Automated Governance - Continous Lifecycle 2019 - Schlomo Schapiro
Report
Share
•1 like•2,493 views
Automated Governance - Continous Lifecycle 2019 - Schlomo Schapiro
•1 like•2,493 views
Report
Share
Download to read offline
Video: https://youtu.be/U4cHbXYy1FQ How to combine traditional IT governance with continuous delivery? Not At All! A highly automated continuous deployment environment creates a whole new world of challenges for companies to meet their compliance and governance requirements. Traditional - manual - processes don’t manage to keep up with quick and frequent releases. The solution to this conflict of interests is the automation of all compliance checks and the automated certification of every software delivery into production. Sounds obvious and simple, but it is difficult to implement. The talk shows how we tackle this topic at DB Systel and how we create solutions for automated compliance certification. See https://bit.ly/5pdops for more materials and the 5 DevOps Principles
Recommended
More Related Content
What's hot
What's hot(20)
Similar to Automated Governance - Continous Lifecycle 2019 - Schlomo Schapiro
Similar to Automated Governance - Continous Lifecycle 2019 - Schlomo Schapiro(20)
More from Schlomo Schapiro
More from Schlomo Schapiro(17)
Recently uploaded
Recently uploaded(20)
Automated Governance - Continous Lifecycle 2019 - Schlomo Schapiro
- 1. Automated Governance DB Systel GmbH | Schlomo Schapiro | Chief Technology Office | 12-13.11.2019 Platzhalter für Titelbild – Hier können Sie Bilder aus der Mediathek einfügen! Placeholder for title picture – You can insert here pictures from the Mediathek! Pixabay / 4423750 @schlomoschapiroThis work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License (with the exception of the stock images with copyright notice)
- 2. DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.20192 https://pixabay.com/i-3303396
- 3. Problem? What is governance? Ø Align IT strategy with business strategy Ø Make sure we have and keep rules DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.20193
- 4. 4 git ?CI CD Engineering Teams DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.2019
- 5. 5 git ?CI CD Engineering Teams Architecture & Governance Security & Compliance DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.2019
- 6. DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.20196 20/day 20 / day / team ??? We can´t check everything! We can‘t work! Challanges: • Time to Market vs. Stability? • Change Frequency vs. Risk & Security? • Governance & Compliance? • You build it – you run it? • DevOps???
- 7. 7 git ?CI CD Engineering Teams Non Functional Requirements DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.2019
- 8. 8 git ?CI CD Engineering Teams Non Functional Requirements DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.2019
- 9. 9 git ? git git CI CD Engineering Teams Governance Security DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.2019
- 10. 10 git ? git git CI CD Engineering Teams Governance Security Compliant! DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.2019
- 11. 11 git ? git git CI CD Engineering Teams Governance Security Compliant! Dev- Sec- Arc- Ops DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.2019
- 12. What is automated? Ø „operated automatically“ Ø Synonyms: automatic, laborsaving, robotic, self- acting, self-operating, self-regulating Ø Not people doing it manually DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.201912 Source: https://www.merriam-webster.com/dictionary/automated
- 13. Compliance Automation is Very Hard! DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.201913 Automation friendly? How to check?
- 14. 14 git ?CI CD Engineering Teams DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.2019
- 15. 15 git ?CI CD DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.2019 WHAT HOW Declarative Descriptions Deployment Automation Test for Compliance Test for Correctness Product Teams Platform Teams
- 16. Test for Compliance Declarative Descriptions Example DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.201916 stage_deploy: script: - ssh user@host "mkdir htdocs/_tmp" - scp -r build/* user@host:htdocs/_tmp - ssh user@host "mv htdocs/live htdocs/_old && mv htdocs/_tmp htdocs/live" - ssh user@host "rm -rf htdocs/_old" gitlab-ci.yaml stage_deploy: image: deploy_with_ssh script: config.properties gitlab-ci.yaml #!/bin/bash source "$1" ssh $TARGET "mkdir $DIR/_tmp" scp -r $SRC/* "$TARGET:$DIR/_tmp" ssh $TARGET "mv $DIR/$NAME $DIR/_old && mv $DIR/_tmp $DIR/$NAME" ssh $TARGET "rm -rf $DIR/_old" Docker Image deploy_with_ssh ENTRYPOINT TARGET=user@host SRC=build DIR=htdocs NAME=live config.properties Test for Correctness Source: https://docs.gitlab.com/ee/ci/examples/deployment/composer-npm-deploy.html
- 17. Test for Compliance Declarative Descriptions Example DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.201917 stage_deploy: script: - ssh user@host "mkdir htdocs/_tmp" - scp -r build/* user@host:htdocs/_tmp - ssh user@host "mv htdocs/live htdocs/_old && mv htdocs/_tmp htdocs/live" - ssh user@host "rm -rf htdocs/_old" gitlab-ci.yaml stage_deploy: image: deploy_with_ssh script: config.properties gitlab-ci.yaml #!/bin/bash source "$1" ssh $TARGET "mkdir $DIR/_tmp" scp -r $SRC/* "$TARGET:$DIR/_tmp" ssh $TARGET "mv $DIR/$NAME $DIR/_old && mv $DIR/_tmp $DIR/$NAME" ssh $TARGET "rm -rf $DIR/_old" Docker Image deploy_with_ssh ENTRYPOINT TARGET=user@host SRC=build DIR=htdocs NAME=live config.properties Test for Correctness Source: https://docs.gitlab.com/ee/ci/examples/deployment/composer-npm-deploy.html C ode (H ow ) Config (W hat)
- 18. Declarative Descriptions → Automated Governance DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.201918 Config Tools Cloud Formation aws cf create Kubernetes Manifest kubectl apply Swagger YAML Terraform YAML … AndroidManifest.xml … Test Strategy Static Code Analysis Linting Integration Tests Unit Tests
- 19. Declarative Descriptions → Automated Governance DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.201919 Config Cloud Formation Kubernetes Manifest Swagger YAML Terraform YAML … AndroidManifest.xml Compliance Check cfn-nag: Linting tool for CloudFormation templates K8S Admission Controller / OPA Gatekeeper zally: A minimalistic, simple-to-use API linter terraform-compliance.com . . . Tools aws cf create kubectl apply … ?CI CD Compliant! Automated Compliance Checks as Quality Gate for Deployments
- 20. Everything as code Managed Pipeline git commit Feedback-/ Improvement-Loop GitLabCI Certified Changes – Compliant by default! Certified Space AWS Azure K8S DB custom cloud services (DNS, Proxy …) DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.201920 Non Functional Requirements Automation „on the border“ to the certified space
- 21. DevOps' Seven Deadly Diseases - John Willis DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.201921 https://youtu.be/jdN3E9OwFoE https://itrevolution.com/book/devops-automated-governance-reference-architecture/
- 22. Summary: Compliant by Default! DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.201922 1. Think in Code: Build Tools 2. Craft precise policies: Easy to automate checks 3. Production is Your Certified Space 4. Every Change in Pro- duction Starts in git 5. Declarative Descriptions
- 23. Q&A DevOps bit.ly/5pdops Contact @schlomoschapiro schlomo.schapiro@ deutschebahn.com Slides go.schapiro.org/slides DB Systel Vorträge DevOps ist normal Mittwoch, 14:00 Hörsaal Arnold Schönberg DevOps im Konzern: Autonomie von DevOps Teams vs. Betriebssicherheit Donnerstag, 14:00 Hörsaal Arnold Schönberg
- 24. Vielen Dank für Ihre Aufmerksamkeit