Comprehensive overview of using Test Driven Development (TDD), Behavior Driven Development (BDD), Continuous Integration (CI), Continuous Delivery (CD), Development Operations (DevOps), and Development Operations Security (DevOpsSec). Describes the current global environment, basic lean and agile principles, and the evolution of Microservices. From there, a detailed deep-dive of TDD, BDD, CI, CD, DevOps, and DevOpsSec principles and practices ensues. Closes by identifying key DevOps tool automation ecosystems/pipelines, metrics, case studies, return on investment (ROI)/business cases, implementation roadmaps, adoption statistics, leadership insights, and a summary. Contains a lot of helpful data for constructing DevOps strategic business cases as well as tactical implementation strategies (while not ignoring essential elements such as microservices, containerization, and application security).
1. Business Value of
CI, CD, & DevOpsīSecīŊ
Scaling Up to Billion User Global Systems of
Systems Using END-TO-END AUTOMATION &
CONTAINERIZED DOCKER UBUNTU IMAGES
Dr. David F. Rico, PMP, CSEP, FCP, FCT, ACP, CSM, SAFE, DEVOPS
Twitter: @dr_david_f_rico
Website: http://www.davidfrico.com
LinkedIn: http://www.linkedin.com/in/davidfrico
Agile Capabilities: http://davidfrico.com/rico-capability-agile.pdf
Agile Cost of Quality: http://www.davidfrico.com/agile-vs-trad-coq.pdf
DevOps Return on Investment (ROI): http://davidfrico.com/rico-devops-roi.pdf
Daveâs NEW Business Agility Video: http://www.youtube.com/watch?v=hTvtsAkL8xU
Daveâs NEWER Scaled Agile Framework SAFe 4.5 Video: http://youtu.be/1TAuCRq5a34
Daveâs NEWEST Development Operations Security Video: http://youtu.be/X22kJAvx44A
DoD Fighter Jets versus Amazon Web Services: http://davidfrico.com/dod-agile-principles.pdf
2. Author Background
ī¯ Govât contractor with 35+ years of IT experience
ī¯ B.S. Comp. Sci., M.S. Soft. Eng., & D.M. Info. Sys.
ī¯ Large govât projects in U.S., Far/Mid-East, & Europe
2
ī
ī Career systems & software engineering methodologist
ī Lean-Agile, Six Sigma, CMMI, ISO 9001, DoD 5000
ī NASA, USAF, Navy, Army, DISA, & DARPA projects
ī Published seven books & numerous journal articles
ī Intnâl keynote speaker, 200+ talks to 14,500 people
ī Specializes in metrics, models, & cost engineering
ī Cloud Computing, SOA, Web Services, FOSS, etc.
ī Professor at 7 Washington, DC-area universities
3. 3
Internet of ThingsâDinosaur Killer
IoT is an Extinction Level Event
âĸ 25-50B Devices on IOT
âĸ 5-10B Internet Hosts
âĸ 4-8B Mobile Phones
âĸ 2-3B End User Sys
âĸ Mass Business Failure
4. ī¯ Dev-Ops (dÄvâ˛Åps) Early, iterative, & automated combo
of development & operations; Incremental deployment
īŽ An approach embracing principles & values of lean
thinking, product development flow, & agile methods
īŽ Early, collaborative, and automated form of incremental
development, integration, system, & operational testing
īŽ Design method that supports collaboration, teamwork,
iterative development, & responding to change
īŽ Mult-tiered automated framework for TDD, Continuous
Integration, BDD, Continuous Delivery, & DevOps
īŽ Maximizes BUSINESS VALUE of organizations, portfolios,
& projects by enabling buyers-suppliers to scale globally
4
ī
Crispin, L., & Gregory, J. (2009). Agile testing: A practical guide for testers and agile teams. Boston, MA: Addison-Wesley.
Crispin, L., & Gregory, J. (2015). More agile testing: Learning journeys for the whole team. Boston, MA: Addison-Wesley.
DevOpsâWhat is it?
5. Network
Computer
Operating System
Middleware
Applications
APIs
GUI
ī¯ Agile requirements implemented in slices vs. layers
ī¯ User needs with higher business value are done first
ī¯ Reduces cost & risk while increasing business success
5Shore, J. (2011). Evolutionary design illustrated. Norwegian Developers Conference, Oslo, Norway.
Agile Traditional
1 2 3īˇ Faster
īˇ Early ROI
īˇ Lower Costs
īˇ Fewer Defects
īˇ Manageable Risk
īˇ Better Performance
īˇ Smaller Attack Surface
Late īˇ
No Value īˇ
Cost Overruns īˇ
Very Poor Quality īˇ
Uncontrollable Risk īˇ
Slowest Performance īˇ
More Security Incidents īˇ
Seven Wastes
1. Rework
2. Motion
3. Waiting
4. Inventory
5. Transportation
6. Overprocessing
7. Overproduction
MINIMIZES MAXIMIZES
īˇ JIT, Just-enough architecture
īˇ Early, in-process system V&V
īˇ Fast continuous improvement
īˇ Scalable to systems of systems
īˇ Maximizes successful outcomes
īˇ Myth of perfect architecture
īˇ Late big-bang integration tests
īˇ Year long improvement cycles
īˇ Breaks down on large projects
īˇ Undermines business success
ī
DevOpsâHow it works?
ī
ī
ī ī
ī
ī
6. 6
Traditional vs. Agile Cumulative Flow
Work(Story,Point,Task)orEffort(Week,Day,Hour)
Time Unit (Roadmap, Release, Iteration, Month, Week, Day, Hour, etc.)
Work(Story,Point,Task)orEffort(Week,Day,Hour)
Time Unit (Roadmap, Release, Iteration, Month, Week, Day, Hour, etc.)
TRADITIONAL Cumulative Flow
ī¯ Late big bang integration increases WIP backlog
ī¯ Agile testing early and often reduces WIP backlog
ī¯ Improves workflow and reduces WIP & lead times
Anderson, D. J. (2004). Agile management for software engineering. Upper Saddle River, NJ: Pearson Education.
Anderson, D. J. (2010). Kanban: Successful evolutionary change for your technology business. Sequim, WA: Blue Hole Press.
ī
DevOpsâWorkflow Results
īŊ īŧ
DEVOPS Cumulative Flow
7. 7
ī¯ Methods to âscopeâ project, product, or system
ī¯ âKeyâ is smallest possible scope with highest value
ī¯ Reduces cost, risk, time, failure, & tech. obsolescence
INCREASES TESTABILITY, QUALITY, RELIABILITY, SECURITY, MORALE, MAINTAINABILITY, & SUCCESS
Denne, M., & Cleland-Huang, J. (2004). Software by numbers: Low-risk, high-return development. Santa Clara, CA: Sun Microsystems.
Ries, E. (2011). The lean startup: How today's entrepreneurs use continuous innovation. New York, NY: Crown Publishing.
Patton, J. (2014). User story mapping: Discover the whole story, build the right product. Sebastopol, CA: O'Reilly Media.
Layton, M. C., & Maurer, R. (2011). Agile project management for dummies. Hoboken, NJ: Wiley Publishing.
Krause, L. (2014). Microservices: Patterns and applications. Paris, France: Lucas Krause.
ī
MINIMUM
MARKETABLE FEATURE
- MMF -
īŧ Advantage
īŧ Difference
īŧ Revenue
īŧ Profit
īŧ Savings
īŧ Brand
īŧ Loyalty
MINIMUM
VIABLE PRODUCT
- MVP -
īŧ Goal
īŧ Process
īŧ Features
īŧ Priorities
īŧ Story Map
īŧ Architecture
STORY MAP
OR IMPACT MAP
- SM or IM -
īŧ Goal
īŧ Actors
īŧ Impacts
īŧ Deliverables
īŧ Measures
īŧ Milestones
VISION
STATEMENT
- VS -
īŧ For <customer>
īŧ Who <needs it>
īŧ The <product>
īŧ Is a <benefit>
īŧ That <customer>
īŧ Unlike <other>
īŧ Ours <different>
MICRO-
SERVICE
- MS -
īŧ Purpose
īŧ Automated
īŧ Unique
īŧ Independent
īŧ Resilient
īŧ Ecosystem
īŧ Consumer
DevOpsâMMF, MVP, MVA, etc.
ī
ī
8. 8
ī
ī¯ Lightweight, fast, disposable virtual environments
ī¯ Set of isolated processes running on shared kernel
ī¯ Efficient way for building, delivering, & running apps
Monolithic Applications Just-Enough Applications Containerized Apps
Minimal - Typically single process entities
Declarative - Built from layered Docker images
Immutable - Do exactly same thing from run to kill
âĸ Small autonomous services that work together
âĸ Self-contained process that provides a unique capability
âĸ Loosely coupled service oriented architecture with bounded contexts
âĸ Small independent processes communicating with each other using language-agnostic APIs
âĸ Fined-grained independent services running in their own processes that are developed and deployed independently
âĸ Suite of services running in their own process, exposing APIs, and doing one thing well (independently developed and deployable)
âĸ Single app as a suite of small services, each running in its own process and communicating with lightweight mechanisms (HTTP APIs)
Krause, L. (2014). Microservices: Patterns and applications. Paris, France: Lucas Krause.
DevOpsâMicroservices
ī
ī
ī
ī
ī ī
OSâs Have
UNREPORTED
30-50 CVEs
ī ī
9. 9
ī
TDD
- 2003 -
CI
- 2006 -
BDD
- 2008 -
CD
- 2011 -
DEVOPS
- 2012 -
DEVOPSSEC
- 2014 -
īˇ User Story
īˇ Acc Criteria
īˇ Dev Unit Test
īˇ Run Unit Test
īˇ Write SW Unit
īˇ Re-Run Unit Test
īˇ Refactor Unit
īˇ Building
īˇ Database
īˇ Inspections
īˇ Testing
īˇ Feedback
īˇ Documentation
īˇ Deployment
īˇ Analyze Feature
īˇ Acc Criteria
īˇ Dev Feat. Test
īˇ Run Feat. Test
īˇ Develop Feature
īˇ Re-Run Feature
īˇ Refactor Feat.
īˇ Packaging
īˇ Acceptance
īˇ Load Test
īˇ Performance
īˇ Pre-Production
īˇ Certification
īˇ Deployment
īˇ Sys Admin
īˇ Config. Mgt.
īˇ Host Builds
īˇ Virtualization
īˇ Containerization
īˇ Deployment
īˇ Monitor & Supp
īˇ Sec. Engineer.
īˇ Sec. Containers
īˇ Sec. Evaluation
īˇ Sec. Deploy.
īˇ Runtime Prot.
īˇ Sec. Monitoring
īˇ Response Mgt.
Beck, K. (2003). Test-driven development: By example. Boston, MA: Addison-Wesley.
Duvall, P., Matyas, S., & Glover, A. (2006). Continuous integration. Boston, MA: Addison-Wesley.
Barker, K., & Humphries, C. (2008). Foundations of rspec: Behavior driven development with ruby and rails. New York, NY: Apress.
Humble, J., & Farley, D. (2011). Continuous delivery. Boston, MA: Pearson Education.
Huttermann, M. (2012). Devops for developers: Integrate development and operations the agile way. New York, NY: Apress.
Bird, J. (2016). Devopssec: Delivering secure software through continuous delivery. Sebastopol, CA: O'Reilly Media.
ī¯ Numerous models of lean-agile testing emerging
ī¯ Based on principles of lean & agile one piece flow
ī¯ Include software, hardware, system, & port. testing
DevOpsâEvolution
10. STAGE 1âTest Driven Development
ī¯ Term coined by Kent Beck in 2003
ī¯ Consists of writing all tests before design
ī¯ Ensures all components are verified and validated
10Beck, K. (2003). Test-driven development: By example. Boston, MA: Addison-Wesley.
ī
ī
11. ī¯ Agile TDD consists of seven broad practices
ī¯ Document test criteria, tests, software units, etc.
ī¯ Include refactoring, verification, optimization, etc.
11
Practice
User Story
Acc Criteria
Dev Test
Run Test
Dev Unit
Rerun Test
Refactor Unit
Description
Read story, analyze meaning, ask questions, and clarify understanding
Identify, verify, and document acceptance criteria for each user story
Design, develop, code, and verify automated unit test for user story
Run automated unit test to verify that it fails the first time (sanity check)
Design, develop, code, and verify the software unit to satisfy user story
Rerun automated unit test to see if code satisfies automated unit test
Refine, reduce, and simplify code to remove waste and optimize performance
STAGE 1âTest Driven Develop.
ī
Beck, K. (2003). Test-driven development: By example. Boston, MA: Addison-Wesley.
12. STAGE 2âBehavior Driven Develop.
ī¯ Term coined by Dan North in 2006
ī¯ Consists of writing feature tests before design
ī¯ Ensures all system features are verified and validated
12Smart, J. F. (2014). BDD in action: Behavior-driven development for the whole software lifecycle. Shelter Island, NY: Manning Publications.
ī
ī
13. ī¯ Agile BDD consists of seven broad practices
ī¯ Document test criteria, tests, syst. features, etc.
ī¯ Include refactoring, verification, optimization, etc.
13
Practice
Feature
Acc Criteria
Dev Test
Run Test
Dev Feature
Rerun Test
Refac Feature
Description
Read feature, analyze meaning, ask questions, and clarify understanding
Identify, verify, and document acceptance criteria for each feature
Design, develop, code, and verify automated feature test for feature
Run automated feature test to verify that it fails the first time (sanity check)
Design, develop, code, and verify the feature software to satisfy feature
Rerun automated feature test to see if code satisfies automated feature test
Refine, reduce, and simplify code to remove waste and optimize performance
STAGE 2âBehavior Driven Dev.
ī
Smart, J. F. (2014). BDD in action: Behavior-driven development for the whole software lifecycle. Shelter Island, NY: Manning Publications.
14. ī¯ Term coined by Martin Fowler circa 1998
ī¯ User needs designed & developed one-at-a-time
ī¯ Changes automatically detected, built, & fully-tested
14Humble, J., & Farley, D. (2011). Continuous delivery. Boston, MA: Pearson Education.
Duvall, P., Matyas, S., & Glover, A. (2006). Continuous integration. Boston, MA: Addison-Wesley.
ī
STAGE 3âContinuous Integration
Thousands of Tests
Continuously Executed
No More Late Big
Bang Integration
Build
Integration
Server
Version
Control
Server
Build
Scripts
UsesWatches
Build
Status
Provides
Developer A
Developer B
Developer C
Commits
Changes
Commits
Changes
Commits
Changes
Builds
Database
Analysis
Testing
Reporting
Documentation
Deployment
Early, Automated, Fast,
Efficient, & Repeatable
Constant Readiness
State & CM Control
Lean, Waste Free, Low WIP,
No Deadlocked Test Queues
Rapidly & Successfully
Dev. Complex Systems
ī ī ī
ī ī ī
ī ī ī
īŊ ALL DEVELOPERS RUN PRIVATE BUILDS
īŊ DEVELOPERS COMMIT CODE TO VERSION CONTROL
īŊ INTEGRATION BUILDS OCCUR SEVERAL TIMES PER DAY
īŊ 100% OF SYSTEM TESTS MUST PASS FOR EVERY BUILD
īŊ A SHIPPABLE PRODUCT RESULTS FROM EVERY BUILD
īŊ FIXING BROKEN BUILDS IS OF THE HIGHEST PRIORITY
īŊ REPORTS AUTOMATICALLY GENERATED & REVIEWED
15. ī¯ Agile CI consists of seven broad practices
ī¯ Automated build, database, inspection, tests, etc.
ī¯ Include reporting, documentation, deployment, etc.
15
Practice
Building
Database
Inspections
Testing
Feedback
Documentation
Deployment
Description
Frequently assembling products and services to ensure delivery readiness
Frequently generating/analyzing database schemas, queries, and forms
Frequently performing automated static analysis of product/service quality
Frequently performing automated dynamic product and service evaluation
Frequently generating automated status reports/messages for all stakeholders
Frequently performing automated technical/customer document generation
Frequently performing automated delivery of products/services to end users
Duvall, P., Matyas, S., & Glover, A. (2006). Continuous integration: Improving software quality and reducing risk. Boston, MA: Addison-Wesley.
Humble, J., & Farley, D. (2011). Continuous delivery. Boston, MA: Pearson Education.
STAGE 3âContinuous Integration
ī
16. ī¯ Created by Jez Humble of ThoughtWorks in 2011
ī¯ Includes CM, build, testing, integration, release, etc.
ī¯ Goal is one-touch automation of deployment pipeline
16
Humble, J., & Farley, D. (2011). Continuous delivery. Boston, MA: Pearson Education.
Duvall, P., Matyas, S., & Glover, A. (2006). Continuous integration. Boston, MA: Addison-Wesley.
Ohara, D. (2012). Continuous delivery and the world of devops. San Francisco, CA: GigaOM Pro.
ī
ī
CoQ
âĸ 80% MS Tst
âĸ 8/10 No Val
âĸ $24B in 90s
âĸ Rep by CD
âĸ Not Add MLK
STAGE 4âContinuous Delivery
Source Code
Control
Build
Automation
Test
Automation
Continuous
Integration
Release
Automation
Continuous
Delivery
17. ī¯ Agile CD consists of seven broad practices
ī¯ Automated acceptance, load, performance, etc.
ī¯ Include packaging, pre-production test, C&A, etc.
17
Practice
Packaging
Acceptance
Load Test
Performance
Pre-Production
Certification
Deployment
Description
Frequently generating system images for pre-production testing & checkout
Frequently performing automated system & user acceptance testing
Frequently performing automated system load, stress, & capacity testing
Frequently performing automated system user & technical performance testing
Frequently performing automated pre-production tests prior to final deployment
Frequently performing automated system certification & accreditation tests
Frequently generating product images for pre-deployment testing & checkout
Mukherjee, J. (2015). Continuous delivery pipeline: Where does it choke. Charleston, SC: CreateSpace.
Swartout, P. (2014). Continuous delivery and devops: A quickstart guide. Birmingham, UK: Packt Publishing.
STAGE 4âContinuous Delivery
ī
18. ī¯ Created by Patrick Debois of Jedi BVBA in 2007
ī¯ Collaboration of developers & infrastructure people
ī¯ Goal to automate the deployment to end-user devices
18
Bass, L., Weber, I., & Zhu, L. (2015). Devops: A software architect's perspective. Old Tappan, NJ: Pearson Education.
Gruver, G., & Mouser, T. (2015). Leading the transformation: Applying agile and devops at scale. Portland, OR: IT Revolution Press.
Humble, J., Molesky, J., & O'Reilly, B. (2015). Lean enterprise: How high performance organizations innovate at scale. Sebastopol, CA: O'Reilly Media.
ī
STAGE 5âDevelopment Operations
ī
Collaboration
19. ī¯ Agile DevOps consists of seven broad practices
ī¯ Automated sys admin, CM, building, monitor, etc.
ī¯ Include virtualization, containerize, deployment, etc.
19
Practice
Sys Admin
Config. Mgt.
Host Builds
Virtualization
Containerize
Deployment
Monitor & Supp
Description
Frequently performing automated system administration tasks, i.e., scripting
Frequently performing automated infrastructure config. mgt./version control
Frequently performing automated system and server host builds and config.
Frequently performing automated system, server, & net virtualization services
Frequently performing automated software and Microservices containerization
Frequently generating final end-user system & software images for distribution
Frequently performing automated metrics collection & deployment monitoring
Duffy, M. (2015). Devops automation cookbook: Over 120 recipes coverying key automation techniques. Birmingham, UK: Packt Publishing.
Farcic, V. (2016). The devops 2.0 toolkit: Automating the continuous deployment pipelines with containerized microservices. Victoria, CA: LeanPub.
ī
STAGE 5âDevelopment Operations
22. ī¯ SE framework by Dean Leffingwell of Rally in 2007
ī¯ Newest version leaner, meaner, lighter, and simpler
ī¯ Experimental bottoms-up DevOps-based innovation
22Leffingwell, D. (2007). Scaling software agility: Best practices for large enterprises. Boston, MA: Pearson Education.
ī
PORTFOLIO
LARGE
PROGRAM
PROGRAM
TEAM
STAGE 7âEnterprise DevOpsSec
23. 23Juengst, D. (2015). Deliver better software faster: With the cloudbees jenkins platform. San Francisco, CA: CloudBees.
Weeks, D. E. (2014). Devops and continuous delivery reference architectures (volume 1 & 2). Fulton, MD: Sonatype.
ī
DevOpsâTools Ecosystem
ī¯ Numerous tools to automate DevOps pipeline
ī¯ People can piece together toolset along with hubs
ī¯ Tools include version control, testing, & deployment
24. 24XeniaLabs. (2016). Periodic table of devops tools. Retrieved April 11, 2016, from https://xebialabs.com/periodic-table-of-devops-tools.
Weeks, D. E. (2014). Devops and continuous delivery reference architectures (volume 1 & 2). Fulton, MD: Sonatype.
DevOpsâPeriodic Table
25. 25Tesauro, M. (2016). Taking appsec to 11: Appsec pipelines, devops, and making things better. Denver, CO: SnowFROC 2016.
Weeks, D. E. (2014). Devops and continuous delivery reference architectures (volume 1 & 2). Fulton, MD: Sonatype.
ī
DevOpsâSecurity Tools Ecosystem
ī¯ Many tools emerging for DevOps application security
ī¯ Begins-ends with microservicesâtiny attack surface
ī¯ Includes containers, testing, & real-time monitoring
ī
28. 28
ī¯ DevOps metrics gaining in widespread popularity
ī¯ Hybrid of development & IT operations measures
ī¯ Includes code, deployment & e-business analytics
Velasquez, N. F. (2014). State of devops report. Portland, OR: Puppet Labs, Inc.
ī
DevOpsâDeployment Metrics
29. Activity Def CoQ DevOps Economics Hours ROI
Development Operations 100 0.001 100 Defects x 70% Efficiency x 0.001 Hours 0.070 72,900%
Continuous Delivery 30 0.01 30 Defects x 70% Efficiency x 0.01 Hours 0.210 24,300%
Continuous Integration 9 0.1 9 Defects x 70% Efficiency x 0.1 Hours 0.630 8,100%
Software Inspections 3 1 2.7 Defects x 70% Efficiency x 1 Hours 1.890 2,700%
"Traditional" Testing 0.81 10 0.81 Defects x 70% Efficiency x 10 Hours 5.670 900%
Manual Debugging 0.243 100 0.243 Defects x 70% Efficiency x 100 Hours 17.010 300%
Operations & Maintenance 0.073 1,000 0.0729 Defects x 70% Efficiency x 1,000 Hours 51.030 n/a
29
ī¯ Agile testing is orders-of-magnitude more efficient
ī¯ Based on millions of automated tests run in seconds
ī¯ One-touch auto-delivery to billions of global end-users
Rico, D. F. (2016). Devops cost of quality (CoQ): Phase-based defect removal model. Retrieved May 10, 2016, from http://davidfrico.com
ī
DevOpsâCost of Quality
ī ī
Under 4
Minutes
4,500 x Faster
than Code
Inspections
30. 30
ī¯ Hewlett-Packard is a major user of CI, CD, & DevOps
ī¯ 400 engineers developed 10 million LOC in 4 years
ī¯ Major gains in testing, deployment, & innovation
Gruver, G., Young, M. & Fulghum, P. (2013). A practical approach to large-scale agile development. Upper Saddle River, NJ: Pearson Education.
ī
TYPE METRIC MANUAL DEVOPS MAJOR GAINS
CYCLE TIME
IMPROVEMENTS
Build Time 40 Hours 3 Hours 13 x
No. Builds 1-2 per Day 10-15 per Day 8 x
Feedback 1 per Day 100 per Day 100 x
Regression Testing 240 Hours 24 Hours 10 x
DEVELOPMENT
COST EFFORT
DISTRIBUTION
Integration 10% 2% 5 x
Planning 20% 5% 4 x
Porting 25% 15% 2 x
Support 25% 5% 5 x
Testing 15% 5% 3 x
Innovation 5% 40% 8 x
DevOpsâHP Case Study
ī
ī
31. ī¯ Assembla went from 2 to 45 releases every month
ī¯ 15K Google developers run 120 million tests per day
ī¯ 30K+ Amazon developers deliver 136K releases a day
31Singleton, A. (2014). Unblock: A guide to the new continuous agile. Needham, MA: Assembla, Inc.
62 x Faster
U.S. DoD
IT Project
3,645 x Faster
U.S. DoD
IT Project
ī
DevOpsâDot Com Case Study
ī
ī
32. 32Ashman, D. (2014). Blackboard: Keep your head in the clouds. Proceedings of the 2014 Enterprise DevOps Summit, San Francisco, California, USA.
ī¯ Productivity STOPS due to excessive integration
ī¯ Implements DevOps & Microservices around 2010
ī¯ Waste elimination, productivity & innovation skyrocket
DevOpsâBlackboard Case Study
ī
DEVOPS &
MICROSERVICES
IMPLEMENTED
33. 33Denayer, L. (2017). U.S. DHS citizenship and immigration services: USCIS agile development. Washington, DC. iSDLC Seminar.
ī¯ 1st gen replete with large portfolios & governance
ī¯ 2nd-3rd gen yield minor incremental improvements
ī¯ 4th-5th gen enables big order-of-magnitude impacts
DevOpsâU.S. DHS Case Study
ī
ī ī
ī
ī
ī
ī
ī ī ī ī ī
Automated GovernanceManual Governance
ī ī
34. 34
ī¯ Detailed DevOps economics starting to emerge
ī¯ ROI ranges from $17M to $195M with minor costs
ī¯ Benefits from cost savings, revenue, and availability
Forsgren, N., Humble, J., & Kim, G. (2017). Forecasting the value of devops transformations: Measuring roi of devops. Portland, OR: DevOps Research.
Rico, D. F. (2017). Devops return on investment (ROI) calculator. Retrieved August 29, 2017, from http://davidfrico.com/devops-roi.xls
ī
DevOpsâReturn on Investment
35. 35
ī¯ DevOps adoption growing fast in-spite of slow start
ī¯ 35% using, 27% thinking about it, & 38% are in-dark
ī¯ DevOps a global industry-wide extinction-level event
35
Brown, A. (2016). Devops and the need for speed, quality, and security: Do organizations really have to pick two out of three. Portland, OR: Puppet Labs.
ī
DevOpsâAdoption Statistics
ī
36. 36
ī¯ Having a DevOps rollout strategy is a key to success
ī¯ Phased, incremental, and situational implementation
ī¯ Includes build, testing, & IT operations, & practices
St-Cyr, J. (2015). Evolving devops: Advance alm and devops practices with cont. imp. Agile Dev, Better Software, & DevOps East Conference, Orlando, Florida, USA.
ī
DevOpsâRoadmap
37. 37
ī¯ Industry leading DevOps assessments are emerging
ī¯ DORA Technology DevOps Assessment is popular
ī¯ Includes speed, deployments, reliability & morale
Kim, G., Forsgren, N., & Humble, J. (2017). The DORA technology performance assessment. Portland, OR: DevOps Research.
ī
DevOpsâAssessments
38. 38Kim, G., Debois, P., Willis, J., & Humble, J. The devops handbook: How to create world-class agility, reliability, and security
in technology organizations. Portland, OR: IT Revolution Press.
ī
ī ī
ī
ī
ī¯ Everything begins with lean & agile principles
ī¯ Next step is smaller portfolio & simpler designs
ī¯ Final step is modular interfaces & E2E automation
DevOpsâ5 Keys to Success
ī
ī
ī
ī
39. ī¯ DevOps DOES NOT mean deliver it now and fix it later
ī¯ Lightweight, yet disciplined approach to development
ī¯ Reduced cost, risk, & waste while improving quality
39
Rico, D. F. (2012). Whatâs really happening in agile methods: Its principles revisited? Retrieved June 6, 2012, from http://davidfrico.com/agile-principles.pdf
Rico, D. F. (2012). The promises and pitfalls of agile methods. Retrieved February 6, 2013 from, http://davidfrico.com/agile-pros-cons.pdf
Rico, D. F. (2012). How do lean & agile intersect? Retrieved February 6, 2013, from http://davidfrico.com/agile-concept-model-3.pdf
What How Result
Flexibility Use lightweight, yet disciplined processes and artifacts Low work-in-process
Customer Involve customers early and often throughout development Early feedback
Prioritize Identify highest-priority, value-adding business needs Focus resources
Descope Descope complex programs by an order of magnitude Simplify problem
Decompose Divide the remaining scope into smaller batches Manageable pieces
Iterate Implement pieces one at a time over long periods of time Diffuse risk
Leanness Architect and design the system one iteration at a time JIT waste-free design
Swarm Implement each component in small cross-functional teams Knowledge transfer
Collaborate Use frequent informal communications as often as possible Efficient data transfer
Test Early Incrementally test each component as it is developed Early verification
Test Often Perform system-level regression testing every few minutes Early validation
Adapt Frequently identify optimal process and product solutions Improve performance
ī
ī
ī
ī
ī
ī
ī
ī
ī
ī
ī
ī
ī
ī
ī
ī
ī
DevOpsâSummary
40. 40
DevOps ensures enterprise success by delivering large
volumes of valuable, reliable, & secure IT products &
services to billions of users in fractions of a second ...
DevOpsâBottom Line?
41. Daveâs PROFESSIONAL CAPABILITIES
41
Software
Quality
Mgt.
Technical
Project
Mgt.
Software
Development
Methods
Leadership &
Org. Change
Cost Estimates
& Scheduling
Acquisition &
Contracting
Portfolio &
Program Mgt.
Strategy &
Roadmapping
Lean, Kanban,
& Six Sigma
Modeling &
Simulations
Big Data,
Cloud, NoSQL
Workflow
Automation
Metrics,
Models, & SPC
BPR, IDEF0,
& DoDAF
DoD 5000,
TRA, & SRA
PSP, TSP, &
Code Reviews
CMMI &
ISO 9001
Innovation
Management
Statistics, CFA,
EFA, & SEM
Evolutionary
Design
Systems
Engineering
Valuation â Cost-Benefit Analysis, B/CR, ROI, NPV, BEP, Real Options, etc.
Lean-Agile â Scrum, SAFe, Continuous Integration & Delivery, DevOpsSec, etc.
STRENGTHS â Communicating Complex Ideas âĸ Brownbags & Webinars âĸ Datasheets & Whitepapers âĸ Reviews &
Audits âĸ Comparisons & Tradeoffs âĸ Brainstorming & Ideation âĸ Data Mining & Business Cases âĸ Metrics & Models âĸ
Tiger Teams & Shortfuse Tasks âĸ Strategy, Roadmaps, & Plans âĸ Concept Frameworks & Multi-Attribute Models âĸ Etc.
â Data mining. Metrics, benchmarks, & performance.
â Simplification. Refactoring, refinement, & streamlining.
â Assessments. Audits, reviews, appraisals, & risk analysis.
â Coaching. Diagnosing, debugging, & restarting stalled projects.
â Business cases. Cost, benefit, & return-on-investment (ROI) analysis.
â Communications. Executive summaries, white papers, & lightning talks.
â Strategy & tactics. Program, project, task, & activity scoping, charters, & plans.
PMP, CSEP,
FCP, FCT, ACP,
CSM, SAFE, &
DEVOPS
35+ YEARS
IN IT
INDUSTRY