Continuous Delivery: Rapid and Reliable Releases with DevOps Practices
Upcoming SlideShare
Loading in...5
×
 

Continuous Delivery: Rapid and Reliable Releases with DevOps Practices

on

  • 280 views

DevOps is an emerging set of principles, methods, and practices that enable the rapid deployment of software systems. DevOps focuses on lowering barriers between development, testing, security, and ...

DevOps is an emerging set of principles, methods, and practices that enable the rapid deployment of software systems. DevOps focuses on lowering barriers between development, testing, security, and operations in support of rapid iterative development and deployment. Many organizations struggle when implementing DevOps because of its inherent technical, process, and cultural challenges. Bob Aiello shares DevOps best practices starting with its role early in the application lifecycle and bridging the gap with testing, security, and operations. Bob explains how to implement DevOps using industry standards and frameworks such as ITIL v3 (IT Service Management) in both agile and non-agile environments, focusing on automated deployment frameworks that quickly deliver value to the business. DevOps includes server provisioning essential for cloud computing in what is becoming known as Infrastructure as Code. Bob equips you with practical and effective DevOps practices—automated application build, packaging, and deployment—essential for meeting today's business and technology demands.

Statistics

Views

Total Views
280
Views on SlideShare
272
Embed Views
8

Actions

Likes
0
Downloads
7
Comments
0

3 Embeds 8

http://www.stickyminds.com 5
http://www.cmcrossroads.com 2
http://www.agileconnection.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Continuous Delivery: Rapid and Reliable Releases with DevOps Practices Continuous Delivery: Rapid and Reliable Releases with DevOps Practices Document Transcript

  • 9/9/13 Continuous  Delivery  (DevOps  Best  Practices)   Bob  Aiello,  Principal  Consultant  and  Author  of   Configuration  Management  Best  Practices  :       Practical  Methods  that  Work  in  the  Real  World     http://www.linkedin.com/in/BobAiello   http://cmbestpractices.com     1 CM Best Practices Consulting © 2013 Who am I? •  CM/DevOps Lead & Consultant for over 25 years •  Editor-in-Chief at CM Crossroads •  Author of CM Best Practices •  IEEE Management Board •  Tools and process agnostic •  The guy called in the middle of the night when the release doesn’t work! http://cmbestpractices.com  ©  2013       2 April 9, 2013 1
  • 9/9/13 Goals of this Course •  Understand Continuous Delivery •  Configuration Management roots •  Control Dependencies & Configuration •  Continuous Integration •  Build and Deployment Automation •  Deployment Pipeline is an Art! Agile Release Train http://cmbestpractices.com  ©  2013       3 April 9, 2013 DevOps Focus •  Understand DevOps Best Practices •  A Little History of DevOps •  Scope of DevOps and how to get started •  The People side of DevOps Establish your own plan for DevOps! http://cmbestpractices.com  ©  2013       4 April 9, 2013 2
  • 9/9/13 And Don't Forget •  Delivery Ecosystem •  Components & Dependencies •  Test vs Verification & Validation (V&V) •  Don't forget the Data •  Establish IT governance and compliance So what is Continuous Delivery? http://cmbestpractices.com  ©  2013       5 April 9, 2013 Continuous  Delivery   •  Methodology for getting software from development to release •  Focus on the Deployment Pipeline •  Rapid incremental deployment •  Minimize Risk •  Many small deployments better than big bang http://cmbestpractices.com  ©  2013       6 April  9,  2013     3
  • 9/9/13 Continuous  Integration   •  What is Continuous Integration •  Why does CI work? •  Martin Fowler reminds us to test •  Let's consider the ergonomics http://cmbestpractices.com  ©  2013       7 April  9,  2013     Lessons  from  Aviation   •  Cockpit of a plane •  Controls are easy to read •  Traceability •  Designed to avoid mistakes How does this relate builds? http://cmbestpractices.com  ©  2013       8 April  9,  2013     4
  • 9/9/13 Ergonomics  of  the  Build   •  “Bob-proof” your build •  Implicit verification and validation •  Avoid the possibility of mistakes •  Each step should be easy to understand •  One step should not break the stream •  Use dashboards and reports to communicate status http://cmbestpractices.com  ©  2013       9 April  9,  2013     Knight  Capital  Group   •  August 1st 2012 trading disaster •  Related to NYSE systems upgrade •  Resulted in a $440 million loss •  Loss grew as customers left the firm •  Knight Capital Group merged with GETCO holding company DevOps doesn't cost $440 million http://cmbestpractices.com  ©  2013       10 April  9,  2013     5
  • 9/9/13 Introducing  the  Trusted  Base   •  Ensure that you know exactly what you built •  Verify that the release gets deploy •  Ensure that there are no unauthorized changes Understanding Continuous Integration http://cmbestpractices.com  ©  2013       11 April  9,  2013     Features  of  CI     •  Source Code Management •  Building the Code •  Database integration •  Testing •  Source code inspection •  Deployment Controlling isolation http://cmbestpractices.com  ©  2013       12 April  9,  2013     6
  • 9/9/13 Controlled  Isolation     •  Developers work in sandboxes •  Deliver (actually published) your changes •  Rebase before you deliver •  Private builds •  Manage variants Consider the ergonomics http://cmbestpractices.com  ©  2013       13 April  9,  2013     Ergonomics  of  CI/CD   •  Small incremental changes •  Early Warning •  Reduce risk •  Easier to triage •  Easier to backout What about life support systems? http://cmbestpractices.com  ©  2013       14 April  9,  2013     7
  • 9/9/13 I  was  once  asked...   •  What if you were upgrading a life support system and your loved one was impacted •  How do we ensure that there are no mistakes •  Join me in Detroit in July How do we keep CI lean? http://cmbestpractices.com  ©  2013       15 April  9,  2013     Keeping  CI  Lean   •  Too many builds •  Too much noise •  Tag interesting builds What about pilots and landings? http://cmbestpractices.com  ©  2013       16 April  9,  2013     8
  • 9/9/13 Pilots  Abort  Landings   •  Recently I was on a plane when another plane was on the same runway •  You want to fail early when necessary •  Abort bad builds and identify the cause What are the best practices? http://cmbestpractices.com  ©  2013       17 April  9,  2013     Seven  Practices,  Duvall  p.  39   •  Commit code frequently •  Don't commit broken code •  Fix broken builds immediately •  Write automated developer tests •  All tests & inspections must pass •  Run private builds •  Avoid getting broken code http://cmbestpractices.com  ©  2013       18 April  9,  2013     9
  • 9/9/13 Chicago  Board  Options  Exchange   •  Planned systems upgrade •  Problem with staging software •  Employees reported there was a problem •  CBOE did not fail over Could DevOps have helped the CBOE? http://cmbestpractices.com  ©  2013       19 April  9,  2013     What  is  DevOps?   •  New Term for... •  Portmanteau •  Agile Systems Administration •  Agile Operations •  Group of Principles Now that we cleared that up! http://cmbestpractices.com  ©  2013       20 April  9,  2013     10
  • 9/9/13 New  Term   •  Group of concepts •  Been around for a while •  Use case is compelling •  Stimulating discussion •  Necessary to meet demand http://cmbestpractices.com  ©  2013       21 April  9,  2013     Portmanteau   •  Combination of two words •  Development •  Operations Development and Operations have very different goals http://cmbestpractices.com  ©  2013       22 April  9,  2013     11
  • 9/9/13 Conflict  Between  Dev  &  Ops   •  Development focused on delivering new functionality •  Operations is focused on providing continuous (reliable) services •  Manage risk! One time I was asked to break the rules http://cmbestpractices.com  ©  2013       23 April  9,  2013     Trying  to  make  the  deadline   •  Trading system was tested and passed •  Few bugs discovered •  I was asked to deliver a different version than was tested How does DevOps help balance? http://cmbestpractices.com  ©  2013       24 April  9,  2013     12
  • 9/9/13 DevOps  is  also   •  Emerging Best Practices •  Collaboration between Dev & Ops •  Application and Systems Deployment •  Software and Systems Development But is DevOps Agile? http://cmbestpractices.com  ©  2013       25 April  9,  2013     What  about  Agile?   •  Agile Systems Administration •  Agile Operations •  Waterfall needs DevOps too! Release Antipatterns... http://cmbestpractices.com  ©  2013       26 April  9,  2013     13
  • 9/9/13 Release  Antipatterns   Deploying software manually l  Deploying to a production-like environment only after development is complete l  Manual configuration of production environment. l  So what really is DevOps? http://cmbestpractices.com  ©  2013       27 April  9,  2013     DevOps  is  Really...   •  Developer and Operations collaboration •  Crossfunctional team •  Knowledge Management •  Better communication Time to get rid of silos http://cmbestpractices.com  ©  2013       28 April  9,  2013     14
  • 9/9/13 What  is  Ops?   •  Blanket term •  Systems engineers •  Systems administrators •  Operations staff What's honesty got to do with all this? http://cmbestpractices.com  ©  2013       29 April  9,  2013     Agile    on  What  We  Know   •  Don't try to define requirements we do not yet understand •  Last responsible moment •  Requirements documents that are unusable Deming says, “drive out fear” http://cmbestpractices.com  ©  2013       30 April  9,  2013     15
  • 9/9/13 What  is  a  Deployment  Pipeline?   •  Build once •  Deploy the same way to every environment •  Smoke is essential •  Deploy to a copy of Production •  Manage the pipeline Environment management http://cmbestpractices.com  ©  2013       31 April  9,  2013     Deployment  Pipeline   A deployment pipeline is … an automated implementation of your application’s build, deploy, test and release process Jez Humble and David Farley’s Continuous Delivery, p 3. http://cmbestpractices.com  ©  2013       32 April  9,  2013     16
  • 9/9/13 Aim of the Pipeline •  Makes building, deploying, testing and releasing software visible to everyone involved •  Improves feedback so that problems are identified, and so resolved, as early in the process as possible •  Enables teams to deploy and release any version of their software to any environment at will through a fully automated process (p. 4) http://cmbestpractices.com  ©  2013       33 April  9,  2013     Antipatterns   •  Deploying Software Manually •  Deploying to Production-like environment only after Development is complete •  Manual Configuration of Production Environments Continuous Deployment, p. 7 – 10 http://cmbestpractices.com  ©  2013       34 April  9,  2013     17
  • 9/9/13 Agile Release Train (ART) Making each product a successful and routine event – an event that is indeed planned and eagerly anticipated yet one one that happens almost on autopilot Dean Leffingwell’s Agile Software Requirements, p. 299 http://cmbestpractices.com  ©  2013       35 April  9,  2013     How Do We Implement? Are deployment pipelines practical? How do we figure out the details? Is it worth the time and effort? What are the benefits? What are the risks? It's really all about knowledge... http://cmbestpractices.com  ©  2013       36 April  9,  2013     18
  • 9/9/13 Knowledge  Management   •  There are always a few experts •  They are not working when system glitch •  Building a Knowledge Management System •  But What if some people do not want to share? (caution silos ahead) http://cmbestpractices.com  ©  2013       37 April  9,  2013     Beware  of  Silos   •  The SAs see file systems •  The DBAs have a different view •  WebSphere Admins •  InfoSec helped us secure (so much nothing worked) DevOps is about sharing knowledge! http://cmbestpractices.com  ©  2013       38 April  9,  2013     19
  • 9/9/13 Where  did  DevOps  start?   •  O'Reilly Velocity Conference 2008 •  Web Performance and Operations •  “Infrastructure as Code” http://cmbestpractices.com  ©  2013       39 April  9,  2013     Need  for  Rapid  Change   •  2009 Presentations on developer / operations collaboration at large shops along with safe rapid change of Web environments http://cmbestpractices.com  ©  2013       40 April  9,  2013     20
  • 9/9/13 DevOps  Days   •  Patrick Debois – DevOpsDays in 2009 •  Tools (actually toolchains) have brought together “the three layers of what you need for agile movement (principles, process and practices)” http://cmbestpractices.com  ©  2013       41 April  9,  2013     Let's  Get  Into  Some  Details   •  How do we implement? •  How do we make pragmatic choices? •  How do we do this in the real world? My experience taking down NYSE http://cmbestpractices.com  ©  2013       42 April  9,  2013     21
  • 9/9/13 I  Was  Once  Accused   •  Promoting the wrong shell scripts •  Taking down the NYSE •  Stopping the World Economy Principles of Software Delivery http://cmbestpractices.com  ©  2013       43 April  9,  2013     Continuous  Delivery   •  Configuration Management focus •  Version control •  Dependency and configuration control Principles of Software Delivery http://cmbestpractices.com  ©  2013       44 April  9,  2013     22
  • 9/9/13 Software  Delivery  Principles   •  Create repeatable, reliable process •  Automate as much as possible •  If it hurts, do it more often! •  Build quality in from the beginning (Deming) any more? http://cmbestpractices.com  ©  2013       45 April  9,  2013     More  Principles   •  Done means released •  Everyone is responsible for the delivery process •  Continuous improvement •  Version control is key So what is CM? http://cmbestpractices.com  ©  2013       46 April  9,  2013     23
  • 9/9/13 Configuration  Management   •  Configuration Identification •  Status Accounting •  Change Control •  Configuration Audit Tracking and Controlling Changes to Configuration Items http://cmbestpractices.com  ©  2013       47 April  9,  2013     Configuration  Identification   •  Provides a specific and unique identity to each configuration item (e.g. binary, config file, documentation) •  Selecting the configuration items for a system and recording their functional and physical characteristics (Sevocab) http://cmbestpractices.com  ©  2013       48 April  9,  2013     24
  • 9/9/13 Status  Accounting   •  Tracking the status of a configuration item throughout its lifecycle. •  Recording and reporting of information needed to manage a configuration effectively (Sevocab) http://cmbestpractices.com  ©  2013       49 April  9,  2013     Change  Control   •  Establishing checkpoints including gatekeeping (e.g. Production, QA, UAT) and configuration control. •  Identifying, documenting, approving or rejecting, and controlling changes to the project baselines (Sevocab) http://cmbestpractices.com  ©  2013       50 April  9,  2013     25
  • 9/9/13 Configuration  Audit   •  Inspect and identify the exact version of any configuration item (physical & functional) •  Independent examination of the configuration status to compare with the physical configuration (Sevocab) http://cmbestpractices.com  ©  2013       51 April  9,  2013     Functional  description  of  CM   •  Easier to understand in the context of a lifecycle •  Consisting of six core CM functions •  Closely matches the job descriptions of the people doing the work •  Can be tailored to your needs So what are the six functions? http://cmbestpractices.com  ©  2013       52 April  9,  2013     26
  • 9/9/13 CM  Functions   •  Source Code Management •  Build Engineering •  Environment Configuration •  Change Control •  Release Engineering •  Deployment Let's start with a brief overview http://cmbestpractices.com  ©  2013       53 April  9,  2013     My  buddy  from  Harvard   •  Builds are too complex to automate •  Some folks do not want to see automation as being possible •  You may have to shadow or ask to drive •  Document the procedures and then Script your build... http://cmbestpractices.com  ©  2013       54 April  9,  2013     27
  • 9/9/13 Build  Principles   •  Create a script for each stage of the build process •  Use the right technology to deploy (find out what others are doing) •  Use your operating systems native tools http://cmbestpractices.com  ©  2013       55 April  9,  2013     More  Build  Principles   •  Idempotent – reliable and no side effects •  Evolve your deployment system incrementally •  Start with “attended automation” http://cmbestpractices.com  ©  2013       56 April  9,  2013     28
  • 9/9/13 Some  other  tips   •  Relative paths (watch your paths) •  Eliminate manual steps •  Traceability from binary to source •  Test targets should not fail the build What do I do with binaries? http://cmbestpractices.com  ©  2013       57 April  9,  2013     Managing  Binaries   •  Binaries can be rebuilt •  Based upon baselines •  Verifiable (I hope) •  Don't belong in the VCS with source •  Definitive Media Libraries •  Release Repos Managing Variants in the Code http://cmbestpractices.com  ©  2013       58 April  9,  2013     29
  • 9/9/13 Version  Control  Features   •  Provides history and security •  Model the architecture •  Reduce complexity •  Model the process More on streams http://cmbestpractices.com  ©  2013       59 April  9,  2013     Source  Code  Management   •  Control of every configuration item (e.g. source code, config, binaries, compile and runtime dependencies). •  Much more than just checkin and checkout (version control) •  Provides sanity to the development process (reduces cognitive complexity) http://cmbestpractices.com  ©  2013       60 April  9,  2013     30
  • 9/9/13 Terminology   •  Configuration items (CIs) include binaries, source code, config files and even documents •  ISO 1007 notes end user function •  Bob says, “anything where getting the wrong version would be bad” http://cmbestpractices.com  ©  2013       61 April  9,  2013     What  is  Control?   •  In CM, control is managing the evolution of a CI throughout its lifecycle •  Change Control •  Configuration Control Is control really the right word? http://cmbestpractices.com  ©  2013       62 April  9,  2013     31
  • 9/9/13 Principles   •  Code is locked down and can never be lost •  Code is baselined marking specific milestones •  Managing variants using branches •  Code changed on a branch can be merged http://cmbestpractices.com  ©  2013       63 April  9,  2013     More  Principles   •  Processes are repeatable Agile and Lean •  Traceability and tracking of all changes •  Improves productivity and quality http://cmbestpractices.com  ©  2013       64 April  9,  2013     32
  • 9/9/13 Best  Practices   •  How do we establish source code management that adheres to these principles? •  Better question is how does CM add value and help facilitate the development effort? http://cmbestpractices.com  ©  2013       65 April  9,  2013     Streams   •  Provides a clear usage paradigm •  Model components and architecture •  Control flow of changesets •  Snapshots create baseline of code http://cmbestpractices.com  ©  2013       66 April  9,  2013     33
  • 9/9/13 Streams   Ability to load a particular snapshot l  Strong security authorization and entitlements l  Complete history and traceability l  How about task based development? http://cmbestpractices.com  ©  2013       67 April  9,  2013     Defect  &  Task  Tracking     •  Track changesets to workitem •  Traceability to who made the change •  Makes release notes a breeze to create •  Ties back to requirements and test cases •  Allows for ALM and workflow automation http://cmbestpractices.com  ©  2013       68 April  9,  2013     34
  • 9/9/13 InfoSec  Scans  Code     •  Source Code Inspection •  Are coding practices creating risk? •  Are passwords being hardcoded •  Scan for complexity •  Code quality Managing globally distributed teams http://cmbestpractices.com  ©  2013       69 April  9,  2013     Globally  Distributed  team   •  Managing work for a globally distributed team •  Effective communication •  Better coordination •  Traceability •  Visibility http://cmbestpractices.com  ©  2013       70 April  9,  2013     35
  • 9/9/13 Build  on  Commit   •  Nightly builds often enough •  Build on demand •  Pre-flight (private) builds •  Build framework Tame the complexity and communicate via dashboards http://cmbestpractices.com  ©  2013       71 April  9,  2013     Deploy  to  Environment   •  Run automated tests •  Monitor the environment •  Build the Ops Knowledgebase •  Building our deployment framework Infrastructure as code http://cmbestpractices.com  ©  2013       72 April  9,  2013     36
  • 9/9/13 Infrastructure  as  Code   •  Provisioning Servers •  Fundamental in the Cloud •  What about private clouds? •  Managing the OS Puppet and chef http://cmbestpractices.com  ©  2013       73 April  9,  2013     Puppet/Chef   •  Automate provisioning, patching and configuration of operating system and application components •  Systems integration framework •  Scalable and extensible •  Used in other deployment frameworks www.puppetlabs.com www.opscode.com http://cmbestpractices.com  ©  2013       74 April  9,  2013     37
  • 9/9/13 CIS  Benchmark   •  Center for Internet Security (CIS) •  Consists of hundreds of recommended configurations •  Code is included to verify the configuration This is all about taming complexity http://cmbestpractices.com  ©  2013       75 April  9,  2013     Taming  Complexity   •  Understand the technology •  Automate everything •  Do it more often •  Move upstream •  Build a framework By the time we get to Production... http://cmbestpractices.com  ©  2013       76 April  9,  2013     38
  • 9/9/13 Build  Once   •  Build once – deploy everywhere •  Ensure bits are identical •  Build based upon baseline •  Embed immutable version IDs •  Configuration audit Automated deployments http://cmbestpractices.com  ©  2013       77 April  9,  2013     Deployment  Frameworks   •  Starts with scripting •  Many dependencies •  Taming complexities •  Test each step Traceable, Repeatable Process http://cmbestpractices.com  ©  2013       78 April  9,  2013     39
  • 9/9/13 Deploy  the  Same  Every   Environment   •  Write a deployment framework •  Practice the deploy •  Well oiled machine •  Repeatable and traceable DevOps Focus http://cmbestpractices.com  ©  2013       79 April  9,  2013     DevOps   •  Moving automation upstream •  Communicating with stakeholders •  Building knowledge •  Infrastructure as code Smoke testing is required http://cmbestpractices.com  ©  2013       80 April  9,  2013     40
  • 9/9/13 SmokeTest   •  Test the deploy itself •  Put in the first trade •  Verify what changed •  Work with QA & Testing Environments need to be similar to Production http://cmbestpractices.com  ©  2013       81 April  9,  2013     Deploy  into  Copy  of  Production   •  You need a dress rehearsal •  Need to verify automation works •  Need to know the deploy will work •  Manage risks and unknowns Deploys need to be verifiable http://cmbestpractices.com  ©  2013       82 April  9,  2013     41
  • 9/9/13 Changes  Through  the  Pipeline   •  Every commit triggers •  Build and deploy automation •  Testing the release What are the recommended practices? http://cmbestpractices.com  ©  2013       83 April  9,  2013     Pipeline  Practices   •  Only build binaries once •  Deploy the same way to every environment •  Smoke test Changes should propagate instantly continuously The process itself must be testable http://cmbestpractices.com  ©  2013       84 April  9,  2013     42
  • 9/9/13 Verification  and  Validation   •  Does it meets requirements? •  Are the requirements correct? •  Deming – build in quality •  Each step is testable When problems occur... http://cmbestpractices.com  ©  2013       85 April  9,  2013     Stop  the  Line   •  Need to detect defects early •  Stop the process immediately •  Easier to diagnose •  Easier to fix Kanban for the Deployment Pipeline http://cmbestpractices.com  ©  2013       86 April  9,  2013     43
  • 9/9/13 Kanban   •  Push •  Pull •  Implement through workflow automation Delivery Environment as an Ecosystem http://cmbestpractices.com  ©  2013       87 April  9,  2013     Delivery  Ecosystem   •  Understanding Operations •  Managing Infrastructure •  Server Provisioning & Configuration •  Managing Middleware •  Virtualization & Cloud DevOps should focus on Ops http://cmbestpractices.com  ©  2013       88 April  9,  2013     44
  • 9/9/13 Operations   •  Key stakeholder •  Often outgunned and kept in the dark •  Building a knowledgebase •  Automating detection and response How can Ops get ahead of the curve? http://cmbestpractices.com  ©  2013       89 April  9,  2013     Operations  in  DevOps   •  Infrastructure as Code •  Provisioning servers •  Monitoring the environment •  Monitoring events InfoSec is also key http://cmbestpractices.com  ©  2013       90 April  9,  2013     45
  • 9/9/13 InfoSec   •  Key stakeholder •  Often misinformed •  Policies don't secure systems •  Many incidents show this is a problem area Securing the trusted base http://cmbestpractices.com  ©  2013       91 April  9,  2013     Securing  the  Trusted  Base   •  Builds are baselined •  Version IDs are embedded •  Configuration audit •  Non-repudiation Security is quality http://cmbestpractices.com  ©  2013       92 April  9,  2013     46
  • 9/9/13 Build  Security  In   •  Security should be considered from the beginning •  Security and quality are tightly coupled •  Provision servers using standards •  Control & Detect unauthorized changes Manage components & dependencies http://cmbestpractices.com  ©  2013       93 April  9,  2013     Managing  Components   •  Code should be designed into components •  Reduces complexity •  Interfaces are essential •  Part of environment management Managing Big Builds http://cmbestpractices.com  ©  2013       94 April  9,  2013     47
  • 9/9/13 Managing  Big  Builds   •  Big builds may require multiple pipelines •  Treat the team as internal products •  Handle this as COTs Configuration can be complex http://cmbestpractices.com  ©  2013       95 April  9,  2013     Managing  Configuration   •  Many ways to handle this •  Configuration files (httpd.conf) •  Properties files (.properties) •  XML as configuration (server.xml) •  Default as production (so you don't forget!) Managing Dependencies http://cmbestpractices.com  ©  2013       96 April  9,  2013     48
  • 9/9/13 Managing  Dependencies   •  Maven and Ivy help identify dependencies •  Need to be able to identify versions •  Monitor and detect issues •  Often controlled through data But you have to test http://cmbestpractices.com  ©  2013       97 April  9,  2013     Testing  Topology   •  Unit Testing •  Functional •  Regression •  Integration •  User Acceptance What about non functional testing? http://cmbestpractices.com  ©  2013       98 April  9,  2013     49
  • 9/9/13 Non-­‐functional  Testing   •  Capacity •  Performance •  Scalability Shoemakers children... http://cmbestpractices.com  ©  2013       99 April  9,  2013     Testing  the  Pipeline   •  You need to test the automation including build, package and deployment •  Fail early! •  Trust but verify Don't forget the data http://cmbestpractices.com  ©  2013       100 April  9,  2013     50
  • 9/9/13 Internal  Audit  Requirements   •  Managing baselines •  Traceability •  Change control •  Seperation of controls Regulatory Requirements http://cmbestpractices.com  ©  2013       101 April  9,  2013     Conducting  an  Assessment   •  What is going well •  What can be improved? Assess to industry standards and frameworks http://cmbestpractices.com  ©  2013       102 April  9,  2013     51
  • 9/9/13 Regulatory   •  Section 404 of the Sarbanes-Oxley Act of 2002 •  SSAE-16 (formerly SAS-70) •  Finra •  Office of the Currency Standards and Frameworks http://cmbestpractices.com  ©  2013       103 April  9,  2013     Industry  Standards   •  IEEE 828 •  EIA 649-B •  ISO 12207 or 15288 •  ISO 9001 Frameworks also provide guidance http://cmbestpractices.com  ©  2013       104 April  9,  2013     52
  • 9/9/13 Frameworks   •  Cobit for Sox Compliance •  ITIL for IT Service Management •  CMMI (less common in financial services) http://cmbestpractices.com  ©  2013       105 April  9,  2013     Globally  Distributed  team   •  Managing work for a globally distributed team •  Effective communication •  Better coordination •  Traceability •  Visibility http://cmbestpractices.com  ©  2013       106 April  9,  2013     53
  • 9/9/13 The  CD/CI/CM  Process   •  Should be Lean •  Processes need to be reviewed •  Tailor down or tailor up •  More collaboration and consensus building •  Use standards and frameworks http://cmbestpractices.com  ©  2013       107 April  9,  2013     Assessment   •  First step is to assess current practices - “As-Is” •  Compare to industry standards and frameworks •  Determine “To-Be” •  Create a plan for improving your CM processes http://cmbestpractices.com  ©  2013       108 April  9,  2013     54
  • 9/9/13 IT  Governance  &  Compliance   •  IT Governance needs to be in alignment with corporate governance •  Financial reports needs to be accurate •  Separation of controls •  Security measures to prevent unauthorized access •  Audit in place for intrusion detection http://cmbestpractices.com  ©  2013       109 April  9,  2013     Sox  Compliance   •  Section 404 of the Sarbanes Oxley Act of 2002 •  Using ISACA Cobit 4.1 •  34 high level IT controls •  PCI compliance •  SAS-70 http://cmbestpractices.com  ©  2013       110 April  9,  2013     55
  • 9/9/13 ISO 9001 •  Establishes the quality management system •  ISO 90003 is the software standard in the 9000 family of standards •  Uses ISO 12207 (or 15288) to specify lifecycle processes •  ISO 10007 for CM •  IEEE 828, EIA 649-A, Mil Std coming! http://cmbestpractices.com  ©  2013       111 April  9,  2013     Which  Standards?   •  IEEE 828 – CM Planning •  EIA 649-A – Non compliance •  ISO 90003 to support QMS •  Full lifecycle ISO 12207 Tailor ! http://cmbestpractices.com  ©  2013       112 April  9,  2013     56
  • 9/9/13 Moving  Upstream   •  Dev to CM to QA to Ops •  Cross functional focus •  Speed up development •  Build a great deployment architecture •  Give it to Devs as a service! http://cmbestpractices.com  ©  2013       113 April  9,  2013     Frameworks   •  ITIL v3 including CMDBs, federated CMDBs, CMS, DML… •  Cobit for SOX •  CMMI ->>>> Agile http://cmbestpractices.com  ©  2013       114 April  9,  2013     57
  • 9/9/13 How  Do  We  Improve   •  CSI is well - continuous •  Inclusive •  Transparent •  Learning from mistakes Retrospectives are essential http://cmbestpractices.com  ©  2013       115 April  9,  2013     Retrospective   •  After action review •  Need open and honest evaluation •  Opportunity to improve the process •  Drives the entire release process http://cmbestpractices.com  ©  2013       116 April  9,  2013     58
  • 9/9/13 Plan  for  Improvement   •  Improve training and use case for source code management •  Improvement build automation •  Setup or improve continuous integration •  Automate package and deployment •  Create procedures for configuration audit http://cmbestpractices.com  ©  2013       117 April  9,  2013     CM/Devops   •  Flexible technical background •  Good knowledge of development •  Knowledge of QA/Ops •  Strong automation skills •  Some systems administration •  Ability to work across silos http://cmbestpractices.com  ©  2013       118 April  9,  2013     59
  • 9/9/13 Toolsmith/Devops   •  Strong technical background •  Strong scripting skills •  Diving deep into the tools including troubleshooting •  Understands toolchains and finds flexible solutions •  Process orientation – focus on traceability http://cmbestpractices.com  ©  2013       119 April  9,  2013     Goals of this Course •  Understand Continuous Delivery •  Configuration Management roots •  Control Dependencies & Configuration •  Continuous Integration •  Build and Deployment Automation •  Deployment Pipeline is an Art! Agile Release Train http://cmbestpractices.com  ©  2013       120 April 9, 2013 60
  • 9/9/13 DevOps Focus •  Understand DevOps Best Practices •  A Little History of DevOps •  Scope of DevOps and how to get started •  The People side of DevOps Establish your own plan for DevOps! http://cmbestpractices.com  ©  2013       121 April 9, 2013 And Don't Forget •  Delivery Ecosystem •  Components & Dependencies •  Test vs Verification & Validation (V&V) •  Don't forget the Data •  Establish IT governance and compliance So what is Continuous Delivery? http://cmbestpractices.com  ©  2013       122 April 9, 2013 61
  • 9/9/13 Continuous  Delivery   •  Methodology for getting software from development to release •  Focus on the Deployment Pipeline •  Rapid incremental deployment •  Minimize Risk •  Many small deployments better than big bang http://cmbestpractices.com  ©  2013       123 April  9,  2013     Continuous  Delivery  (DevOps  Best  Practices)   Bob  Aiello,  Principal  Consultant  and  Author  of   Configuration  Management  Best  Practices  :       Practical  Methods  that  Work  in  the  Real  World     http://www.linkedin.com/in/BobAiello   http://cmbestpractices.com     124 CM Best Practices Consulting © 2013 62