Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DOES SFO 2016 - Topo Pal - DevOps at Capital One

2,072 views

Published on

In my previous years’ talks at DevOps Enterprise Summit, I spoke about starting and scaling of DevOps at Capital One; importance of Open Source, Open Technology and Innovations in DevOps.

This year, I will present Capital One’s journey of maturing in DevOps and Continuous Delivery. My presentation will cover our current areas of focus: Delivery Pipeline, Flow and Measurements. I will also share some of the problems we faced and what we did to solve them.

Published in: Technology
  • Be the first to comment

DOES SFO 2016 - Topo Pal - DevOps at Capital One

  1. 1. DevOps at Capital One Focusing on Pipeline and Measurement
  2. 2. @TopoPal
  3. 3. @TopoPal Capital One  Millions of accounts  One of the largest Digital Banks  #1 Information Week’s Elite 100  ~ 20 years old
  4. 4. @TopoPal Different DNA  Build our own software  Build on public cloud  MicroServices  Open Source  DevOpsSec and Continuous Delivery
  5. 5. @TopoPal • Enterprise Architecture • DevOpsSec Strategy Owner • DevOps Evangelist • Shared Technology Group • Product Manager of Continuous Delivery Tools Platform • DevOps Evangelist • Core Contributor and Community Manager of Hygieia Personal Journey
  6. 6. @TopoPal
  7. 7. @TopoPal • Waterfall • Manual Build • Manual Deployment • Manual Test • Data Center • Closed Source First • Agile • Automated Build • Automated Deployment • Automated Test • Public Cloud • Open Source First Agile & DevOps Transformation Journey
  8. 8. @TopoPal Mostly Out-Sourced Mostly In-Sourced Agile & DevOps Transformation Journey Vertical Silos Product Team Dev, Ops, QA, RM Engineers
  9. 9. @TopoPal  DOES 2014 Building out Automation steps  DOES 2015 Scaling DevOps, Open Source, Cloud, Innovation  DOES 2016 Measure, Improve, Mature
  10. 10. @TopoPal Typical DevOps Success Story Code Commit Random 100s /day Deployment Prod Manual Automated Integration Monthly 15 mins QA, Perf Monthly 4 / day Monthly/Quarter ly Once / sprint Testing Manual Automated
  11. 11. @TopoPal 2016 What’s in your pipeline?
  12. 12. @TopoPal http://www.devopsdays.org
  13. 13. @TopoPal Deliver High Quality Working Software Faster
  14. 14. @TopoPal Deliver High Quality Working Software Faster • Across LOBs, Shared Services and 3rd Parties • Tested end-to-end • All dependencies are satisfied • How fast? ASAP?
  15. 15. @TopoPalhttps://upload.wikimedia.org/wikipedia/commons/c/c8/Can_We_Do_it_Better_or_Faster...We_Want_Your_Ideas_-_NARA_-_534240.jpg
  16. 16. @TopoPal
  17. 17. @TopoPal Feb 8, 1700 — March 17, 1782 Daniel J. Bernoulli
  18. 18. @TopoPal Constrict flow, Increase Speed, Lessen Pressure https://www.khanacademy.org/science/physics/fluids/fluid-dynamics/a/what-is-volume-flow-rate
  19. 19. @TopoPal Commit Deploy
  20. 20. @TopoPal http://www.netuba.org/
  21. 21. @TopoPal https://en.wikipedia.org/wiki/Oil_refinery
  22. 22. @TopoPal https://commons.wikimedia.org/wiki/File:US_Navy_060906-N-8257O- 026_Damage_Controlman_1st_Class_Petty_Officer_Derrick_Harney_assists_his_students_in_repairing_a_broken_pipeline_during_the_hands_on_patch_training_p ortion_of_the_Damage_Control_Wet_Trainer.jpg
  23. 23. @TopoPal • Design • Measure • Improve Pipeline
  24. 24. @TopoPal Pipeline Design
  25. 25. @TopoPal Pipeline must have 16 gates Source code version control Optimum branching strategy Static analysis > 80% Code coverage Vulnerability scan Open source scan Artifact version control Auto provision Immutable servers Integration testing Performance testing Build, Deploy, Testing automated for every commit Automated Change Order Zero downtime release Feature Toggle
  26. 26. @TopoPal Pipeline Measurement
  27. 27. @TopoPal https://devops-research.com/
  28. 28. @TopoPal https://devops-research.com/ https://github.com/capitalone/Hygieia
  29. 29. @TopoPal Increase Speed = Reduce Wait Time
  30. 30. @TopoPal Opportunities • Branching Strategy • Process
  31. 31. @TopoPal Pipeline Improvement Improve Branching
  32. 32. @TopoPal Branching • We recommend “Trunk based” development. • Other option:
  33. 33. @TopoPal Pipeline Improvement Improve Process • Automate Release Process • Revisit Audit & Compliance
  34. 34. @TopoPal Risks are real • Intentional damage • Unintentional damage • Untested code in production But…. There is a better way
  35. 35. @TopoPal Hypothesis • DevOpsSec & CI/CD provide better controls • A model with ~30 practices can satisfy audit and compliance • If everything is source code, no one needs access to production • For emergency, “Break Glass”
  36. 36. @TopoPal Result Production Release 1+ / dayOnce / sprint # of Applications with Release Automation: 20+ Max. # of Releases in 1 day for 1 Application: 34 With “Segregation of Duties”
  37. 37. @TopoPal Goal Release Automation without classic “Segregation of Duties”
  38. 38. @TopoPal Coming Soon to Open Source • A secure & compliant pipeline model • A forked and enhanced version of “LGTM”
  39. 39. @TopoPal
  40. 40. @TopoPal Thank You!

×