Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Automated Governance - Continous Lifecycle 2019 - Schlomo Schapiro

194 views

Published on

How to combine traditional IT governance with continuous delivery? Not At All!

A highly automated continuous deployment environment creates a whole new world of challenges for companies to meet their compliance and governance requirements. Traditional - manual - processes don’t manage to keep up with quick and frequent releases.

The solution to this conflict of interests is the automation of all compliance checks and the automated certification of every software delivery into production. Sounds obvious and simple, but it is difficult to implement.

The talk shows how we tackle this topic at DB Systel and how we create solutions for automated compliance certification.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Automated Governance - Continous Lifecycle 2019 - Schlomo Schapiro

  1. 1. Automated Governance DB Systel GmbH | Schlomo Schapiro | Chief Technology Office | 12-13.11.2019 Platzhalter für Titelbild – Hier können Sie Bilder aus der Mediathek einfügen! Placeholder for title picture – You can insert here pictures from the Mediathek! Pixabay / 4423750 @schlomoschapiroThis work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License (with the exception of the stock images with copyright notice)
  2. 2. DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.20192 https://pixabay.com/i-3303396
  3. 3. Problem? What is governance? Ø Align IT strategy with business strategy Ø Make sure we have and keep rules DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.20193
  4. 4. 4 git ?CI CD Engineering Teams DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.2019
  5. 5. 5 git ?CI CD Engineering Teams Architecture & Governance Security & Compliance DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.2019
  6. 6. DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.20196 20/day 20 / day / team ??? We can´t check everything! We can‘t work! Challanges: • Time to Market vs. Stability? • Change Frequency vs. Risk & Security? • Governance & Compliance? • You build it – you run it? • DevOps???
  7. 7. 7 git ?CI CD Engineering Teams Non Functional Requirements DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.2019
  8. 8. 8 git ?CI CD Engineering Teams Non Functional Requirements DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.2019
  9. 9. 9 git ? git git CI CD Engineering Teams Governance Security DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.2019
  10. 10. 10 git ? git git CI CD Engineering Teams Governance Security Compliant! DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.2019
  11. 11. 11 git ? git git CI CD Engineering Teams Governance Security Compliant! Dev- Sec- Arc- Ops DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.2019
  12. 12. What is automated? Ø „operated automatically“ Ø Synonyms: automatic, laborsaving, robotic, self- acting, self-operating, self-regulating Ø Not people doing it manually DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.201912 Source: https://www.merriam-webster.com/dictionary/automated
  13. 13. Compliance Automation is Very Hard! DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.201913 Automation friendly? How to check?
  14. 14. 14 git ?CI CD Engineering Teams DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.2019
  15. 15. 15 git ?CI CD DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.2019 WHAT HOW Declarative Descriptions Deployment Automation Test for Compliance Test for Correctness Product Teams Platform Teams
  16. 16. Test for Compliance Declarative Descriptions Example DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.201916 stage_deploy: script: - ssh user@host "mkdir htdocs/_tmp" - scp -r build/* user@host:htdocs/_tmp - ssh user@host "mv htdocs/live htdocs/_old && mv htdocs/_tmp htdocs/live" - ssh user@host "rm -rf htdocs/_old" gitlab-ci.yaml stage_deploy: image: deploy_with_ssh script: config.properties gitlab-ci.yaml #!/bin/bash source "$1" ssh $TARGET "mkdir $DIR/_tmp" scp -r $SRC/* "$TARGET:$DIR/_tmp" ssh $TARGET "mv $DIR/$NAME $DIR/_old && mv $DIR/_tmp $DIR/$NAME" ssh $TARGET "rm -rf $DIR/_old" Docker Image deploy_with_ssh ENTRYPOINT TARGET=user@host SRC=build DIR=htdocs NAME=live config.properties Test for Correctness Source: https://docs.gitlab.com/ee/ci/examples/deployment/composer-npm-deploy.html
  17. 17. Test for Compliance Declarative Descriptions Example DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.201917 stage_deploy: script: - ssh user@host "mkdir htdocs/_tmp" - scp -r build/* user@host:htdocs/_tmp - ssh user@host "mv htdocs/live htdocs/_old && mv htdocs/_tmp htdocs/live" - ssh user@host "rm -rf htdocs/_old" gitlab-ci.yaml stage_deploy: image: deploy_with_ssh script: config.properties gitlab-ci.yaml #!/bin/bash source "$1" ssh $TARGET "mkdir $DIR/_tmp" scp -r $SRC/* "$TARGET:$DIR/_tmp" ssh $TARGET "mv $DIR/$NAME $DIR/_old && mv $DIR/_tmp $DIR/$NAME" ssh $TARGET "rm -rf $DIR/_old" Docker Image deploy_with_ssh ENTRYPOINT TARGET=user@host SRC=build DIR=htdocs NAME=live config.properties Test for Correctness Source: https://docs.gitlab.com/ee/ci/examples/deployment/composer-npm-deploy.html C ode (H ow ) Config (W hat)
  18. 18. Declarative Descriptions → Automated Governance DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.201918 Config Tools Cloud Formation aws cf create Kubernetes Manifest kubectl apply Swagger YAML Terraform YAML … AndroidManifest.xml … Test Strategy Static Code Analysis Linting Integration Tests Unit Tests
  19. 19. Declarative Descriptions → Automated Governance DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.201919 Config Cloud Formation Kubernetes Manifest Swagger YAML Terraform YAML … AndroidManifest.xml Compliance Check cfn-nag: Linting tool for CloudFormation templates K8S Admission Controller / OPA Gatekeeper zally: A minimalistic, simple-to-use API linter terraform-compliance.com . . . Tools aws cf create kubectl apply … ?CI CD Compliant! Automated Compliance Checks as Quality Gate for Deployments
  20. 20. Everything as code Managed Pipeline git commit Feedback-/ Improvement-Loop GitLabCI Certified Changes – Compliant by default! Certified Space AWS Azure K8S DB custom cloud services (DNS, Proxy …) DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.201920 Non Functional Requirements Automation „on the border“ to the certified space
  21. 21. DevOps' Seven Deadly Diseases - John Willis DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.201921 https://youtu.be/jdN3E9OwFoE https://itrevolution.com/book/devops-automated-governance-reference-architecture/
  22. 22. Summary: Compliant by Default! DB Systel | Schlomo Schapiro | @schlomoschapiro | 13-14.11.201922 1. Think in Code: Build Tools 2. Craft precise policies: Easy to automate checks 3. Production is Your Certified Space 4. Every Change in Pro- duction Starts in git 5. Declarative Descriptions
  23. 23. Q&A DevOps bit.ly/5pdops Contact @schlomoschapiro schlomo.schapiro@ deutschebahn.com Slides go.schapiro.org/slides DB Systel Vorträge DevOps ist normal Mittwoch, 14:00 Hörsaal Arnold Schönberg DevOps im Konzern: Autonomie von DevOps Teams vs. Betriebssicherheit Donnerstag, 14:00 Hörsaal Arnold Schönberg
  24. 24. Vielen Dank für Ihre Aufmerksamkeit

×