This document summarizes the cloud journey of Scania Connected Services. It discusses how Scania moved to microservice architectures and autonomous teams to enable continuous delivery of 30+ deploys per day (up from 2-3 deploys per year previously). It also outlines how Scania organized its engineering teams between feature teams and delivery engineering teams to support over 1000 engineers. Finally, it discusses the rules of play and roles needed to operate securely in the cloud at scale, including centralizing some services while empowering feature teams.
10. Deploy frequency
• 2015
– Agile teams
• 12 deploys per year
• 2016
– Autonomous Teams
• Continuous Delivery
• 30+ deploys per day
• 2011
– Software projects
• 2-3 in parallel
• 3 deploys per year
1. Microservice Architecture
2. Trust and courage from
management
Continuous Integration
13. Version Control
Pull & Push several
times a day
Continuous
Integration
Server Target Servers
(Dev, Staging, Prod)
Version Everything
Code
Tests
Configuration
Database
Pipeline
Infrastructure
10 minutes
Deploy
Orchestrator
Reliable changes must also include Infrastructure
TO TRUNK!!
Infrastructure
14. • No really good answer… but reality for us today is
− No acceptance test environment with a “known state”
− Favour automated tests within individual services
− Not the combination between them
− Versioning of APIs
− Never introduce a braking change
− Make a new version and deprecate the old one
− Feature Toggling for gracefully rollout
− Monitoring has (partly) been a substitution for traditional testing
− Limit WIP and having zero downtime deployments increases QA
14
How to ensure QA with Microservices?
17. Cloud – Return on Investment
Resistance
Legacy
Education
Value
benefits of
cloud
18. 18
Organize for 1000+ Engineers
Corporate IT
Cloud Adoption
Delivery Engineering DE DE DE
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
FeatureTeam
Max 30 feature teams per DE team
(very dependent on DevOps maturity
and willingness)
20. 1. Enabling feature teams to iterate as fast as possible
2. Cloud on-boarding and education
3. Core infrastructure
− Networking, IAM, DNS, …
4. Automation tooling
5. Security awareness
− Automated audits to Security Lead
− Security Compliance Validator (cfn_nag)
6. Cost awareness
− Billing reports to Cloud Lead
20
Delivery Engineering teams mission
21. • Version Control
• Audit logs
• Cloud account management
• Rules of Play in cloud
21
What to centralize?
24. 24
Rules of Play in the Cloud
DEV
AdministratorAccess
Access resources via bastion
Test data only
Manual exploration
PROD
ReadOnlyAccess
No bastion
Customer data
Security Compliance Validator
Automated deployments only
The cloud first decision (Q3 2016) was crucial for our cloud movement.
No more ShadowOps!
Moved from software projects to agile teams and continuous integration.
Even with continuous integration and agile teams it is hard to maintaine a big codebase
Also about 4 times more check-ins with the microservice architecture.
Code review is your security gate. Not a QA or an ISec department.