documents that are unusable Deming says, “drive out fear” http://cmbestpractices.com © 2013 30 April 9, 2013
  • 33. What is a Deployment Pipeline? • Build once • Deploy the same way to every environment • Smoke is essential • Deploy to a copy of Production • Manage the pipeline Environment management http://cmbestpractices.com © 2013 31 April 9, 2013
  • 34. Deployment Pipeline A deployment pipeline is … an automated implementation of your application’s build, deploy, test and release process Jez Humble and David Farley’s Continuous Delivery, p 3. http://cmbestpractices.com © 2013 32 April 9, 2013
  • 35. Aim of the Pipeline • Makes building, deploying, testing and releasing software visible to everyone involved • Improves feedback so that problems are identified, and so resolved, as early in the process as possible • Enables teams to deploy and release any version of their software to any environment at will through a fully automated process (p. 4) http://cmbestpractices.com © 2013 33 April 9, 2013
  • 36. Antipatterns • Deploying Software Manually • Deploying to Production-like environment only after Development is complete • Manual Configuration of Production Environments Continuous Deployment, p. 7 – 10 http://cmbestpractices.com © 2013 34 April 9, 2013
  • 37. Agile Release Train (ART) Making each product a successful and routine event – an event that is indeed planned and eagerly anticipated yet one one that happens almost on autopilot Dean Leffingwell’s Agile Software Requirements, p. 299 http://cmbestpractices.com © 2013 35 April 9, 2013
  • 38. How Do We Implement? Are deployment pipelines practical? How do we figure out the details? Is it worth the time and effort? What are the benefits? What are the risks? It's really all about knowledge... http://cmbestpractices.com © 2013 36 April 9, 2013
  • 39. Knowledge Management • There are always a few experts • They are not working when system glitch • Building a Knowledge Management System • But What if some people do not want to share? (caution silos ahead) http://cmbestpractices.com © 2013 37 April 9, 2013
  • 40. Beware of Silos • The SAs see file systems • The DBAs have a different view • WebSphere Admins • InfoSec helped us secure (so much nothing worked) DevOps is about sharing knowledge! http://cmbestpractices.com © 2013 38 April 9, 2013
  • 41. Where did DevOps start? • O'Reilly Velocity Conference 2008 • Web Performance and Operations • “Infrastructure as Code” http://cmbestpractices.com © 2013 39 April 9, 2013
  • 42. Need for Rapid Change • 2009 Presentations on developer / operations collaboration at large shops along with safe rapid change of Web environments http://cmbestpractices.com © 2013 40 April 9, 2013
  • 43. DevOps Days • Patrick Debois – DevOpsDays in 2009 • Tools (actually toolchains) have brought together “the three layers of what you need for agile movement (principles, process and practices)” http://cmbestpractices.com © 2013 41 April 9, 2013
  • 44. Let's Get Into Some Details • How do we implement? • How do we make pragmatic choices? • How do we do this in the real world? My experience taking down NYSE http://cmbestpractices.com © 2013 42 April 9, 2013
  • 45. I Was Once Accused • Promoting the wrong shell scripts • Taking down the NYSE • Stopping the World Economy Principles of Software Delivery http://cmbestpractices.com © 2013 43 April 9, 2013
  • 46. Continuous Delivery • Configuration Management focus • Version control • Dependency and configuration control Principles of Software Delivery http://cmbestpractices.com © 2013 44 April 9, 2013
  • 47. Software Delivery Principles • Create repeatable, reliable process • Automate as much as possible • If it hurts, do it more often! • Build quality in from the beginning (Deming) any more? http://cmbestpractices.com © 2013 45 April 9, 2013
  • 48. More Principles • Done means released • Everyone is responsible for the delivery process • Continuous improvement • Version control is key So what is CM? http://cmbestpractices.com © 2013 46 April 9, 2013
  • 49. Configuration Management • Configuration Identification • Status Accounting • Change Control • Configuration Audit Tracking and Controlling Changes to Configuration Items http://cmbestpractices.com © 2013 47 April 9, 2013
  • 50. Configuration Identification • Provides a specific and unique identity to each configuration item (e.g. binary, config file, documentation) • Selecting the configuration items for a system and recording their functional and physical characteristics (Sevocab) http://cmbestpractices.com © 2013 48 April 9, 2013
  • 51. Status Accounting • Tracking the status of a configuration item throughout its lifecycle. • Recording and reporting of information needed to manage a configuration effectively (Sevocab) http://cmbestpractices.com © 2013 49 April 9, 2013
  • 52. Change Control • Establishing checkpoints including gatekeeping (e.g. Production, QA, UAT) and configuration control. • Identifying, documenting, approving or rejecting, and controlling changes to the project baselines (Sevocab) http://cmbestpractices.com © 2013 50 April 9, 2013
  • 53. Configuration Audit • Inspect and identify the exact version of any configuration item (physical & functional) • Independent examination of the configuration status to compare with the physical configuration (Sevocab) http://cmbestpractices.com © 2013 51 April 9, 2013
  • 54. Functional description of CM • Easier to understand in the context of a lifecycle • Consisting of six core CM functions • Closely matches the job descriptions of the people doing the work • Can be tailored to your needs So what are the six functions? http://cmbestpractices.com © 2013 52 April 9, 2013
  • 55. CM Functions • Source Code Management • Build Engineering • Environment Configuration • Change Control • Release Engineering • Deployment Let's start with a brief overview http://cmbestpractices.com © 2013 53 April 9, 2013
  • 56. My buddy from Harvard • Builds are too complex to automate • Some folks do not want to see automation as being possible • You may have to shadow or ask to drive • Document the procedures and then Script your build... http://cmbestpractices.com © 2013 54 April 9, 2013
  • 57. Build Principles • Create a script for each stage of the build process • Use the right technology to deploy (find out what others are doing) • Use your operating systems native tools http://cmbestpractices.com © 2013 55 April 9, 2013
  • 58. More Build Principles • Idempotent – reliable and no side effects • Evolve your deployment system incrementally • Start with “attended automation” http://cmbestpractices.com © 2013 56 April 9, 2013
  • 59. Some other tips • Relative paths (watch your paths) • Eliminate manual steps • Traceability from binary to source • Test targets should not fail the build What do I do with binaries? http://cmbestpractices.com © 2013 57 April 9, 2013
  • 60. Managing Binaries • Binaries can be rebuilt • Based upon baselines • Verifiable (I hope) • Don't belong in the VCS with source • Definitive Media Libraries • Release Repos Managing Variants in the Code http://cmbestpractices.com © 2013 58 April 9, 2013
  • 61. Version Control Features • Provides history and security • Model the architecture • Reduce complexity • Model the process More on streams http://cmbestpractices.com © 2013 59 April 9, 2013
  • 62. Source Code Management • Control of every configuration item (e.g. source code, config, binaries, compile and runtime dependencies). • Much more than just checkin and checkout (version control) • Provides sanity to the development process (reduces cognitive complexity) http://cmbestpractices.com © 2013 60 April 9, 2013
  • 63. Terminology • Configuration items (CIs) include binaries, source code, config files and even documents • ISO 1007 notes end user function • Bob says, “anything where getting the wrong version would be bad” http://cmbestpractices.com © 2013 61 April 9, 2013
  • 64. What is Control? • In CM, control is managing the evolution of a CI throughout its lifecycle • Change Control • Configuration Control Is control really the right word? http://cmbestpractices.com © 2013 62 April 9, 2013
  • 65. Principles • Code is locked down and can never be lost • Code is baselined marking specific milestones • Managing variants using branches • Code changed on a branch can be merged http://cmbestpractices.com © 2013 63 April 9, 2013
  • 66. More Principles • Processes are repeatable Agile and Lean • Traceability and tracking of all changes • Improves productivity and quality http://cmbestpractices.com © 2013 64 April 9, 2013
  • 67. Best Practices • How do we establish source code management that adheres to these principles? • Better question is how does CM add value and help facilitate the development effort? http://cmbestpractices.com © 2013 65 April 9, 2013
  • 68. Streams • Provides a clear usage paradigm • Model components and architecture • Control flow of changesets • Snapshots create baseline of code http://cmbestpractices.com © 2013 66 April 9, 2013
  • 69. Streams Ability to load a particular snapshot  Strong security authorization and entitlements  Complete history and traceability  How about task based development? http://cmbestpractices.com © 2013 67 April 9, 2013
  • 70. Defect & Task Tracking • Track changesets to workitem • Traceability to who made the change • Makes release notes a breeze to create • Ties back to requirements and test cases • Allows for ALM and workflow automation http://cmbestpractices.com © 2013 68 April 9, 2013
  • 71. InfoSec Scans Code • Source Code Inspection • Are coding practices creating risk? • Are passwords being hardcoded • Scan for complexity • Code quality Managing globally distributed teams http://cmbestpractices.com © 2013 69 April 9, 2013
  • 72. Globally Distributed team • Managing work for a globally distributed team • Effective communication • Better coordination • Traceability • Visibility http://cmbestpractices.com © 2013 70 April 9, 2013
  • 73. Build on Commit • Nightly builds often enough • Build on demand • Pre-flight (private) builds • Build framework Tame the complexity and communicate via dashboards http://cmbestpractices.com © 2013 71 April 9, 2013
  • 74. Deploy to Environment • Run automated tests • Monitor the environment • Build the Ops Knowledgebase • Building our deployment framework Infrastructure as code http://cmbestpractices.com © 2013 72 April 9, 2013
  • 75. Infrastructure as Code • Provisioning Servers • Fundamental in the Cloud • What about private clouds? • Managing the OS Puppet and chef http://cmbestpractices.com © 2013 73 April 9, 2013
  • 76. Puppet/Chef • Automate provisioning, patching and configuration of operating system and application components • Systems integration framework • Scalable and extensible • Used in other deployment frameworks www.puppetlabs.com www.opscode.com http://cmbestpractices.com © 2013 74 April 9, 2013
  • 77. CIS Benchmark • Center for Internet Security (CIS) • Consists of hundreds of recommended configurations • Code is included to verify the configuration This is all about taming complexity http://cmbestpractices.com © 2013 75 April 9, 2013
  • 78. Taming Complexity • Understand the technology • Automate everything • Do it more often • Move upstream • Build a framework By the time we get to Production... http://cmbestpractices.com © 2013 76 April 9, 2013
  • 79. Build Once • Build once – deploy everywhere • Ensure bits are identical • Build based upon baseline • Embed immutable version IDs • Configuration audit Automated deployments http://cmbestpractices.com © 2013 77 April 9, 2013
  • 80. Deployment Frameworks • Starts with scripting • Many dependencies • Taming complexities • Test each step Traceable, Repeatable Process http://cmbestpractices.com © 2013 78 April 9, 2013
  • 81. Deploy the Same Every Environment • Write a deployment framework • Practice the deploy • Well oiled machine • Repeatable and traceable DevOps Focus http://cmbestpractices.com © 2013 79 April 9, 2013
  • 82. DevOps • Moving automation upstream • Communicating with stakeholders • Building knowledge • Infrastructure as code Smoke testing is required http://cmbestpractices.com © 2013 80 April 9, 2013
  • 83. SmokeTest • Test the deploy itself • Put in the first trade • Verify what changed • Work with QA & Testing Environments need to be similar to Production http://cmbestpractices.com © 2013 81 April 9, 2013
  • 84. Deploy into Copy of Production • You need a dress rehearsal • Need to verify automation works • Need to know the deploy will work • Manage risks and unknowns Deploys need to be verifiable http://cmbestpractices.com © 2013 82 April 9, 2013
  • 85. Changes Through the Pipeline • Every commit triggers • Build and deploy automation • Testing the release What are the recommended practices? http://cmbestpractices.com © 2013 83 April 9, 2013
  • 86. Pipeline Practices • Only build binaries once • Deploy the same way to every environment • Smoke test Changes should propagate instantly continuously The process itself must be testable http://cmbestpractices.com © 2013 84 April 9, 2013
  • 87. Verification and Validation • Does it meets requirements? • Are the requirements correct? • Deming – build in quality • Each step is testable When problems occur... http://cmbestpractices.com © 2013 85 April 9, 2013
  • 88. Stop the Line • Need to detect defects early • Stop the process immediately • Easier to diagnose • Easier to fix Kanban for the Deployment Pipeline http://cmbestpractices.com © 2013 86 April 9, 2013
  • 89. Kanban • Push • Pull • Implement through workflow automation Delivery Environment as an Ecosystem http://cmbestpractices.com © 2013 87 April 9, 2013
  • 90. Delivery Ecosystem • Understanding Operations • Managing Infrastructure • Server Provisioning & Configuration • Managing Middleware • Virtualization & Cloud DevOps should focus on Ops http://cmbestpractices.com © 2013 88 April 9, 2013
  • 91. Operations • Key stakeholder • Often outgunned and kept in the dark • Building a knowledgebase • Automating detection and response How can Ops get ahead of the curve? http://cmbestpractices.com © 2013 89 April 9, 2013
  • 92. Operations in DevOps • Infrastructure as Code • Provisioning servers • Monitoring the environment • Monitoring events InfoSec is also key http://cmbestpractices.com © 2013 90 April 9, 2013
  • 93. InfoSec • Key stakeholder • Often misinformed • Policies don't secure systems • Many incidents show this is a problem area Securing the trusted base http://cmbestpractices.com © 2013 91 April 9, 2013
  • 94. Securing the Trusted Base • Builds are baselined • Version IDs are embedded • Configuration audit • Non-repudiation Security is quality http://cmbestpractices.com © 2013 92 April 9, 2013
  • 95. Build Security In • Security should be considered from the beginning • Security and quality are tightly coupled • Provision servers using standards • Control & Detect unauthorized changes Manage components & dependencies http://cmbestpractices.com © 2013 93 April 9, 2013
  • 96. Managing Components • Code should be designed into components • Reduces complexity • Interfaces are essential • Part of environment management Managing Big Builds http://cmbestpractices.com © 2013 94 April 9, 2013
  • 97. Managing Big Builds • Big builds may require multiple pipelines • Treat the team as internal products • Handle this as COTs Configuration can be complex http://cmbestpractices.com © 2013 95 April 9, 2013
  • 98. Managing Configuration • Many ways to handle this • Configuration files (httpd.conf) • Properties files (.properties) • XML as configuration (server.xml) • Default as production (so you don't forget!) Managing Dependencies http://cmbestpractices.com © 2013 96 April 9, 2013
  • 99. Managing Dependencies • Maven and Ivy help identify dependencies • Need to be able to identify versions • Monitor and detect issues • Often controlled through data But you have to test http://cmbestpractices.com © 2013 97 April 9, 2013
  • 100. Testing Topology • Unit Testing • Functional • Regression • Integration • User Acceptance What about non functional testing? http://cmbestpractices.com © 2013 98 April 9, 2013
  • 101. Non-functional Testing • Capacity • Performance • Scalability Shoemakers children... http://cmbestpractices.com © 2013 99 April 9, 2013
  • 102. Testing the Pipeline • You need to test the automation including build, package and deployment • Fail early! • Trust but verify Don't forget the data http://cmbestpractices.com © 2013 100 April 9, 2013
  • 103. Internal Audit Requirements • Managing baselines • Traceability • Change control • Seperation of controls Regulatory Requirements http://cmbestpractices.com © 2013 101 April 9, 2013
  • 104. Conducting an Assessment • What is going well • What can be improved? Assess to industry standards and frameworks http://cmbestpractices.com © 2013 102 April 9, 2013
  • 105. Regulatory • Section 404 of the Sarbanes-Oxley Act of 2002 • SSAE-16 (formerly SAS-70) • Finra • Office of the Currency Standards and Frameworks http://cmbestpractices.com © 2013 103 April 9, 2013
  • 106. Industry Standards • IEEE 828 • EIA 649-B • ISO 12207 or 15288 • ISO 9001 Frameworks also provide guidance http://cmbestpractices.com © 2013 104 April 9, 2013
  • 107. Frameworks • Cobit for Sox Compliance • ITIL for IT Service Management • CMMI (less common in financial services) http://cmbestpractices.com © 2013 105 April 9, 2013
  • 108. Globally Distributed team • Managing work for a globally distributed team • Effective communication • Better coordination • Traceability • Visibility http://cmbestpractices.com © 2013 106 April 9, 2013
  • 109. The CD/CI/CM Process • Should be Lean • Processes need to be reviewed • Tailor down or tailor up • More collaboration and consensus building • Use standards and frameworks http://cmbestpractices.com © 2013 107 April 9, 2013
  • 110. Assessment • First step is to assess current practices - “As-Is” • Compare to industry standards and frameworks • Determine “To-Be” • Create a plan for improving your CM processes http://cmbestpractices.com © 2013 108 April 9, 2013
  • 111. IT Governance & Compliance • IT Governance needs to be in alignment with corporate governance • Financial reports needs to be accurate • Separation of controls • Security measures to prevent unauthorized access • Audit in place for intrusion detection http://cmbestpractices.com © 2013 109 April 9, 2013
  • 112. Sox Compliance • Section 404 of the Sarbanes Oxley Act of 2002 • Using ISACA Cobit 4.1 • 34 high level IT controls • PCI compliance • SAS-70 http://cmbestpractices.com © 2013 110 April 9, 2013
  • 113. ISO 9001 • Establishes the quality management system • ISO 90003 is the software standard in the 9000 family of standards • Uses ISO 12207 (or 15288) to specify lifecycle processes • ISO 10007 for CM • IEEE 828, EIA 649-A, Mil Std coming! http://cmbestpractices.com © 2013 111 April 9, 2013
  • 114. Which Standards? • IEEE 828 – CM Planning • EIA 649-A – Non compliance • ISO 90003 to support QMS • Full lifecycle ISO 12207 Tailor ! http://cmbestpractices.com © 2013 112 April 9, 2013
  • 115. Moving Upstream • Dev to CM to QA to Ops • Cross functional focus • Speed up development • Build a great deployment architecture • Give it to Devs as a service! http://cmbestpractices.com © 2013 113 April 9, 2013
  • 116. Frameworks • ITIL v3 including CMDBs, federated CMDBs, CMS, DML… • Cobit for SOX • CMMI ->>>> Agile http://cmbestpractices.com © 2013 114 April 9, 2013
  • 117. How Do We Improve • CSI is well - continuous • Inclusive • Transparent • Learning from mistakes Retrospectives are essential http://cmbestpractices.com © 2013 115 April 9, 2013
  • 118. Retrospective • After action review • Need open and honest evaluation • Opportunity to improve the process • Drives the entire release process http://cmbestpractices.com © 2013 116 April 9, 2013
  • 119. Plan for Improvement • Improve training and use case for source code management • Improvement build automation • Setup or improve continuous integration • Automate package and deployment • Create procedures for configuration audit http://cmbestpractices.com © 2013 117 April 9, 2013
  • 120. CM/Devops • Flexible technical background • Good knowledge of development • Knowledge of QA/Ops • Strong automation skills • Some systems administration • Ability to work across silos http://cmbestpractices.com © 2013 118 April 9, 2013
  • 121. Toolsmith/Devops • Strong technical background • Strong scripting skills • Diving deep into the tools including troubleshooting • Understands toolchains and finds flexible solutions • Process orientation – focus on traceability http://cmbestpractices.com © 2013 119 April 9, 2013
  • 122. Goals of this Course • Understand Continuous Delivery • Configuration Management roots • Control Dependencies & Configuration • Continuous Integration • Build and Deployment Automation • Deployment Pipeline is an Art! Agile Release Train http://cmbestpractices.com © 2013 120 April 9, 2013
  • 123. DevOps Focus • Understand DevOps Best Practices • A Little History of DevOps • Scope of DevOps and how to get started • The People side of DevOps Establish your own plan for DevOps! http://cmbestpractices.com © 2013 121 April 9, 2013
  • 124. And Don't Forget • Delivery Ecosystem • Components & Dependencies • Test vs Verification & Validation (V&V) • Don't forget the Data • Establish IT governance and compliance So what is Continuous Delivery? http://cmbestpractices.com © 2013 122 April 9, 2013
  • 125. Continuous Delivery • Methodology for getting software from development to release • Focus on the Deployment Pipeline • Rapid incremental deployment • Minimize Risk • Many small deployments better than big bang http://cmbestpractices.com © 2013 123 April 9, 2013
  • 126. Continuous Delivery (DevOps Best Practices) Bob Aiello, Principal Consultant and Author of Configuration Management Best Practices : Practical Methods that Work in the Real World http://www.linkedin.com/in/BobAiello http://cmbestpractices.com 124 CM Best Practices Consulting © 2013