Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Quality assurance in dev ops and secops world

178 views

Published on

This talk focused on how the quality assurance practices need to be seen in different view when the software delivery is done in DevOps and SecOps Approach. SecOps stands for Security Operations. I will talk about the practices like Architecture and Infrastructure readiness , Quality Assurance / Security Assurance and Test Quality Assurance in the pipeline, Dev and Ops Collaboration, Quantitative analysis of the Continuous Delivery System , Periodic Assessment for System Refactoring Pattern, Causal Analysis feedback (Defects, Problems Learning) to CD System.

Published in: Engineering
  • Be the first to comment

  • Be the first to like this

Quality assurance in dev ops and secops world

  1. 1. Prepared by : Anish Cheriyan, Director, Huawei Prepared By Anish Cheriyan, Director, Huawei Technologies
  2. 2. Topics • DevOps & SecOps • Practices in Detail • Summary
  3. 3. Background • Application & Embedded Development. • Network Management System • Protocol Stack
  4. 4. Traditional Quality Assurance Gated Approach for Quality Assurance Requirem ent Design Coding Unit Test Functiona l Testing includes ities Independ ent V&V Launch
  5. 5. DevOps DevOps is a set of practices intended to reduce the time between committing a change to a system and the change being placed into normal production, while ensuring high quality
  6. 6. Security Picture Courtesy: http://threatgeek.typepad.com/.a/6a0147e41f3c0a97 0b01a73dba51f6970d-pi ‘To err is human, to really screw up you need root password’
  7. 7. SecOps SecOps built into the Deployment Pipeline. Dev & Ops Collaborate and ensure desired level of Security Picture Courtesy: http://threatgeek.typepad.com/.a/6a0147e41f3c0a97 0b01a73dba51f6970d-pi
  8. 8. Case Study • Consider and CRM System which uses a Modeling tool to automate the business processes. • The system which has two key parts-Workflow Engine and Workflow Modeling tool (UI) team . Workflow Engine works based on the rule engine. Modeling Tool uses the Engine. Total team size is around 60. • What are factors you will consider to designing your Continuous Delivery Architecture.
  9. 9. Short Feedback Loops DevOps Delivery Deploym ent Picture Coutesy: https://www.flickr.com/photos/
  10. 10. •Requirement documentation at right granularity •OPS Perspective- deployability, modifiability, monitoribility Requirements Picture Coutesy: https://www.flickr.com/photos/libramano/9372711893/
  11. 11. . Architecture Readiness for CD- deployability, modifiability, monitoribility , testability . Continuous Delivery Architecture . Build Pipeline Architecture Picture Coutesy: https://www.flickr.com/
  12. 12. Infrastructure Readiness •Environment Provisioning based on customer requirement analysis (OPS) •Right Tool Usage (VM, Container like Docker etc) for the respective requirement
  13. 13. Build Pipeline http://blog.xebialabs.com/2016/02/09/how-ing-increased-software-deployments-to-twice-a-day/continuous-deployment-pipeline/
  14. 14. SystemArchitecture L1 CIArhitecture L2 DeploymentPipeline L3 C1 C2 C3 M1 C1 Continuous Integration System C2 Continuous Integration System C3 Continuous Integration System C1 Deployment Pipeline C2 Deployment Pipeline C3 Deployment Pipeline Hierarchical Approach for CD and DevOps
  15. 15. Quality Assurance in the Pipeline Inspectio n /Static QA Test QA Security Assuranc e Configura tion QA 'ities' Assuranc e
  16. 16. Inspection/Static QA Simian Rules for managing the rules
  17. 17. Test QA Read at : http://www.thinkinginagile.com/2015/07/agile-testing-practices-mapped-to.html
  18. 18. Security Assurance Static/Dyna mic Analysis (Fortify, Coverity) Scanning (Nessus, Nmap) Security Test (Threat Model) Attack
  19. 19. Configuration QA • Single Source Repository for all items • Build Script Quality (abstraction, modularization, coding guidelines) (Automatic or manual way)
  20. 20. Analysis of the Build Pipeline Build Private Build Version Build Function Build ities Build Deploym ent Build Build 01 Pass Pass Fail Fail Fail Build 02 Pass Pass Pass Fail Fail Build 03 Pass Pass Fail Fail Fail Build 04 Pass Pass Pass Fail Fail Build 05 Pass Pass Fail Fail Fail Build 06 Pass Pass Fail Fail Fail Build 07 Pass Pass Fail Fail Fail
  21. 21. Test your Deployment pipeline Repea tabilit y Perfor mance Reliabi lity Recov erabili ty Intero perabil ity Testabi lity Modifi ability
  22. 22. Cross Cutting Collaboration
  23. 23. Summary • Continuous attention to technical excellence and good design enhances agility • Lets Build Quality & Security into the deployment pipeline
  24. 24. Thank You @anishcheriyan www.anishcheriyan.com

×