The document outlines Manulife's transition to a technology-driven company, emphasizing the integration of DevOps practices and modern application development methodologies. It highlights the company's strategic platform choices, including Kubernetes and Cloud Foundry, to support both legacy and new applications. Additionally, it discusses the importance of automated practices, security measures, and the company's commitment to open source contributions and community support.

1. Jonathan Le Lous
Director Engineering Engagement and
Release Platforms
Thibault Cohen
Release Platforms Lead
Global Technology
1
DevOps & Insurance Company:
Create a Bridge between
Security and Change

2. Jonathan -- @jollfr
2

3. Thibault -- @ttb_lt -- github.com/titilambert
3

4. 4
Ratings
A.M. Best A+
DBRS AA (low)
Fitch AA-
Moody’s A1
S&P AA-
Serving
1 in 3
Canadians
Founded in
1887
Canada’s largest
insurance company
20+
countries
Employee volunteer
hours: 107,288
Community
investment:
$39.9M
Investments in renewable energy and energy efficiency
projects: $10.9B
Manulife economic
impact
Assets managed
and administered
$1 trillion
Statistics as of December 31, 2017
Manulife

5. 5
New technology
companies
Our market is
changing

6. ‘Honouring our Past, Engaging our Future’
“transforming our business to be much more of a technology-driven
company” Roy Gori, Manulife’s CEO.
▪ Legacy – Reducing the Run and Modernize Apps
▪ Net New – Leveraging Micro-services and APIs
6

7. 7
IT Realities

8. Platform Strategy: Kubernetes & PCF
‘‘While Cloud Foundry's PaaS can free up developers from infrastructure management worries,
Kubernetes' container orchestration and cluster management functions can preserve control over
the infrastructure for ops.’’ TechTarget (03/27/2017)
8
1. Legacy Apps
2. DevOps
1. Build Net New apps
2. Production Platform
1. Convergence strategy
2. Decision Framework

9. DevOps = removing barriers
=
CI
CD

10. Example 1: The easy one
▪ All developer teams are using Scrum methodology
▪ All new projects are micro services running in PCF
▪ These projects are stored in GitLab using forking strategy
▪ The CI is based on Jenkins Pipelines
▪ Unit tests, SonarQube, BlackDuck, Fortify, ...
▪ The CD is based on Concourse
▪ 4 persistent PCF environments : DEV/TEST/QA/PROD
10

11. Example 2: Back to the future
▪ Bring a 28 years old application to Gitlab/Jenkins
▪ Migrate more than 30000 commits from Harvest to Git
▪ Reproduce Harvest concepts with Gitlab/Jenkins
▪ Reduce developer learning curve
▪ Next steps:
▪ Move away from Harvest concepts to standard DevOps concepts
▪ Add more automated tests in Jenkins (SonarQube, BlackDuck, Fortify, ...)
▪ Add more tools in the pipeline (Doxygen, HyperSQL, ...)
11

12. Automate Best Practices
12
▪ Generic CI: Code Review, Security, Open
Source Governance, QA..
▪ Security:
▪ Automated Security Scans (Code)
▪ Implemented by-default Security tasks
inside project
▪ Risk Fixe: Upstream Contributions

13. 13
▪ By-default Open Standard
▪ Support Communities (event, membership)
▪ Contribute upstream
▪ Hiring Top Talent
▪ Talk at Open Source Events
BUILD: Leverage Open Source
Open Source
Ecosystems
Manulife
Technical
Leader