DevOps-driving-blind

2,599
-1

Published on

DevOps and Agile Can Feel Like You Are Driving Blind...And Maybe We Are.

Published in: Technology, Business
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,599
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
71
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Does DevOps have to choose to S-I-N-K the rich history Traditional IT?
    Work in Hidden Pockets / Exploratory side ventures
    Set a New Global Standard / Net-New or Restart (Boil the Ocean?)
    Can DevOps choose to S-Y-N-C established IT practice and get a different outcome?
    Work with IT to Optimize single-tracks of innovation / Set-up Hybrid Pilots (A/B Testing)
    Coordinate a Global effort of a Collaborative and Silo Integrated IT organization?
    What are the trade-offs with either decision?
    Technical Debt, Cultural baggage, Throwing good money at bad investments?
    Adjusting expectation and the reward systems
    Is there an ROI? – Or a Risk / Benefits Assessment?
  • Brief Waterfall is a sequential design process in which progress is seen as flowing steadily downwards through the phases
    The waterfall development model originates in the manufacturing and construction industries: highly structured physical environments in which after-the-fact changes are prohibitively costly, if not impossible. Since no formal software development methodologies existed at the time, this hardware-oriented model was simply adapted for software development.
  • Active sonar uses a sound transmitter and a receiver. When the two are in the same place it is monostatic operation. When the transmitter and receiver are separated it is bistatic operation.
    Active sonar creates a pulse of sound, often called a "ping", and then listens for reflections (echo) of the pulse. This pulse of sound is generally created electronically using a sonar projector consisting of a signal generator, power amplifier and electro-acoustic transducer/array.
  • Build quality in at the beginning, and listen for feedback all the way to the end
    Project-flows:
    every check-in,
    Unit Test, functional tests
    User acceptance tests and performance
    Build (success or failure) and staged auto release effort
    Service-Flow:
    All repackaging activity, performance data, disruptions, Ops scripting practices…
    Service Desk (education), request surges, complaints, concerns, etc.
    Business-flows:
    User adoption (or abandonment), Efficiency gains/revenue, ROI
    Sustainability costs, transition to common services/blended resources, reusable/competitive advantage potential….
  • More evidence that a solution is badly needed:
    46 mill downloads of insecure versions of the 31 most popular security libraries and frameworks, etc.
    18k organizations have downloaded a Struts version with a “severe” security flaw.
    4k organizations using an older version of Struts that can easily be exploited with a simple HTTP request (can even be done from a mobile phone).
    +++
    More metrics:
    96% of attacks were not highly difficult. 79% of breach victims were targets of opportunity. 2012 Verizon Business data breach investigations report.
    The cost of cybercrime will increase 10% per year through 2016 due to continuing discovery of new vulnerabilities. Gartner Top 2012 predictions.
    2011 cost of a data breach was $219 per record. Ponemon study.
    59% of developers and close to half of security practitioners state their company has experienced between 1-10 data breaches over the past 24 months due to compromised or hacked applications. Ponemon Study 2012.
    81% indicate data risks have increased over the past 3 years. AppSecInc and Unisphere 2011 study.
    58% of software susceptible to large scale attacks. Veracode state of software report 2010.
    12% of security personnel say all of their organization’s applications meet regulations for privacy, data protection and information security. 15% of developers feel the same way. Ponemon 2012.
    Average cost due to lost business following a breach is $3MM in the US. Ponemon 2012
    Close to half (44%) of the developers surveyed stated there is absolutely no collaboration between their development organization and the security organization when it comes to application security. Ponemon 2012.
    56% of IT auditors report their organizations are actively investing to reduce security risks, software quality, or intellectual property risk. Security highest at 24%. ISACA webinar survey 2012.
  • New Vulnerability Discovery: Proactive discovery of new vulnerabilities for existing components
    Enterprise-wide View: New violation summary by threat level provides enterprise visibility
    First Step to Resolution: Actionable remediation allows new vulnerabilities to be fixed quickly
    Here is an example of how the CLM is integrated into the repository manager and build / CI systems.. This example shows Nexus, but Sonatype is taking a tools agnostic approach and will support other repo managers as well as other IDEs, CI systems, etc.
    This particular example show license, security and policy information.
  • Global and Long-term VISIBILITY
    - Helping Developers the are NEW or Separated by distance or time
    - Find assets, feedback, guidance, peers and insightful data quickly…
    - Example: Code composition, problem discovery, change, historic success or knowledgeable peers
    Real-time and Adaptive CONTROLS
    - Help organizations to find, remove and avoid vulnerabilities (bugs and liabilities) early; - Reduce delays related to
    - QA, Build failures, Open Source distribution, - Deployment surprises, Ops Services disruptions, Change incompatibilities, Service Desk surges - or Repetitive “design” frustrations by business users an/or Customers…
    - Enable policies coordinated with Dev, Ops, security or business related teams.
    Transparent and Traceable designs for FAST-FIX
    - Help organizations leverage responsive SWARM efforts and PROACTIVE replace strategies
    - Increase efficiencies in response to learning opportunities, business disruptions and for change/risk impact
    - Creating learn-once frameworks to help with remediation efforts that benefits global teams
  • Build quality in at the beginning, and listen for feedback all the way to the end
    Project-flows:
    every check-in,
    Unit Test, functional tests
    User acceptance tests and performance
    Build (success or failure) and staged auto release effort
    Service-Flow:
    All repackaging activity, performance data, disruptions, Ops scripting practices…
    Service Desk (education), request surges, complaints, concerns, etc.
    Business-flows:
    User adoption (or abandonment), Efficiency gains/revenue, ROI
    Sustainability costs, transition to common services/blended resources, reusable/competitive advantage potential….
  • DevOps-driving-blind

    1. 1. Driving Blind with Confidence! Paul Peissner – DevOps Enthusiast – Agile Advocate @PaulPeissner - Paul@Peissner.com
    2. 2. DevOps… Sink IT or Sync IT
    3. 3. DevOps…It’s About the Software Potential In Your Business! Opportunity – Does software have the potential to improve your business? Challenge – Has traditional IT or Software Development been too slow? Internally – Can teams do more with less / Can business get more from IT? Externally – Are there new technologies that simplify & improve efforts? Risks – Can new technology address scale, security or evolution? Return – Can business leverage global velocity and quality to grow! 4
    4. 4. Enterprise Software Before Agile & DevOps… Betting on a software process was like a horserace bet without knowing the horse, race details or the person with a tip. People do get lucky, but it’s not a good strategy! Software processes, like horses, come in all shapes and sizes. Some software teams are disadvantaged before they even start a project. Instead of driving blind with your Software processes, you should determine if you have a modern team with advantages, or not!
    5. 5. What does AGILE DEVELOPMENT Have to do with BUSINESS STRATEGIES
    6. 6. See my DevOps Flat-IT Fixing Slides Enterprise IT – Then Legacy IT: Traditional processes (and legacy infrastructure) don’t really scale in fast changing markets $ Cost Center IT 1M+ Code lines 1K+ Developers 100+ Features Manual handoffs Competitive Silos 2-3 Year cadence Now how do I Itell him Now how do tell him we need to increase we need to increase production by 3000% production by 3000% by next week? by next week?
    7. 7. See my DevOps Flat-IT Fixing Slides Enterprise IT – Then and Now Legacy IT: $ 1M+ Code lines 1K+ Developers 100+ Features Manual handoffs Competitive Silos 2-3 Year cadence 1-3 Y ears with Legacy Modern IT: 10’s of Code lines 5-7 Developers 3-7 Features Auto-deploy / Cloud Collaborative IT 2-6 Week cadence 6 DevOps Projects – Agile & Micro Apps - Auto-Deploy & Cloud - Simplified IT – Services Sprints with Automation 2-6 weeks
    8. 8. See my DevOps Swimming Lane Slides Transforming the Enterprise M oving from…Mega - Complex - Silos… with isolated decision-making and internally competitive teams “You can’t buy a culture transformation, it is hard work from within the organization” Dr. Ahmed Sidky Moving to…Micro - Simple - Cross-discipline… with shared decision-making, ownership, standards and automation With Agile and DevOps… “the differences between a developer and operations engineer is becoming less visible and will eventually dissolve.” DevOps-Pivoting Beyond Pockets, Kamal Manglani
    9. 9. While We Are Not “THERE” yet… You M ay Be Closer Than You Think!
    10. 10. A Model: For IT Transformation Discussions Sonar
    11. 11. Wikipedia: A Helpful Sonar Visual Image… 9
    12. 12. A Practical Sonar User Story… Driving blind… …Moving forward with agility and speed... …Pinging and listening for obstacles… …”Reacting” appropriately to the echo/feedback! 10
    13. 13. Project Example: Dev Pings (Activity) & Echoes (Feedback) ALM’s historic siloed core-value 11
    14. 14. Sonar Model: Agile and Project-DONE Cross-discipline (Dev/QA) - Collaboration & Feedback Drives Project Velocity & Quality What drives your high “velocity and quality” efforts to “PROJECT-DONE”? Scrum, Kanban, Lean, XP – Culture, Process and Technology (tools) 12
    15. 15. The Good-News and Bad-News about fast moving Agile projects
    16. 16. A Sea Change in Software Development Agile Good News: Fast-moving, Leveraging Heavy Reuse… Written & Delivered 14 agile-fast!
    17. 17. An Ecosystem at Risk Agile Bad News: Fast-moving, Leveraging Heavy Reuse… In One Year… 15
    18. 18. M ore Agile Bad News: Compounding Ecosystem Realities 16
    19. 19. Agile Transformations: Don’t Forget Your Code and Tools Accelerated Micro-projects need controls and feedback for global Code decisions Global and Long-term Visibility Real-time and Adaptive Controls Transparent and Traceable Fast-Fix 17
    20. 20. Agile Development: Post-Project Feedback
    21. 21. Agile Development: DevOps More Agile Good-News… Agile teaches Development teams and processes to collaborate, listen and adapt…quickly! DevOps is simply an extension of Agile principles across the IT teams, technologies, tools and system flows… collaborating, listening, adapting-globally and over-time!
    22. 22. Sonar Model: Agile & DevOps Velocity – Operationally DONE Cross-discipline (Dev & Ops) – Deploy Collaboration Drives Product Velocity CI CD Deploy CI CD 20 Continuous Integration - Test Driven Dev – Test Automation – QA Collaboration… Continuous Delivery - Deployment Automation - Application Release Automation…
    23. 23. Sonar Model: DevOps & Business Quality – Business DONE Apps live long after Agile teams can break-up – Feedback Drives Product Quality Agile Project Cadence DevOps and Business Feedback data How can Agile projects remain connected to Ops and Business feedback to benefit future Agile Development? 21
    24. 24. Sonar Model: Does Agile Store Dev Feedback & Knowledge? DevOps and Business data Can DevOps and Business feedback be tied to an Agile System with long-term memory and real-time global visibility? 22
    25. 25. Product Example: DevOps/Business Feedback Drives Quality Adding PPM -like functionality can improve corporate visibility, business & cost alignment. Is that DevOps too? 23
    26. 26. Sonar Model: Cont. Improvement – A Business Advantage The only “real” sustainable competitive advantage is the ability to learn faster than the competition. - Peter Senge
    27. 27. Iterative Agile & DevOps: Adapting with long-tail feedback Feedback (Formal or Informal) Artifacts (Formal or Informal)
    28. 28. A Continuous Evolution of Projects, Products and Business Dev & Code / Dev & Test / Dev & Ops / Dev & Business Users / Dev & Bus. Strategy Continuous Improvement The Feedback-loops & system practices will keep EVOLVING create a continuous improvement environment with competitive business advantages. 26
    29. 29. DevOps Eco-Systems: Conversations & System Flows The SOFIA test 27 (for culture & technology) - Speedy - Open - Flexible - Integrated - Accountable
    30. 30. DevOps: The 4 Pillars of Corporate Transformation 1) Align the Dev Systems - to the adoption of Agile and improve project velocity and quality 2) Optimize processes flows - leverage deployment automation to improve product velocity 3) Create a system of Continuous Improvement - feedback from Ops, Business and Corp. planning to improve product quality 4) Protect IP & Identify areas with Competitive Advantages - leverage data and feedback to adapt and improve the business
    31. 31. Questions? Managing software will always have an element of driving blind. The Sonar model lets you drive forward with a lot more confidence! DevOps = Business Agility Your Competitive Advantage!

    ×