Optimizing the Ops in DevOps

382 views

Published on

As DevOps practices have been put into wide use, it's become evident that developers and operations aren't merging to become one discipline. Nor is operations simply going away. Rather, DevOps is leading software development and operations - together with other practices such as security - to collaborate and coexist with less overhead and conflict than in the past.
In his session at @DevOpsSummit at 19th Cloud Expo, Gordon Haff, Red Hat Technology Evangelist, will discuss what modern operational practices look like in a world in which applications are more loosely coupled, are developed using DevOps approaches, and are deployed on software-defined, and often containerized, infrastructures - and where operations itself is increasingly another "as a service" capability from the perspective of developers.
How does the operations tool chest change? How does the required skill set differ? How are the interactions between operations and other IT and business organizations different from in the past? How can operations provide the confidence to the entire organization that this new pipeline is still delivering non-functional requirements such as regulatory compliance and a secure and certified operating environment? How does operations safely consume vendor and upstream dependencies while meeting developer desires for the latest and greatest?
Operations is more important than ever for a business to derive value from its IT organization. But the roles and the goals of operations are significantly different than they were historically.

Published in: Software
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
382
On SlideShare
0
From Embeds
0
Number of Embeds
260
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Optimizing the Ops in DevOps

  1. 1. OPTIMIZING THE OPS IN DEVOPS GORDON HAFF Technology Evangelist, Red Hat Cloud Expo Silicon Valley 3 November 2016
  2. 2. DevOps
  3. 3. FOCUS ON CLOUD-NATIVE APPLICATION ARCHITECTURES ● Single-function units owned by a team ● Bounded context ● Communicate through lightweight APIs Source: PWC
  4. 4. FOCUS ON IMPROVED AND LESS ISOLATED DEVELOPER WORKFLOWS ● Collaboration ● CI/CD ● Issue tracking ● Source code control ● Code review ● IDE ● xPaaS Source: Mike McGarr, Netflix
  5. 5. AN OPPOSING VIEW "I want to change my job because there is this horrible concept of "pager duty" or "oncall". Where the developer has to be ready for any issues that may occur. Are most software jobs like this? Is this a norm? Where can I find software development positions without such concepts?" Anonymous Quora user
  6. 6. WE ALSO TALK ABOUT CULTURE A LOT ● Empathy ● Trust ● Learning ● Cooperation ● Responsibility
  7. 7. DevOps BUT WHAT ABOUT THE OPS IN DEVOPS?
  8. 8. DevOps Biz Sec
  9. 9. A FABLE FOR DEVOPS
  10. 10. NO OPS? (OR IS IT EVOLVED DEVOPS?) "We have built tooling that removes many of the operations tasks completely from the developer, and which makes the remaining tasks quick and self service. There is no ops organization involved in running our cloud, no need for the developers to interact with ops people to get things done, and less time spent actually doing ops tasks than developers would spend explaining what needed to be done to someone else." Adrian Cockroft, Netflix, 2012
  11. 11. FOCUS ON PROVIDING CORE SERVICES AND GETTING OUT OF THE WAY ● Deploy a modern container platform ● Enable automated developer workflows ● Mitigate risk and automate security
  12. 12. MODERN PLATFORM
  13. 13. NEW CLOUD PLATFORM NEEDS What? Why? Scale-out to meet highly elastic service requirements Scale-up is not flexible or scalable enough to meet changing business needs Software-defined everything Software functions running on standardized hardware increase flexibility Focused on applications composed of loosely-coupled services Large monolithic applications are fragile and can’t be updated quickly Enable lightweight iterative software development and deployment Modern applications are often short-lived and require frequent refreshes/replacements
  14. 14. COMPREHENSIVE CLOUD-NATIVE INFRASTRUCTURE Physical hardware Container orchestration Container-optimized Linux Container/ services Container/ services Container/ services Container/ services Container/ services Container/ services Hybrid cloud management Developertooling Software-defined compute, storage, and networking Public clouds
  15. 15. OPENSTACK SOFTWARE-DEFINED INFRASTRUCTURE
  16. 16. MAKING CONTAINERS USEFUL: ECOSYSTEM AND DEFACTO STANDARDS 1 Open Container Initiative (OCI) 2 Cloud Native Computing Foundation (CNCF)
  17. 17. OPERATED AT SCALE • Different aspects of scale: • Large scale workloads • Diverse workloads (batch and services) • Complex resource management (QoS, latency sensitivity, etc.) • Focus on lightweight containerized instances • Orchestration and resource management
  18. 18. HYBRID MANAGEMENT SERVICES SERVICE AUTOMATION Complete lifecycle and operational management that allows IT to remain in control. POLICY & COMPLIANCE Deploy across virtualization, private cloud, public cloud and container-based environments. UNIFIED HYBRID MANAGEMENT Draws on continuous monitoring and deep insights to raise alerts or remediate issues. Streamline complex service delivery processes, saving time and money. OPERATIONAL VISIBILITY
  19. 19. AUTOMATED DEVELOPER WORKFLOWS
  20. 20. BUILD A PIPELINE
  21. 21. LOTS OF TOOLS FOR THE PIPELINE gerrit
  22. 22. TRACK AND VALIDATE THIRD-PARTY TOOLS AND COMPONENTS
  23. 23. MITIGATE RISK AUTOMATE SECURITY
  24. 24. TRADITIONAL SECURITY What we did The problem Code audited for current compliance New vulnerabilities constantly discovered and exploited with no opportunity for rapid remediation. Applications and systems deployed on “secured” platform There is no perimeter. Largely relied on checklists, written processes, and manual actions Limited throughput and prone to errors. “Patch Tuesdays” last all month. Primarily an end-of-process checkpoint Security is such a bottleneck!
  25. 25. DevSecOps ● Build on the mindset that "everyone is responsible for security" ● It’s the practice of building security into development processes ● Security as code ● Flips security from a defensive to an offensive posture that is both automated and constant
  26. 26. BAKE IN SECURITY AND ASSURANCE ● Components built from source code using a secure, stable, reproducible build environment ● Careful selection, configuration, and security tracking of packages ● Automated analysis and enforcement of security practices ● Active participation in upstream and community involvement ● Thoroughly validated vulnerability management process
  27. 27. INTEGRATED SECURITY "Our goal as information security architects must be to automatically incorporate security controls without manual configuration throughout this cycle in a way that is as transparent as possible to DevOps teams and doesn't impede DevOps agility, but fulfills our legal and regulatory compliance requirements as well as manages risk. " DevSecOps: How to Seamlessly Integrate Security Into DevOps Gartner. DevSecOps: How to Seamlessly Integrate Security Into DevOps. September 2016. G00315283
  28. 28. AUTOMATING SECURITY CONFIGURATION ERRORS MISSINGPATCHES CODINGMISTAKE HUMAN ERROR BAD OPSEC
  29. 29. SECURING CONTENT EXAMPLE: CONTAINERS A validated supply chain helps ensure use of tested and patched software.
  30. 30. AN OPEN HYBRID CLOUD JOURNEY Hybrid policy & management Data, workflow, & API integration Automation Software-defined infrastructure Legacy modernization Self-service & flexibility Optimized virtualization Cloud migration Orchestrated container platform DevOps tooling Mobile Open Innovation Labs Secured software supply chain
  31. 31. CREDITS Dev: Nelson Pavlosky/flickr under CC http://www.flickr.com/photos/skyfaller/113796919/ Ops: Leonardo Rizzi/flickr under CC http://www.flickr.com/photos/stars6/4381851322/ Rainbows and Unicorns: http://kaigumo.deviantart.com/art/Unicorns-Fart-Rainbows-3-151273843 Piggy bank: https://www.flickr.com/photos/marcmos/3644751092 Stop: https://www.flickr.com/photos/r_grandmorin/6922697037
  32. 32. THANK YOU plus.google.com/+RedHat linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHatNews
  33. 33. TRADITIONAL SECURITY What we did Code audited for current compliance Applications and systems deployed on “secured” platform Largely relied on checklists, written processes, and manual actions Primarily an end-of-process checkpoint
  34. 34. TRUSTED CONTAINER CONTENT "From a security and governance perspective, trusting the container image is a critical concern throughout the software development lifecycle. Ensuring that images are signed and originate from a trusted registry are solid security best practices. " 5 keys to conquering container security, Amir Jerbi, Infoworld 4 August 2016 http://www.infoworld.com/article/3104030/security/5-keys-to-docker-container-security.html
  35. 35. NoOps? "This is part of what we call NoOps. The developers used to spend hours a week in meetings with Ops discussing what they needed, figuring out capacity forecasts and writing tickets to request changes for the datacenter. Now they spend seconds doing it themselves in the cloud." Adrian Cockroft, Netflix, 2012
  36. 36. BACK TO ADRIAN " We have built tooling that removes many of the operations tasks completely from the developer, and which makes the remaining tasks quick and self service. There is no ops organization involved in running our cloud, no need for the developers to interact with ops people to get things done, and less time spent actually doing ops tasks than developers would spend explaining what needed to be done to someone else. " Adrian Cockroft, Netflix, 2012
  37. 37. Strategies for sourcing software Wild West Go ahead and grab it! Blacklist Is it from a known bad source? Whitelist Is it a known good source? Digitally signed/securely delivered Rapid updates for vulnerabilities Repeatable release processes
  38. 38. THE MOVE TO HYBRID INFRASTRUCTURES BRINGS ADDITIONAL MANAGEMENT CHALLENGES APPLICATION ARCHITECTURE INFRASTRUCTURE PLATFORM OPERATIONAL MODEL OPERATIONAL CHALLENGES Traditional Applications Virtualization Operational Automation Orchestration Automation Private Cloud Scalable Applications Public Cloud SaaS and PaaS Cloud Native Service Brokering Containers Microservices Self-service Automated provisioning Lifecycle management Root cause analysis Performance and capacity management Hybrid Management Policy compliance Quota enforcement Chargeback
  39. 39. WHAT DEFINES A MODERN PLATFORM? ● Built through collaborative innovation in Linux and other open source communities ● Composed of integrated core software services ● Open container format, runtime, and orchestration ● Focused on large distributed system scale points
  40. 40. THE NEEDED MANAGEMENT SERVICES SERVICE AUTOMATION Complete lifecycle and operational management that allows IT to remain in control. POLICY & COMPLIANCE Deploy across virtualization, private cloud, public cloud and container-based environments. UNIFIED HYBRID MANAGEMENT Draws on continuous monitoring and deep insights to raise alerts or remediate issues. Streamline complex service delivery processes, saving time and money. OPERATIONAL VISIBILITY
  41. 41. OPERATIONAL VISIBILITY CHALLENGES Systems that are not being utilized should be retired to reclaim resources. Budgets are tight. We have to make sure that we are utilizing our systems efficiently. Tracking problems across infrastructure layers can be a challenge. I’ve got to project infrastructure usage out into the future for planning purposes. CHALLENGES LIFECYCLE MANAGEMENT ROOT-CAUSE ANALYSIS CAPACITY MANAGEMENT RESOURCE OPTIMIZATION
  42. 42. OPERATIONAL VISIBILITY WITH HYBRID MANAGEMENT We now have complete lifecycle management: provisioning, reconfiguration, deprovisioning, and retirement. Automatic resource optimization intelligently places VMs and offers right-sizing recommendations. I can drill-down through infrastructure layers to determine the root cause. Resource tracking and trending aids in capacity and what-if scenario planning. CHALLENGES LIFECYCLE MANAGEMENT ROOT-CAUSE ANALYSIS CAPACITY MANAGEMENT RESOURCE OPTIMIZATION

×