A discussion of concepts regarding scaling DevOps from single teams to enterprise scale

1. Scaling DevOps To The Enterprise
Benjamin Wootton
@benjaminwootton

4. Development Team 1
Development Team 2
Development Team 3
Development Team 4
Development Team 5
Development Team 6 - Mobile
Development Team 7 - Vendor
Monitoring Team
Middleware Team
App Support Team 1
App Support Team 2
DBA Team
Network Team
Wintel Team
Unix Team
Infrastructure

7. • DevOps is about improving the
collaboration between the traditionally
siloed development and operations
functions (and indeed other areas within
the IT function)
• DevOps is an extension of agile software
development principles. Agile as very
development focussed, but often moved
the bottleneck downstream

8. Scaling DevOps
Implications For People &
Teams

9. DeveloperDeveloper Developer Tester Tester Sysadmin DBA App Support
Agile Team
Cross Functional Dev/Ops Team

10. Product Aligned Dev/Ops Team
Product Aligned Dev/Ops Team
Product Aligned Dev/Ops Team “DevOps Team”
The DevOps team are
responsible for the path to
production.
Tips to make DevOps team a
success:
• Enable other teams
• Don’t become a silo
• Coaching and training
• Reference Architecture
• Automate relentlessly
• Self service for product
aligned teams
Developers Testers IT Ops
Developers Testers IT Ops
Developers Testers IT Ops

11. UnixMiddlewareDBANetwork
X-Functional Dev/Ops TeamX-Functional Dev/Ops TeamX-Functional Dev/Ops Team
Platform Services Team
Dev/Ops:
Development:
Operations:
Traditional IT Operations becomes even smaller, more technology aligned.
Deep specialism retained, providing optimised building blocks.
These engineers become more application
aligned, helping the appplication teams
release their code quickly and efficiently
Incredibly important that these people don’t
become a silo that drive
Dev and Ops further apart. They enable rather
than do work on behalf of delivery teams.

12. Product Aligned Dev/Ops Team
Developers Testers IT Ops
Continuous Delivery
Pipeline
Platform As A Service
(Container Based)
Leverage
Lean
Collaborative
Portable
Cloud Based

13. Training
Evangelism
Enablement
Hiring
Enablement
Working with teams in a dual
delivery and upskilling capacity to
raise their own capability.
Hiring
Bringing in new skills with a
specific aim to upskill people in
DevOps approaches.
Training
Online and classroom based
training to teach people about
higher level or technical concepts
Evangelism
Exposing our people to industry
best practices and modern
approaches related to DevOps
01
02
03
04
Cultural Change, Coaching, Learning & Upskilling

14. Scaling DevOps
Implications For Your
Application Portfolio

16. HighLow
Low
High
RateOfChange
Cost Of Change
TBC
TBC
TBC
GTL
TBC
TBC
TBC
TBC
DevOps In The Legacy Estate
• Rate of change
• Cost of change
• Current maturity
• Cost of remediation
=
Business Case

20. Scaling DevOps
Rigour & Business Case

21. CultureOrganisational
Design
PEOPLE
Collaboration
Physical
Environment
FederationSkills
PEOPLE PEOPLE
PEOPLEPEOPLE PEOPLE
PEOPLEPEOPLE PEOPLE
Retention
Incentives
Recruitment

22. 67.00
45.00 55.00 53.00
80.00
49.00
66.00 70.00
45.00 49.00
45.00
55.00
13.00
66.00
35.00 98.00
44.00
55.00
49.00
58.00
68.00
75.00
43.00
90.00
45.00
80.00
18.00
70.00
50.00
60.00
0.00
50.00
100.00
150.00
200.00
250.00
Team A Team B Team C Team D Team E Team F Team G Team H Team I Team J
DevOps Maturity Score
People Process Technology
0
5
10
15
20
25
30
1 2 3 4 5 6 7 8 9 10 11
DevOps Maturity
Team A Team B Team C

23. Technology– Operate & Improve
People –Organisational Design
Technology– Test & Deploy
Technology– Design & Buld
Process – Agile & Lean Maturity Process – Engineering Best Practices
Process – Ways of Working
People - Culture
People –Skills, Recruitment & Retention

26. Scaling DevOps
Raising Security With
DevSecOps

27. Developer
ArtifactoryStatic Analysis
Dynamic
Analysis
Security
Tests
Build
Export
Package
Development
Trigged via Jenkins
Maintains secure versioned
packages
Security & Control Points In Pipeline
DevOps Team With Segregation Of Duty
Developer Deployment
Engineer
Production
Engineer

29. This example will identify any code that tries to mount disk volumes. If code is
identified, it will be audited and then workflow can control the action of this
deviation to standards.
Example - Static Code Analysis

30. Example – PCI Compliance
PCI 2.3 - Encrypt all non-console administrative access such as browser/Web-based management tools.
rules ’PCI 2.3 – Confirm telnet port not available'
rule on run_control
when
name = 'should be listening'
resource_type = 'port'
resource_name = '23'
status != 'success'
then
audit:error("PCI 2.3 - Encrypt all non-console
administrative access such as browser/Web-based
management tools.")
notify("security-team@financialcorp.com", "A
machine is listening for connections on port
23/telnet!")
end
end
RuleControl
controls 'port compliance' do
control port(23) do
it "has nothing listening"
expect(port(23)).to_not
be_listening
end
end
end

31. Example – SOX Compliance
SOX Section 302.4.B – Establish verifiable controls to track data access.
rules 'force key based auth'
rule on run_control
when
name = 'is disabled'
resource_type = 'File'
resource_name = '/etc/ssh/sshd_config'
status = 'failed'
then
audit:error("SOX Section 302.4.B – Establish
verifiable controls to track data access.")
notify(‘security-team@financialcorp.com’, "A
machine has password login enabled!")
end
end
RuleControl
controls 'password authentication' do
control file('/etc/ssh/sshd_config') do
it "is disabled”
expect(file('/etc/ssh/sshd_config')).to_not
match(/^s*PasswordAuthentications+yes/i)
end
end
end

32. Acheving This With A DevOps
Assessment & Strategy

33. CultureOrganisational
Design
PEOPLE
Collaboration
Physical
Environment
FederationSkills
PEOPLE PEOPLE
PEOPLEPEOPLE PEOPLE
PEOPLEPEOPLE PEOPLE
Retention
Incentives
Recruitment

36. Want to know more about Enterprise DevOps?
www.contino.io
Benjamin.Wootton@contino.io
@benjaminwootton