As DevOps adoption matures in organizations, DevOps teams are leading the charge for enabling enterprises to scale their DevOps efforts to support increasingly complex application delivery requirements. Tooling and processes that might have worked for more simple use cases often fail when applied across large-scale software delivery -- needing to support ALL teams, GEOs, point-tools, applications, processes, regulatory requirements, environments, and more. How do you improve developer productivity and release velocity, without sacrificing governance, security, and org efficiency? How do you streamline your processes and organizational alignment, without sacrificing flexibility and freedom of choice? How do you support thousands of developers, applications and pipelines - both legacy and cloud-native - without getting buried in plugins/tools/spaghetti-scripts hell? Join guest speaker Charles Betz, lead DevOps analyst at Forrester Research, and Loreli Cadapan, Sr. Director Product Management at JFrog, as they share architectural patterns, best practices and proven tips for scaling DevOps in the enterprise.

1. 1
DEVELOPERS DRIVING
DEVOPS AT SCALE
5 KEYS TO SUCCESS
Featuring:

2. 2
OUR SPEAKERS:
Featuring:
Loreli Cadapan
Sr. Director
Product Management
JFrog
Charles Betz
Lead DevOps
Analyst
Forrester Research

3. 3© 2020 Forrester. Reproduction Prohibited.
R&D

4. 4© 2020 Forrester. Reproduction Prohibited.
Operations

5. 5© 2020 Forrester. Reproduction Prohibited.
VUCAVolatile
Uncertain
Complex
Ambiguous

6. 6© 2020 Forrester. Reproduction Prohibited.
Release speed
must keep up with
business
experimentation
and adaptation

7. How do you keep up with the speed of business?

8. 8© 2020 Forrester. Reproduction Prohibited.
The rise of the
knowledge worker

9. Autonomy

10. 10
10© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Firm infrastructure
Human resources mgmt
Technology development
Procurement
Inbound logistics Operation Outbound
logistics
Sales &
marketing
Servicing
“Real”valueOntop–“burden”
Traditional view (manufacturing-centric)

11. 11
11© 2017 FORRESTER. REPRODUCTION PROHIBITED.
R&D is “overhead” … ?!
Traditional research and development
We’re
overhead…
sigh.
We sure as
heck aren’t.
Modern digital product team

12. 12
12© 2017 FORRESTER. REPRODUCTION PROHIBITED.
The new value chain
Finance
HR
Facilities
Legal
Digital/IT
Sourcing
Sales
Marketing
ESM: logical discovery and routing (human:human)
Operations
Support
Application (micro) services (machine:machine)
Digital and digitalized product management
Business services
Internally-facing
product teams
deliver services &
automation
Value to external
stakeholders
Control plane/CDRA (VSM, APM, etc )
Commoditize/automate

13. 13
13© 2019 FORRESTER. REPRODUCTION PROHIBITED.
A simple DevOps reference architecture
Source
repo
Package
Repo
Pre-production
Production
Build
Automation
Release
Automation
Infrastructure
Automation Monitor
Pipeline as code
Defines the process of continuous delivery (build,
package, release, deploy)
Application code
Python, .Net, Javascript, Go, xUnit, etc.
Infrastructure as code
Infrastructure resources and their configurations
Builds (incl
containers)
Releases
External
sources
Provisioning &
Configuration

14. 14© 2020 Forrester. Reproduction Prohibited.
• Developers no longer start by writing
code
• They start by researching frameworks
and solutions offered through channels
like GitHub and Stack Overflow
• A typical project may create many new
dependencies.
Your Dependencies
Are Increasing

15. 15© 2020 Forrester. Reproduction Prohibited.
Trend:
Heavy approval
gate processes are
falling out of
favor

16. 16
16© 2019 FORRESTER. REPRODUCTION PROHIBITED.
https://www.pexels.com/photo/group-of-people-doing-tug-of-war-791765/
Innovation
Attack surface
Redundancy
Technical debt
Drift
Support

17. Do you know what you have?

18. 18© 2020 Forrester. Reproduction Prohibited.
The costs and risks are real

19. 19
19© 2019 FORRESTER. REPRODUCTION PROHIBITED.
The critical control points
Source
repo
Package
Repo
Pre-production
Production
Build
Automation
Release
Automation
Infrastructure
Automation Monitor
Pipeline as code
Defines the process of continuous delivery (build,
package, release, deploy)
Application code
Python, .Net, Javascript, Go, xUnit, etc.
Infrastructure as code
Infrastructure resources and their configurations
Builds (incl
containers)
Releases
External
sources
Provisioning &
Configuration
Readiness?
SCA etc.
Add security

20. 20
20© 2019 FORRESTER. REPRODUCTION PROHIBITED.
Developers are leading the transformation
› They have autonomy,
buying power, and expertise
› Knowledge worker (eg
DevOps) enabling
innovation alongside
security/governance

21. JFROG INTRODUCTION
21

22. JFROG AT A GLANCE
2008
Founded
2B dependencies
downloaded/m
3M enterprise
developers daily
Community
Champions
5,600+
Paying Customers
~65%
of the F100
~150 New enterprise
customers monthly
DevOps
Unicorn
Forbes
CLOUD 100 LIST
Deloitte 2019
Technology
Fast 500
Winner
The 2018
SD Times 100
Award

23. THE JFROG PLATFORM
24/7 Dedicated Support +
DevOps Acceleration Service Arm
BUILD TEST RELEASE DEPLOY
Continuously integrate
automate & deploy
Clear security and
compliance issues
Distribute to
production site
Control and monitor
the flow
On Premises
& Multi-cloud
Store and
manage all
types of
packages
OSS/CE ON PREM / HYBRID
CONSUME
YOUR
WAY:
CLOUD SAAS
</>

24. ENTERPRISE DEVOPS IS
HIGH VOLUME
HIGH COMPLEXITY
HIGH STAKES
24
But you still HAVE to..
BE NIMBLE
BE AGILE
BE MODERN
(and… BE COOL)

25. 25
DEVELOPERS LEADING THE CHARGE

26. 26
SCALING DEVOPS:
FIVE KEYS TO SUCCESS

27. (YO)UNIFY: THE PROCESS + OUTCOMES
▪ Consistency and traceability throughout the lifecycle
▪ A single end-to-end solution for everything DevOps.
Single source of truth on security, status, quality...
▪ Universal - any binary, container images, any
environment, point-tools…
▪ Centralized, secure management of all tools,
processes, artifacts, and repos- including 3rd party.
▪ Take action and ensure full visibility at any point:
dependency download/re-use, repos, deployments,
build, pipeline, releases, etc.

28. DEVSECOPS & SHIFT LEFT
Shifting-left security & compliance is a MUST:
▪ Tight integration throughout the artifact lifecycle and
CI/CD pipeline.
▪ Container security built-in
▪ From IDE integration through continuous impact
analysis
▪ Shared visibility and governance with global policies
and situational awareness
▪ Actionable, pinpoint data specific to stakeholders

29. FUTURE-PROOF WITH CLOUD NATIVE
The modernization imperative:
▪ Support both Cloud-native + legacy apps
▪ No context/tool switching - across binaries,
processes, security, etc.
▪ CD for K8s/Containers is different - streamline and
simplify your DevOps processes with: Native Steps,
declarative configuration, high-density dev-test
infra., Enterprise Image+Helm registry, and more.

30. PIPELINE AS CODE
Increase dev productivity and scale easily
with “Pipeline-of-Pipelines”:
▪ Eliminating redundant work & drift - for process +
output. enable re-usability and standardization
across teams
▪ Use shared objects and processes, secrets,
resources, using of parameters, etc.
▪ Easily grandfather legacy processes & tools
▪ Topologies for lifecycle management and scaling
for Pipelines-of-Pipeline + Consider your team
structure

31. THINK GLOBAL, ACT LOCAL
DevOps is about system thinking!
▪ Consolidation is not a dirty word
▪ Centralized + fine-grained
○ RBAC, Node Pools and quotas, Pipelines…
▪ Flexibility to plug in any point tool or process
(legacy/modern)
▪ Consume as you like: via GUI, CLI, API

32. DEMO TIME!

33. 33
Q&A

34. SWAMPUP.JFROG.COM
AMERICAS EMEA / APAC

35. THANK YOU!