SpringOne Platform 2016
Speaker: Dave Ehringer; Technical Director, Platforms, Liberty Mutual
With Pivotal Cloud Foundry and Spring, application groups within Liberty Mutual have experienced a dramatic reduction in time required to bring ideas to the market and developed the flexibility to move applications between clouds based on business need. In this session, Liberty Mutual will share their experiences instating CI/CD and share best practices they picked up along the way.
14. #TechAtLiberty
But what does this mean to me as a
developer?
The only way to get into Cloud Foundry is through LibertyForge pipelines
The primary API for the platform is version control and pipelines
14
18. #TechAtLiberty
Bridging the Divide Between the Traditional
World and Cloud Native
Build for and operate within a cloud native environment
But co-exist with legacy in a diverse ecosystem
18
20. #TechAtLiberty
Standard Change: A change that is recurrent, well known, has been
proceduralized to follow a pre-defined, relatively risk-free path, and is the accepted
response to a specific requirement or set of circumstances, where the authority is
effectively given in advance of implementation
20
Hi, my name is David Ehringer. I’m a Director of Platforms and Product within the Enterprise Technology Service group at Liberty Mutual.
Today I’m going to be sharing some of our story about how we’ve been able to embrace continuous delivery principles combined with Pivotal Cloud Foundry to fundamentally transform the way we build and run software
If you are doing DevOps, you are involving these groups from the start.
Engrained process and culture
Everything built around risk management. But one of the biggest risks is disappearing.
Liberty Mutual is large global insurer founded in 1912. We have over 50,000 employees with operations in 30 countries and economies. We are the third largest property and casualty insurer in the U.S.
A culture of helping our customers, acting responsibly. Liberty also deeply values its employees. Great place to work. Proud to be a Liberty employee. This history and culture is a huge assets.
At the same time, our technology capabilties are one of our biggest assets as well. We are the “best tech secret” out there.
And while so much focus in the tech industry is on the latest and greatest startups, and that the strereotype is often that insurance companies are very traditional and slow moving, I can tell you first hand that Liberty Mutual is super exciting place to work and things actually move incredibly quickly.
Tech Wise:
Hackathons
Contributing to open source
Opening sourcing Liberty projects
Re-envisioned our workspaces
We are the “best tech secret” out there.
-------------------
Liberty Mutual’s mission is to help people preserve and protect what they earn, build, own and cherish. Keeping this promise means we are there when our policyholders throughout the world need us most.
We began our operations in Boston, Massachusetts in 1912. Today Liberty Mutual is a diversified insurer with operations in 30 countries and economies around the world. We are the third largest property and casualty insurer in the U.S. based on 2014 direct premium written as reported by the National Association of Insurance Commissioners.
Liberty Mutual is ranked 78th on the Fortune 100 list of largest corporations in the U.S. based on 2014 revenue. As of December 31, 2015, we have $121.707 billion in consolidated assets, $102.466 billion in consolidated liabilities, and $37.617 billion in annual consolidated revenue.
Liberty Mutual employs more than 50,000 people in approximately 900 offices throughout the world, and we offer a wide range of insurance products and services, including personal automobile, homeowners, accident & health, commercial automobile, general liability, property, surety, workers compensation, group disability, group life, specialty lines, reinsurance, individual life and annuity products.
Does not include our rapiding expanding presence in multiple public cloud providers across 5 regions
AWS: us-east-1, ap-southeast-2 and eu-west-1, us-west-2
Azure: North Central US (Chicago)
As a new employee on my first day, I should be able to be given a link to forge.lmig.com and by the end of the day have built and deployed an app to the cloud.
One of our most important metrics is how long does it take to get feedback.
Done in the middle of the afternoon
We’re also trying to make this the simplest path to production
How you run "stuff" in the cloud can't be disconnected from your delivery process
LF: encompasses idea through the grave and everything in between
Product management:
Pipelines
Agile Dev Tools
Open source community
PCF deployed across 3 domestic datacenters and 1 AWS region. 2 additional AWS regions coming online later this year. In each location there are two platform
You have 100% visibility into everything that
You know exactly what is running in any environment
Everything is immutable so you don’t have to worry about drift
Transparency can make developers and other nervious. Afraid of what might happen if people see the build failing or a deployment not being successful
Deployments include:
Blue/green deployments w/ smoke tests
Notification of APM/monitoring provider of new version of app
Standard change creation (production)
Database migrations (or other relevant changes)
RBAC built into platform and managed across pipelines and PCF
The only way to get into Cloud Foundry is through LibertyForge pipelines
Your applications are 100% immutable
Only start/stop/restart actions available for operations
Leverage the platform logging, monitoring, and other operational services
Cloud Foundry manifest files for declarative configuration
Git push
Pipeline blueprints teams can use directly or build upon
Services have a lifecycle
Our patterns are experimental at this point
Some service brokers don’t have a “idepmpotent,” declarative parameters format
Multi-tenancy
Provides standard network egress access by default. Allows for non-standard to be requested and approved through an automated process
Combined with firewalls and AWS security groups
Business unit hierarchy, non-prod vs. prod, security categories: internal vs. external
Automatically follows your application at you deploy to different locations
Tooling to support debugging of connectivity issues
Have a v1 of our security group services we’ve been running for a little over a year. Looking to iterate to a v2 that more formally establishes the “policy” concept.
Teams can select logging provider
We abstract details of endpoints and connectivity
Also provide log enrichment and ensure RBAC is applied
Because pipelines tend to follow blueprints and end up looking very similar, you can often pursue standard changes at a portfolio level.
Helping make this mainstream
Enabling developer self-service
Attacking the cycle time of idea to production
Applying to entire cloud ecosystem
Helping make this mainstream
Enabling developer self-service
Attacking the cycle time of idea to production
Applying to entire cloud ecosystem