More Related Content

Similar to OpenDevOps 2019 - Disconnected pipelines the missing link(20)


More from Emerasoft, solutions to collaborate(20)


OpenDevOps 2019 - Disconnected pipelines the missing link

  1. Andreas Prins VP Product Strategy Disconnected Pipelines: The Missing Link
  2. 2 A little background ▪ 6,5 of test consultancy ▪ Lean Consultant ▪ Agile/DevOps Coach ▪ Team manager 4 DevOps teams ▪ VP Product Development ▪ VP Product Strategy
  3. 3 Disconnected Pipelines: The Missing Link ▪ XebiaLabs Company and market background ▪ 3 Major impacts of the cloud, that drive the need for DevSecOps ▪ Connecting tools, delivery, and disciplines ▪ Scale it towards the enterprise
  4. 4 Hundreds of Companies deliver software with XebiaLabs XebiaLabs DevOps Platform providing intelligence, automation and control across the entire software delivery process Shift to the Cloud Migrate to Containers Connect all Pipelines Connect CI/CD & ITSM Improve Governance & Security SCALE DEVOPS ACROSS THE ENTERPRISE
  5. 5 Adoption Timeline “I lack a clear view of what’s going on in my releases.” “I need to know when there’s risk to the schedule.” “We must meet Audit and Compliance requirements.” “I need CD to fully realize the benefits of agile.” “My failure rate is too high.” “I need to enhance legacy apps & modernize my delivery process.” “I have heterogeneous applications & mainframe apps.” “We need standardization to ensure consistency & repeatability.” “Automate all the things!” “All steps & manual interactions need tracking.” “Microservices & apps with complex dependencies need to be delivered consistently.” “Public/private cloud, hybrid and on-premise all need to be standardized. We've hit a wall trying to manage everything with scripts.” “My developers need self-service.” “We need to find & eliminate bottlenecks in our process.” Dev + Ops Needs Automation Efficiency Speed Error reduction Enterprise Requirements Integrations Process Complexity Heterogeneous Systems Compliance/ Security Standardization/ Repeatability Scale Management + Business Needs Visibility/ Analytics Decision Support Risk Assessment Feedback Enterprise Adoption
  6. Convergence of DevOps and Cloud Monolithic N-Tier Physical Servers Virtual Servers Data Center Hosted Development Methodologies DevOps Application Architecture Application Packaging Application Infrastructure Microservices Containers Cloud Waterfall Agile Application Test Data Quarterly Refresh Monthly Refresh On-demand (within minutes)
  7. 7 3 Major impacts of a cloud transformation
  8. 8 The radical increase of the number of “pipeline runs”
  9. 9 The movement of: “Power to the development engineers”
  10. 10 The impact of corporate thinking: Multi Cloud, Distributed Risk
  11. 11 Be aware, 4 Disconnects that can disturb your business
  12. 12 Connect 1: CI/CD is going lightning fast, but at the same time, happening in the dark for many
  13. 13 Connect 2: So many powerful tools, so little time for integrations
  14. 14 Connect 3: Lack of Focus on Security and Operations Dev : Sec : Ops 100 : 1 : 10
  15. 15 Connect 4: Business Process of delivering value is not connected to the IT process
  16. 16 Building connections: an example of a a business release and and IT execution
  17. 17 Building connections: ITSM into Development Connect Integrate Manage & Scale Phase 1 Phase 2 Phase 3 Performance Analytics Dashboard Platform ALM Octane Performance Analytics Dashboard Platform ALM Octane
  18. 18 DevSecOps: CI/CD Merged with ITSM Example Pipeline with Jira, Jenkins, Sonar, Fortify, ALM, ServiceNow
  19. 19 DevOps: CICD Merged with ITSM Example Pipeline with Jira, Jenkins, Sonar, Fortify, ALM, ServiceNow
  20. 20 DevOps: CICD Merged with ITSM Example Pipeline with Jira, Jenkins, Sonar, Fortify, ALM, ServiceNow
  21. 21 DevOps: CI/CD Merged with ITSM Example Pipeline with Jira, Jenkins, Sonar, Fortify, ALM, ServiceNow
  22. 22 DevOps: CI/CD Merged with ITSM Example Pipeline with Jira, Jenkins, Sonar, Fortify, ALM, ServiceNow
  23. 23 OpsDev: build the framework first, to enable the engineering culture
  24. 24 The focus on Connected Pipelines will increase the speed of business value creation Focus on the 4 connects: ▪ Getting CI / CD out of the dark ▪ Connecting best of breed tools into the toolchain ▪ Connecting Operations and Security into the overall development chain ▪ Connecting the Business Delivery Process to the IT Delivery Process
  25. 25 But how to push it to enterprise scale?
  26. Onboarding and Scaling How to scale from one team to many… Leverage your rock stars to create standard and reusable templates Convert to blueprints so that all your teams can consume in a reliable way Ensure you leverage tools that are built for the Enterprise
  27. Security and Governance Bake security and governance into your pipelines, don’t include as an afterthought Strong role and permission management to ensure segregation of duties Cost controls (automated rollback, full cleanup of resources after each deploy completes) Protection of cloud resources as if they were on-premise Security checks are automatically completed in the pipeline
  28. Visibility and Auditability Make data available to all users/roles within the organization Manager: Visualizing pipelines Auditors: Maintaining data compliance Developer: Troubleshooting speed
  29. Deployment Plan Generation Deployment orchestration to all clouds Release Pipeline Orchestration All apps, all roles and all environments App Code Deployment Code Config Code Release Code Manage all Source Code Overcome Cloud DevOps Challenges Lack of Cloud Expertise Best practice templates for common cloud services Developer Experience Leverage Release Orchestration that integrates with your Developers’ favorite tools Security & Governance Bake security and governance into your pipelines Onboarding and Scaling Leverage standard templates and blueprints Visibility and Auditability Make data available for reports and audit trails Connecting all disciplines to drive value creation … … Best Practice Templates Pre-built template to deploy most common cloud services Security & Governance Security and control are standardized within the release pipelines Visibility & Auditability VSM, pipeline history, predictive info (ML), and audit control
  30. 30 By the focus on connecting all your disciplines, the speed and control of software delivery will increase

Editor's Notes

  1. A quick introduction, for those of you who may not be familiar with XebiaLabs: we’ve been part of the DevOps movement since the very early days. We’re solely focused on DevOps and Continuous Delivery and we’ve been repeatedly recognized as a leader by the top analysts in this space. You can find our customers across many of the best known and best run companies around the world. They’re in all types of industries from financial services, to retail, to manufacturing... all the way to the public sector and government agencies. As we’ve worked with these organizations, we’ve seen that many start to move toward DevOps because they have specific concerns. For example, they might be looking to move applications the cloud, or to start taking advantage of container technologies Or, maybe the most common issue that organizations need to address is how to make Continuous Integration part of the broader software delivery process And of course, most organizations have IT Service Management policies and tools in place when they start adopting DevOps practices, so they need to figure out how to get the best of both worlds from ITSM and DevOps And on top of all of this, there’s the topic we’re discussing today. Many organizations have security, compliance, and governance requirements to worry about. So, they might be looking at DevOps to accelerate software delivery, but they don’t want to introduce new security risks or compliance violations in the process. Not only that; ideally, they want to use DevOps best practices like Continuous Integration, Continuous Delivery, and automated testing to improve compliance and release software that’s more secure...
  2. due to the fact that the deployment units are much more and much smaller and the infrastructure is changing more rapidly.
  3. with the Cloud and the attached CI/CD move many choices are made by development engineers and a lot of the heavy lifting is done by them, where in the past even more operations and infrastructure specialist where involved
  4. Companies choose to run on multiple clouds, and have the ability to move applications across AWS, GCP and Azure.
  5. Lack of visibility of CI CD Variety of tools being used with lack of best practices Not aware of this is the RIGHT tool, and end up using wrong one No place to see the entire toolchain
  6. Some teams do, some don’t Some do in different way Devs are doing what they want to using their choice of tools and leadership is unaware of where the money is spent Hard to find - What’s workinga nd what’s not working Visible to everyone in org Some typical remarks: My IT teams work in Jenkins, and Jenkins can solve my problems We use GitLab pipelines in our Dev organization We go to the cloud we no longer need this We are transformed towards modern IT and my dev engineers take care of this
  7. On the journey of going to devops or already adopted devops, With the lack of ci/cd being visible to everyone, there are also so many tools that exist in the market and people are not aware of what to use? They lack standard set of practices/blueprints while working with diff tools. End up using wrong tool all the way and then not able to scale. On the other hand - Everyone is using tools of their choice and maintaining pipelines at so many different places that makes difficult to track and centrailize to show the changes. own pipeline integration in a fragmenting tools landscape. Use the tools what they are meant for – Jenkins would end up in scripting Don’t abuse the tools
  8. Securing the complete software delivery pipeline means testing for vulnerabilities across all of the components and stages of an application's lifecycle. DevSecOps is all about “left shift” security and compliance to save effort and rework towards the end, So its really imp to ensure sec right from the beginning of the delivery process Where Security and Speed Meet It's not surprising that the teams charged with accelerating the release rates of applications fail to bring their security counterparts to the table early enough. It's a challenge to bring these teams in, carry out all the necessary steps, and still meet deadlines. But if you ignore the security side of software delivery, you could lose everything from your customers' trust to your intellectual property.
  9. Feature is in ideation phase Goes to dev teams Along the release process, more people get involved From more to less technical people in the release process and more disjoint in the release as they all live in their own tool ecosystem. CENTRALIZE all the tool chains One tool to fit all How to track cost benefits of diff processes and tools Report on data through out the delivery process with single source of truth
  10. 3 Step Go-to-Customer approach (see slides) Collaborate & Integrate: Connect Ops to Dev Integrate Jira, Jenkins, Git etc via XL Release to the Servicenow Change Management solution. With this the connection is there, the insights are there… Orchestrate & Automate: Servicenow shift left via XebiaLabs Because XL Release already orchestrates and automates CICD, get’s all pipeline data in our system, we can push this valuable data into ServiceNow. We will do this for a couple of teams or one business domain. With this ServiceNow doesn’t fight Jira but will be on top of them. Jira doesn’t own all pipeline data, neither does Jenkins, XL Release does. Manage & Scale: Scale through the Enterprise We scale the solution though the entire organization of IT and Business. With this the Servicenow footprint will increase heavily and the C-level people have the E2E insights in what is happening in their organization.   
  11. Cloud Security - Cloud platforms provided shared responsibility… meaning they give you the tools, but you implement.