Advertisement
Check these out next
OpenDevOps 2019 - Disconnected pipelines the missing link
Jun. 19, 2019•0 likes•269 views
2 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Download to read offline
Report
Technology
For many, the transition to DevOps starts small, in a single team or a new project and often involves pieced-together open source solutions with little to no security. To scale effectively, deploying daily, hourly or even more frequently, organizations must infuse security in all aspects of software development and deployment. Join XebiaLabs VP Product Strategy and thought leader in DevOps, Andreas Prins, as he shares market trends, disconnects, tips and techniques to incorporate security and all other disciplines into the complete DevOps lifecycle – a cura di Andreas Prins Vice President of Product Strategy for XebiaLabs
Marketing and Sales Account at Emerasoft, solutions to collaborate
Advertisement
Advertisement
Advertisement
Recommended
Disconnected Pipelines: The Missing LinkEficode
DevOps Hits Adolescence – what’s next?XebiaLabs
Enterprise DevOpsMicrosoft Visual Studio
Accelerate DevOps Transformation with App Migration to the CloudXebiaLabs
Why Serverless is scary without DevSecOps and ObservabilityEficode
Is Your DevOps Ready for the Cloud?XebiaLabs
OpenDevOps 2019 - Disconnected pipelines the missing link
- Andreas Prins VP Product Strategy Disconnected Pipelines: The Missing Link
- 2 A little background ▪ 6,5 of test consultancy ▪ Lean Consultant ▪ Agile/DevOps Coach ▪ Team manager 4 DevOps teams ▪ VP Product Development ▪ VP Product Strategy
- 3 Disconnected Pipelines: The Missing Link ▪ XebiaLabs Company and market background ▪ 3 Major impacts of the cloud, that drive the need for DevSecOps ▪ Connecting tools, delivery, and disciplines ▪ Scale it towards the enterprise
- 4 Hundreds of Companies deliver software with XebiaLabs XebiaLabs DevOps Platform providing intelligence, automation and control across the entire software delivery process Shift to the Cloud Migrate to Containers Connect all Pipelines Connect CI/CD & ITSM Improve Governance & Security SCALE DEVOPS ACROSS THE ENTERPRISE
- 5 Adoption Timeline “I lack a clear view of what’s going on in my releases.” “I need to know when there’s risk to the schedule.” “We must meet Audit and Compliance requirements.” “I need CD to fully realize the benefits of agile.” “My failure rate is too high.” “I need to enhance legacy apps & modernize my delivery process.” “I have heterogeneous applications & mainframe apps.” “We need standardization to ensure consistency & repeatability.” “Automate all the things!” “All steps & manual interactions need tracking.” “Microservices & apps with complex dependencies need to be delivered consistently.” “Public/private cloud, hybrid and on-premise all need to be standardized. We've hit a wall trying to manage everything with scripts.” “My developers need self-service.” “We need to find & eliminate bottlenecks in our process.” Dev + Ops Needs Automation Efficiency Speed Error reduction Enterprise Requirements Integrations Process Complexity Heterogeneous Systems Compliance/ Security Standardization/ Repeatability Scale Management + Business Needs Visibility/ Analytics Decision Support Risk Assessment Feedback Enterprise Adoption
- Convergence of DevOps and Cloud Monolithic N-Tier Physical Servers Virtual Servers Data Center Hosted Development Methodologies DevOps Application Architecture Application Packaging Application Infrastructure Microservices Containers Cloud Waterfall Agile Application Test Data Quarterly Refresh Monthly Refresh On-demand (within minutes)
- 7 3 Major impacts of a cloud transformation
- 8 The radical increase of the number of “pipeline runs”
- 9 The movement of: “Power to the development engineers”
- 10 The impact of corporate thinking: Multi Cloud, Distributed Risk
- 11 Be aware, 4 Disconnects that can disturb your business
- 12 Connect 1: CI/CD is going lightning fast, but at the same time, happening in the dark for many
- 13 Connect 2: So many powerful tools, so little time for integrations
- 14 Connect 3: Lack of Focus on Security and Operations Dev : Sec : Ops 100 : 1 : 10
- 15 Connect 4: Business Process of delivering value is not connected to the IT process
- 16 Building connections: an example of a a business release and and IT execution
- 17 Building connections: ITSM into Development Connect Integrate Manage & Scale Phase 1 Phase 2 Phase 3 Performance Analytics Dashboard Platform ALM Octane Performance Analytics Dashboard Platform ALM Octane
- 18 DevSecOps: CI/CD Merged with ITSM Example Pipeline with Jira, Jenkins, Sonar, Fortify, ALM, ServiceNow
- 19 DevOps: CICD Merged with ITSM Example Pipeline with Jira, Jenkins, Sonar, Fortify, ALM, ServiceNow
- 20 DevOps: CICD Merged with ITSM Example Pipeline with Jira, Jenkins, Sonar, Fortify, ALM, ServiceNow
- 21 DevOps: CI/CD Merged with ITSM Example Pipeline with Jira, Jenkins, Sonar, Fortify, ALM, ServiceNow
- 22 DevOps: CI/CD Merged with ITSM Example Pipeline with Jira, Jenkins, Sonar, Fortify, ALM, ServiceNow
- 23 OpsDev: build the framework first, to enable the engineering culture
- 24 The focus on Connected Pipelines will increase the speed of business value creation Focus on the 4 connects: ▪ Getting CI / CD out of the dark ▪ Connecting best of breed tools into the toolchain ▪ Connecting Operations and Security into the overall development chain ▪ Connecting the Business Delivery Process to the IT Delivery Process
- 25 But how to push it to enterprise scale?
- Onboarding and Scaling How to scale from one team to many… Leverage your rock stars to create standard and reusable templates Convert to blueprints so that all your teams can consume in a reliable way Ensure you leverage tools that are built for the Enterprise
- Security and Governance Bake security and governance into your pipelines, don’t include as an afterthought Strong role and permission management to ensure segregation of duties Cost controls (automated rollback, full cleanup of resources after each deploy completes) Protection of cloud resources as if they were on-premise Security checks are automatically completed in the pipeline
- Visibility and Auditability Make data available to all users/roles within the organization Manager: Visualizing pipelines Auditors: Maintaining data compliance Developer: Troubleshooting speed
- Deployment Plan Generation Deployment orchestration to all clouds Release Pipeline Orchestration All apps, all roles and all environments App Code Deployment Code Config Code Release Code Manage all Source Code Overcome Cloud DevOps Challenges Lack of Cloud Expertise Best practice templates for common cloud services Developer Experience Leverage Release Orchestration that integrates with your Developers’ favorite tools Security & Governance Bake security and governance into your pipelines Onboarding and Scaling Leverage standard templates and blueprints Visibility and Auditability Make data available for reports and audit trails Connecting all disciplines to drive value creation … … Best Practice Templates Pre-built template to deploy most common cloud services Security & Governance Security and control are standardized within the release pipelines Visibility & Auditability VSM, pipeline history, predictive info (ML), and audit control
- 30 By the focus on connecting all your disciplines, the speed and control of software delivery will increase
Editor's Notes
- A quick introduction, for those of you who may not be familiar with XebiaLabs: we’ve been part of the DevOps movement since the very early days. We’re solely focused on DevOps and Continuous Delivery and we’ve been repeatedly recognized as a leader by the top analysts in this space. You can find our customers across many of the best known and best run companies around the world. They’re in all types of industries from financial services, to retail, to manufacturing... all the way to the public sector and government agencies. As we’ve worked with these organizations, we’ve seen that many start to move toward DevOps because they have specific concerns. For example, they might be looking to move applications the cloud, or to start taking advantage of container technologies Or, maybe the most common issue that organizations need to address is how to make Continuous Integration part of the broader software delivery process And of course, most organizations have IT Service Management policies and tools in place when they start adopting DevOps practices, so they need to figure out how to get the best of both worlds from ITSM and DevOps And on top of all of this, there’s the topic we’re discussing today. Many organizations have security, compliance, and governance requirements to worry about. So, they might be looking at DevOps to accelerate software delivery, but they don’t want to introduce new security risks or compliance violations in the process. Not only that; ideally, they want to use DevOps best practices like Continuous Integration, Continuous Delivery, and automated testing to improve compliance and release software that’s more secure...
- due to the fact that the deployment units are much more and much smaller and the infrastructure is changing more rapidly.
- with the Cloud and the attached CI/CD move many choices are made by development engineers and a lot of the heavy lifting is done by them, where in the past even more operations and infrastructure specialist where involved
- Companies choose to run on multiple clouds, and have the ability to move applications across AWS, GCP and Azure.
- Lack of visibility of CI CD Variety of tools being used with lack of best practices Not aware of this is the RIGHT tool, and end up using wrong one No place to see the entire toolchain
- Some teams do, some don’t Some do in different way Devs are doing what they want to using their choice of tools and leadership is unaware of where the money is spent Hard to find - What’s workinga nd what’s not working Visible to everyone in org Some typical remarks: My IT teams work in Jenkins, and Jenkins can solve my problems We use GitLab pipelines in our Dev organization We go to the cloud we no longer need this We are transformed towards modern IT and my dev engineers take care of this
- On the journey of going to devops or already adopted devops, With the lack of ci/cd being visible to everyone, there are also so many tools that exist in the market and people are not aware of what to use? They lack standard set of practices/blueprints while working with diff tools. End up using wrong tool all the way and then not able to scale. On the other hand - Everyone is using tools of their choice and maintaining pipelines at so many different places that makes difficult to track and centrailize to show the changes. own pipeline integration in a fragmenting tools landscape. Use the tools what they are meant for – Jenkins would end up in scripting Don’t abuse the tools
- Securing the complete software delivery pipeline means testing for vulnerabilities across all of the components and stages of an application's lifecycle. DevSecOps is all about “left shift” security and compliance to save effort and rework towards the end, So its really imp to ensure sec right from the beginning of the delivery process Where Security and Speed Meet It's not surprising that the teams charged with accelerating the release rates of applications fail to bring their security counterparts to the table early enough. It's a challenge to bring these teams in, carry out all the necessary steps, and still meet deadlines. But if you ignore the security side of software delivery, you could lose everything from your customers' trust to your intellectual property. https://dzone.com/articles/delivering-security-and-speed-the-3-core-principle?utm_medium=feed&utm_source=feedpress.me&utm_campaign=Feed:%20dzone%2Fdevops
- Feature is in ideation phase Goes to dev teams Along the release process, more people get involved From more to less technical people in the release process and more disjoint in the release as they all live in their own tool ecosystem. CENTRALIZE all the tool chains One tool to fit all How to track cost benefits of diff processes and tools Report on data through out the delivery process with single source of truth
- 3 Step Go-to-Customer approach (see slides) Collaborate & Integrate: Connect Ops to Dev Integrate Jira, Jenkins, Git etc via XL Release to the Servicenow Change Management solution. With this the connection is there, the insights are there… Orchestrate & Automate: Servicenow shift left via XebiaLabs Because XL Release already orchestrates and automates CICD, get’s all pipeline data in our system, we can push this valuable data into ServiceNow. We will do this for a couple of teams or one business domain. With this ServiceNow doesn’t fight Jira but will be on top of them. Jira doesn’t own all pipeline data, neither does Jenkins, XL Release does. Manage & Scale: Scale through the Enterprise We scale the solution though the entire organization of IT and Business. With this the Servicenow footprint will increase heavily and the C-level people have the E2E insights in what is happening in their organization.
- Cloud Security - Cloud platforms provided shared responsibility… meaning they give you the tools, but you implement.
Advertisement