In my previous years’ talks at DevOps Enterprise Summit, I spoke about starting and scaling of DevOps at Capital One; importance of Open Source, Open Technology and Innovations in DevOps.
This year, I will present Capital One’s journey of maturing in DevOps and Continuous Delivery. My presentation will cover our current areas of focus: Delivery Pipeline, Flow and Measurements. I will also share some of the problems we faced and what we did to solve them.
Businesses of every shape and size are using cloud to gain rapid access to world class IT capabilities (resource pooling, rapid elasticity,measured service, cost predictability, agility, rapid implementation, etc). Integrating a cloud solution with existing systems can be one of the most complex, costly and time-consuming aspects of cloud adoption.
End-to-End SAP business process and test automation with UiPathVibhor Shrivastava
This session provided an overview of UiPath’s SAP automation capabilities, inclusive of a comprehensive demo of SAP Robotic Process Automation and SAP Test Automation.
DevOps is a term for a combination of various software development practices including traditional software development and information technology operations. It shortens the systems development life cycle while delivering features, fixes, and updates. This is ensured by frequent and close alignments with business objectives. It comprises a vast set of cultural philosophies, practices and tools
to increase an organization's ability to deliver applications and services at high velocity.
This document gives insights how DevOps should be designed, what services they should offer, what organizational forms can be chosen (incl. their benefits), which aspects a DevOps governance should cover, how to assess and implement DevOps (DevOps transition), which technologies are important and how processes can be designed based on proven best practices.
Agenda DevOps best practice slide deck:
- DevOps Definition and Overview
- DevOps & Agile maturity
- DevOps Transition
- DevOps Technology
- DevOps Organization
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...Sonatype
There are numerous examples of DevOps and Continuous Delivery reference architectures available, and each of them vary in levels of detail, tools highlighted, and processes followed. Yet, there is a constant theme among the tool sets: Jenkins, Maven, Sonatype Nexus, Subversion, Git, Docker, Puppet/Chef, Rundeck, ServiceNow, and Sonar seem to show up time and again.
Businesses of every shape and size are using cloud to gain rapid access to world class IT capabilities (resource pooling, rapid elasticity,measured service, cost predictability, agility, rapid implementation, etc). Integrating a cloud solution with existing systems can be one of the most complex, costly and time-consuming aspects of cloud adoption.
End-to-End SAP business process and test automation with UiPathVibhor Shrivastava
This session provided an overview of UiPath’s SAP automation capabilities, inclusive of a comprehensive demo of SAP Robotic Process Automation and SAP Test Automation.
DevOps is a term for a combination of various software development practices including traditional software development and information technology operations. It shortens the systems development life cycle while delivering features, fixes, and updates. This is ensured by frequent and close alignments with business objectives. It comprises a vast set of cultural philosophies, practices and tools
to increase an organization's ability to deliver applications and services at high velocity.
This document gives insights how DevOps should be designed, what services they should offer, what organizational forms can be chosen (incl. their benefits), which aspects a DevOps governance should cover, how to assess and implement DevOps (DevOps transition), which technologies are important and how processes can be designed based on proven best practices.
Agenda DevOps best practice slide deck:
- DevOps Definition and Overview
- DevOps & Agile maturity
- DevOps Transition
- DevOps Technology
- DevOps Organization
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...Sonatype
There are numerous examples of DevOps and Continuous Delivery reference architectures available, and each of them vary in levels of detail, tools highlighted, and processes followed. Yet, there is a constant theme among the tool sets: Jenkins, Maven, Sonatype Nexus, Subversion, Git, Docker, Puppet/Chef, Rundeck, ServiceNow, and Sonar seem to show up time and again.
Speaker: David Guest
Host: Angel Alberici
VirtualMuleys: 63
https://meetups.mulesoft.com/events/details/mulesoft-online-group-english-presents-event-driven-architecture-with-mulesoft/
In this session, we will look at
Event-driven (Asynch) vs Synchronous
Event-Driven Infrastructure
Event-Driven Patterns
Mulesoft Implementation
A well-designed IT Service Delivery Model is critical to achieving success in IT management and operations. Many IT organizations focus on optimizing their technology assets -- the infrastructure and applications. However, in our experience, business value is achieved most effectively when technology assets and the IT service delivery model are integrated and work together seamlessly.
The Agile Stakeholder Management Framework for Teams, Programs, and PortfoliosDrew Jemilo
Stakeholder management is one of the most important responsibilities of a Product Owner. It can also be one of the biggest land mines if you don't continuously inspect and adapt your planning and communication. How do you interact with your stakeholders based on their level of interest and the degree of influence they have over your team's success or failure? In this session, you will learn how to apply the stakeholder management framework to:
1. Identify, analyze, prioritize, and engage your stakeholders
2. Manage expectations through the continuous process of setting expectations, acting on them, reviewing them, and resetting them
3. Build your communication plan using the stakeholder mapping technique and the Net Promoter Score (NPS) to plot your sponsors, major stakeholders, minor stakeholders, and subject matter experts
4. Gain consensus with your stakeholders regarding their rights and responsibilities
5. Scale to the program and portfolio levels
Originally presented at Agile2012
http://agile2012.agilealliance.org/program/schedule/
Agile Portfolio Management Framework With Demand ManagementSlideTeam
"You can download this product from SlideTeam.net"
Presenting this set of slides with name Agile Portfolio Management Framework With Demand Management. The topics discussed in these slides are Agile Portfolio, Management, Marketing. This is a completely editable PowerPoint presentation and is available for immediate download. Download now and impress your audience. https://bit.ly/2ZCQ5sR
GSS America\'s Workplace Services aim at equipping customer’s business with round-the-clock support, through its Global Operations Command Center (GOCC). Its comprehensive range of workplace services gives customers the ability to reduce their costs and improve their service levels. GSS intends to help global enterprises cut down on their infrastructure maintenance costs and provide access to expert skills.
Agile Transformation consists of a group of professional change agents specializing in process improvement and organizational transformation. We are experts in Agile, Lean and organizational transformation methods applied to Technology and Business.
Agile IT Operatinos - Getting to Daily ReleasesLeadingAgile
Getting to Daily Releases with Agile IT Operations. Devin Hedge, Enterprise Transformation Consultant talks to a group at Triagile about the Six Key Areas to focus on when attempting to transform IT Operations with Lean and Agile principles. The talk covers Service Engineering, IT Operations, and the Tier 1 Support/NOC organizations. Kanban, Service Management (ITSM), and what it means to have a DevOps orientation.
Discover Jira Align - Realignment to the EnterpriseCprime
Atlassian Jira Align enables organizations to connect and align around common goals and objectives while providing actionable views and metrics to everyone touching the technology product lifecycle. With the ability to support a number of scaling frameworks, Jira Align helps navigate the complexity of large-scale technology initiatives by unifying and synchronizing the work happening across programs and portfolios for a clear executive-level view. At the same time, agile teams can continue to use their preferred tools, like Jira, to move quickly and deliver the best customer outcomes. With Jira Align, program managers, product managers, and release train engineers get the information they need to empower their teams to deliver the right things quickly and respond to market change.
Join us as we highlight critical features of Jira Align.
In this webinar, you'll learn how to:
- Define and track the work of teams as it relates to enterprise strategy
- Provide visibility and alignment across the entire enterprise
- Use the connectivity of work to measure outcomes and drive better value to your customers
The Solace PubSub+ Connector allows you to connect your MuleSoft flows up to BOTH the event brokers and Event Portal from the PubSub+ Platform. This allows you to not only send/receive events, but also intelligently import the schemas defining them into your Flow.
Bring your designed event-driven architecture on PubSub+ Event Portal to Anypoint Studio using the new Solace PubSub+ Connector for Mulesoft Anypoint Platform. This will enable you to import your schema, events, and topic space and event-enable your Mulesoft integrations.
Learn more on "Solace PubSub+ Connector for Mulesoft Anypoint Platform" designed to meet your Customer's needs and on-board the developer to speed up the delivery of the Project.
Have any question on Solace Connector or any MuleSoft/Solace issues , Post your question here:
Solace: https://solace.community/
MuleSoft: https://help.mulesoft.com/s/forum
Reach out to me for any technical question:
https://twitter.com/ManishYadav0719
Thanks,
Manish Kumar Yadav
MuleSoft Forum Moderator
Digital Transformation With MuleSoft : That Wins Customerspqrs1234
What is Digital Transformation?
Current Trends in Digital Transformation
Designing API Strategy
How Mulesoft helps in Digital Transformation?
Case Study
What team structure is right for DevOps to flourish? It is useful to characterise a small number of different models for team structures, some of which suit certain organisations better than others. By exploring the strengths and weaknesses of these team structures (or 'topologies'), we can identify the team structure which might work best for DevOps practices in our own organisations.
Update: see newer patterns at http://devopstopologies.com/ and the book Team Topologies at https://teamtopologies.com/book
MuleSoft: How to Engage Partners/Customers and API Led with Alexa Angel Alberici
Slide 1 - Arno Brugman - How to Engage Partners/Customers
Slide 42 - Angel Alberici - API Led with Alexa
Host: Angel Alberici
Youtube: Virtual Muleys : https://www.youtube.com/c/VirtualMuleysOnline/videos
How to Engage: Customer/Partner Engagements
This session is for Developers, Engineers, Architects, C4E & Integration Stakeholders, Partners, SIs and Contractors who want to learn about the prerequisites and requirements for a successful Customer/Partner Engagement.
In this session we will answer the following questions:
Can you provide basic guidelines to avoid the most common pitfalls?
Will our Partner act as a Thought Leader?
How do we ensure our Partner designs and implements with reuse in mind?
How do we verify the work delivered by our Partner?
What information should you share with your Partner?
What should you request (ask) from your Partner?
How should you Engage with your Partner?
Although the slides are presented from the Customer perspective, the session will be of value to Partners, SIs and Contractors too.
After this session, you will know what information needs to be shared between Customer and Partner and how Customer and Partner should engage to ensure successful adoption of the Anypoint Platform and consistent generation of Business Outcomes (value).
DIY: API Led with Alexa “The Contest App”
You saw it and now you want to Do It Yourself (DIY). Session aimed towards Devs/Engineers and enthusiasts/hands-on Architects/Consultants who want to create their own API Led with Alexa application. Agenda:
Speedrun on APLC/SDLC
Successful stories
Participate in the Contest and win prizes!
How does it work? How to do it yourself?
Where is the value in using API Led for this case?
For a beginner, this is a good quality pictorial representation of DevOps and DevOps Center of Excellence.
Opex Software focuses on consulting, implementation and development of DevOps tools and platforms. Have helped small and large data centers! This presentation talks about Continuous Integration, Continuous Delivery at a high level. For detailed presentations and flows, please ping us.
Thanks again, Enjoy!
Speaker: David Guest
Host: Angel Alberici
VirtualMuleys: 63
https://meetups.mulesoft.com/events/details/mulesoft-online-group-english-presents-event-driven-architecture-with-mulesoft/
In this session, we will look at
Event-driven (Asynch) vs Synchronous
Event-Driven Infrastructure
Event-Driven Patterns
Mulesoft Implementation
A well-designed IT Service Delivery Model is critical to achieving success in IT management and operations. Many IT organizations focus on optimizing their technology assets -- the infrastructure and applications. However, in our experience, business value is achieved most effectively when technology assets and the IT service delivery model are integrated and work together seamlessly.
The Agile Stakeholder Management Framework for Teams, Programs, and PortfoliosDrew Jemilo
Stakeholder management is one of the most important responsibilities of a Product Owner. It can also be one of the biggest land mines if you don't continuously inspect and adapt your planning and communication. How do you interact with your stakeholders based on their level of interest and the degree of influence they have over your team's success or failure? In this session, you will learn how to apply the stakeholder management framework to:
1. Identify, analyze, prioritize, and engage your stakeholders
2. Manage expectations through the continuous process of setting expectations, acting on them, reviewing them, and resetting them
3. Build your communication plan using the stakeholder mapping technique and the Net Promoter Score (NPS) to plot your sponsors, major stakeholders, minor stakeholders, and subject matter experts
4. Gain consensus with your stakeholders regarding their rights and responsibilities
5. Scale to the program and portfolio levels
Originally presented at Agile2012
http://agile2012.agilealliance.org/program/schedule/
Agile Portfolio Management Framework With Demand ManagementSlideTeam
"You can download this product from SlideTeam.net"
Presenting this set of slides with name Agile Portfolio Management Framework With Demand Management. The topics discussed in these slides are Agile Portfolio, Management, Marketing. This is a completely editable PowerPoint presentation and is available for immediate download. Download now and impress your audience. https://bit.ly/2ZCQ5sR
GSS America\'s Workplace Services aim at equipping customer’s business with round-the-clock support, through its Global Operations Command Center (GOCC). Its comprehensive range of workplace services gives customers the ability to reduce their costs and improve their service levels. GSS intends to help global enterprises cut down on their infrastructure maintenance costs and provide access to expert skills.
Agile Transformation consists of a group of professional change agents specializing in process improvement and organizational transformation. We are experts in Agile, Lean and organizational transformation methods applied to Technology and Business.
Agile IT Operatinos - Getting to Daily ReleasesLeadingAgile
Getting to Daily Releases with Agile IT Operations. Devin Hedge, Enterprise Transformation Consultant talks to a group at Triagile about the Six Key Areas to focus on when attempting to transform IT Operations with Lean and Agile principles. The talk covers Service Engineering, IT Operations, and the Tier 1 Support/NOC organizations. Kanban, Service Management (ITSM), and what it means to have a DevOps orientation.
Discover Jira Align - Realignment to the EnterpriseCprime
Atlassian Jira Align enables organizations to connect and align around common goals and objectives while providing actionable views and metrics to everyone touching the technology product lifecycle. With the ability to support a number of scaling frameworks, Jira Align helps navigate the complexity of large-scale technology initiatives by unifying and synchronizing the work happening across programs and portfolios for a clear executive-level view. At the same time, agile teams can continue to use their preferred tools, like Jira, to move quickly and deliver the best customer outcomes. With Jira Align, program managers, product managers, and release train engineers get the information they need to empower their teams to deliver the right things quickly and respond to market change.
Join us as we highlight critical features of Jira Align.
In this webinar, you'll learn how to:
- Define and track the work of teams as it relates to enterprise strategy
- Provide visibility and alignment across the entire enterprise
- Use the connectivity of work to measure outcomes and drive better value to your customers
The Solace PubSub+ Connector allows you to connect your MuleSoft flows up to BOTH the event brokers and Event Portal from the PubSub+ Platform. This allows you to not only send/receive events, but also intelligently import the schemas defining them into your Flow.
Bring your designed event-driven architecture on PubSub+ Event Portal to Anypoint Studio using the new Solace PubSub+ Connector for Mulesoft Anypoint Platform. This will enable you to import your schema, events, and topic space and event-enable your Mulesoft integrations.
Learn more on "Solace PubSub+ Connector for Mulesoft Anypoint Platform" designed to meet your Customer's needs and on-board the developer to speed up the delivery of the Project.
Have any question on Solace Connector or any MuleSoft/Solace issues , Post your question here:
Solace: https://solace.community/
MuleSoft: https://help.mulesoft.com/s/forum
Reach out to me for any technical question:
https://twitter.com/ManishYadav0719
Thanks,
Manish Kumar Yadav
MuleSoft Forum Moderator
Digital Transformation With MuleSoft : That Wins Customerspqrs1234
What is Digital Transformation?
Current Trends in Digital Transformation
Designing API Strategy
How Mulesoft helps in Digital Transformation?
Case Study
What team structure is right for DevOps to flourish? It is useful to characterise a small number of different models for team structures, some of which suit certain organisations better than others. By exploring the strengths and weaknesses of these team structures (or 'topologies'), we can identify the team structure which might work best for DevOps practices in our own organisations.
Update: see newer patterns at http://devopstopologies.com/ and the book Team Topologies at https://teamtopologies.com/book
MuleSoft: How to Engage Partners/Customers and API Led with Alexa Angel Alberici
Slide 1 - Arno Brugman - How to Engage Partners/Customers
Slide 42 - Angel Alberici - API Led with Alexa
Host: Angel Alberici
Youtube: Virtual Muleys : https://www.youtube.com/c/VirtualMuleysOnline/videos
How to Engage: Customer/Partner Engagements
This session is for Developers, Engineers, Architects, C4E & Integration Stakeholders, Partners, SIs and Contractors who want to learn about the prerequisites and requirements for a successful Customer/Partner Engagement.
In this session we will answer the following questions:
Can you provide basic guidelines to avoid the most common pitfalls?
Will our Partner act as a Thought Leader?
How do we ensure our Partner designs and implements with reuse in mind?
How do we verify the work delivered by our Partner?
What information should you share with your Partner?
What should you request (ask) from your Partner?
How should you Engage with your Partner?
Although the slides are presented from the Customer perspective, the session will be of value to Partners, SIs and Contractors too.
After this session, you will know what information needs to be shared between Customer and Partner and how Customer and Partner should engage to ensure successful adoption of the Anypoint Platform and consistent generation of Business Outcomes (value).
DIY: API Led with Alexa “The Contest App”
You saw it and now you want to Do It Yourself (DIY). Session aimed towards Devs/Engineers and enthusiasts/hands-on Architects/Consultants who want to create their own API Led with Alexa application. Agenda:
Speedrun on APLC/SDLC
Successful stories
Participate in the Contest and win prizes!
How does it work? How to do it yourself?
Where is the value in using API Led for this case?
For a beginner, this is a good quality pictorial representation of DevOps and DevOps Center of Excellence.
Opex Software focuses on consulting, implementation and development of DevOps tools and platforms. Have helped small and large data centers! This presentation talks about Continuous Integration, Continuous Delivery at a high level. For detailed presentations and flows, please ping us.
Thanks again, Enjoy!
Using Lean Thinking to identify and address Delivery Pipeline bottlenecksSanjeev Sharma
Using Lean Thinking to identify and address Delivery Pipeline bottlenecks: This session explores 'Lean Thinking' techniques to help identify 'bottlenecks' in your delivery pipeline that can be addressed by adopting DevOps
Get Mapped: Using Value Stream Mapping to Create a DevOps Adoption RoadmapIBM UrbanCode Products
Adopting DevOps is not a “one-and-done” project. It is adopting a mindset, a culture. It is a commitment to a journey of continuous improvement by adopting a set of capabilities and practices that are based on Lean principles. Adopting DevOps requires process improvement, automation of the processes using tools, and organizational change to enable a DevOps culture.
The question then becomes – where does one start?
Dashboards and Culture: How Openness Changes Your BehaviourSteve Poole
Much of the adoption of DevOps tools and processes focus on the benefits to delivering high quality code on an industrial scale. Although we all recognize that good monitoring is critical to the availability of a service, it may not be obvious that the act of monitoring can have a profound effect on the attitudes and culture of the teams involved. The right sort of monitoring and appropriate dash-boarding can improve the morale and effectiveness of all the teams involved. The wrong sort of monitoring or badly considered dash-boards can have the opposite effect.
This talk examines how what you share will define you. Through real examples and live demos, the speakers will show you how to design status and trend displays that will make your teams more effective without overloading them. The talk will also include case studies with various types of teams to highlight how you can apply this thinking to help make any group more effective.
Agile Islands 2020 - Dashboards and CultureSteve Poole
This talk examines how what you share will define you. The act of monitoring and dashboarding can have a profound effect, good or bad - on the attitudes and culture of the teams involved. With supporting case studies this session will show how you to help make any team more effective
Agile Tour London 2018: DASHBOARDS AND CULTURE – HOW OPENNESS CHANGES YOUR BE...Steve Poole
Much of the adoption of Agile and DevOps tools and processes focus on the benefits to delivering high quality code on an industrial scale. Although we all recognise that good visual representations of progress and status are critical, it may not be obvious that the act of visualisation can have a profound effect on the attitudes and culture of the teams involved. The right sort of data and appropriate dash-boarding can improve the morale and effectiveness of all the teams involved. The wrong sort of can have the opposite effect.
This talk examines how what you share will define you. Through real examples and a live demo, the speaker will show you how to design status and trend displays that will make your teams more effective without overloading them. The talk will also include case studies with various types of teams to highlight how you can apply this thinking to help make any group more effective.
Tools, Culture, and Aesthetics: The Art of DevOpsJ. Paul Reed
My DevOps Days Tel Aviv keynote: In this talk, we will examine why these now school-aged ideals remain so difficult to implement, explore why DevOps is often described as "the movement that refuses to identify itself," and what your team can do to confront the dichotomies they are likely to face as they transform how they, their colleagues, and their company go about their daily work.
JAX London 2014 "Moving to DevOps Mode: easy, hard or just plain terrifying?"Daniel Bryant
DevOps - is it for you? Heard about the wonderful ways it could benefit your organisation, but put off by the scary stories? Can you really make the transition to DevOps, and is it worth it? Listen and learn from two DevOps practitioners about their hands-on experiences in making the change. Covering a range of real life examples, this talk will explain the real business benefits to be had from using DevOps techniques, as well as the technical and personal aspects involved.
Whether it’s a small team within a startup or one of hundreds within a large organisation, this talk has practical advice on how to approach the challenge, what critical changes need to be considered, and what tools and processes are best suited for the situation. The adoption of DevOps is a game changing event for the industry. Learn why and learn how you can benefit from it too.
This talk was presented with Steve Poole (@spoole167) at JAX London, October 2014
EDF2013: Invited talk Florian Bauer: Unleashing climate and energy knowledge ...European Data Forum
Invited talk Florian Bauer, Operations & IT Director REEEP, at the European Data Forum 2013, 10 April 2013 in Dublin, Ireland: Unleashing climate and energy knowledge with Linked Open Data and consistent terminology
CTOs in London "The Challenges of Evaluating Development Technology Within th...Daniel Bryant
As a technology-focused CTO it can be very challenging to effectively bridge the goals between the business and technology. A primary challenge is maintaining an awareness of current (and future) technologies that could add value to your business, and developing the knowledge and skills to correctly evaluate them the unique perspective (and incentives) of the CTO position. This talk aims to share some of the techniques the OpenCredo team have identified over the past decade of working alongside technology leaders from a variety of organisations.
Is DevOps dead? Have we seen the end of the original intent of the movement that set a path to re-energize the engineering community? With the emergence of a pointed focus on tools and now massive organizations selling 2-day DevOps certifications, have we lost our way? This talk re-centers the focus of the engineering community to why we started this journey originally; to focus on learning, culture and feedback loops within complex systems and organizations. We will use data and stories from the trenches to weave a message about the anti-patterns that are emerging, but shine a focus on the stories of success and what good outcomes look like.
Keynote Dev Days vilnius 2018: how openness changes your behaviourSteve Poole
Much of the adoption of DevOps tools and processes focus on the benefits to delivering high quality code on an industrial scale. Although we all recognise that good monitoring is critical to the availability of a service it may not be obvious that the act of monitoring can have a profound effect on the attitudes and culture of the teams involved. The right sort of monitoring and appropriate dash-boarding can improve the morale and effectiveness of all the teams involved. The wrong sort of monitoring or badly considered dash-boards can have the opposite effect.
This talk examines how what you share will define you. Through real examples and live demos the speakers will show you how to design status and trend displays etc that will make your teams more effective without overloading them. The talk will also include case studies with various types of teams to highlight how you can apply this thinking to help make any group more effective.
DOES SFO 2016 - Kaimar Karu - ITIL. You keep using that word. I don't think i...Gene Kim
Let’s get this straight. ITIL is not about implementing dozens of processes, or about establishing a CAB to review every change request, or about the never-ending story of creating a CMDB. The ITIL framework has been designed to help IT organizations to move from being a black box technology provider – often viewed as a disposable cost centre – to becoming a service provider, and a true partner for the rest of the business. We know – we own the framework.
Unless your customer can achieve their objectives with the technology you run, and can get assistance when needed, no-one cares whether your architecture is built on a monolith, uses microservices, or can brag about being serverless. Agile as a mind-set covers the whole value chain, but common practices are limited to development only. DevOps as a philosophy covers the whole value chain, but common practices are limited to the deployment-focused intersection of development and operations only. Understanding the organisation's strategy, developing the product strategy, and dealing with customer issues are expected to be taken care of by someone else, as if by magic. Because of this, DevOps faces a risk of becoming the largest local optimisation exercise ever undertaken for way too many organisations
In tens of thousands of companies around the world, ITIL has helped to develop an organizational capability that has provided them with a competitive advantage. More than three million people have been certified, and ten times as many trained over the years. Yet, we have all heard the horror stories, too. So what is it that separates a successful adoption of ITIL from an unsuccessful attempt at implementing the framework? What are the common problematic practices and anti-patterns we have seen in the wild, and what does the guidance in ITIL really say? How can you move from a broken approach to IT Service Management to one that delivers value. Can you still use ITIL in the DevOps world? Do you even need to? Or, perhaps, the questions is whether DevOps can survive (in the enterprise) without embracing the service mind-set.
DOES SFO 2016 - Daniel Perez - Doubling Down on ChatOps in the EnterpriseGene Kim
HPE's Research Development & Engineering team has been on a fast-tracked DevOps journey over the past couple of years.
During our DOES 2014 talk we shared our deployment of ElectricFlow as a highly available and centralized self-service solution that has enabled HPE developers to quickly onboard onto ElectricFlow for build/test/deployment pipelines in a repeatable and cost-effective way.
At DOES 2015 we expanded on our investments into a comprehensive monitoring, self-healing, and accelerated deployment strategy across all of our applications to further bridge our Dev and Ops gap with greater visibility into our environments and to accelerate our time-to-market with repeatable and fully automated deploys.
Join us this year as we continue in this journey with our biggest transformation yet: the proliferation of ChatOps within our organization. We will discuss the decisions that lead us to these investments, the key lessons we have learned, and share our various Hubot integrations and capabilities.
DOES SFO 2016 - Greg Maxey and Laurent Rochette - DSL at ScaleGene Kim
t last year’s DOES conference, we introduced the new Domain Specific Language (DSL) for Electric Flow and painted a vision for how it could revolutionize application release automation (ARA) for very large enterprise implementations.
We are pleased to share with you our experiences and learnings from such a large scale implementation in a financial services company that we’ve been working on this past year. This is a very large implementation—hundreds of ‘platforms’, each containing hundreds of application components each targeting hundreds of ‘device types’, that is, thousands of components distributed across tens of thousands of end points in data centers across the world.
Because of regulatory and quality concerns, complex multi-environment stage testing and promotion systems with clear separation of duties must be enforced. While Electric Flow provided the core functionality to achieve these goals, there was a considerable amount of customization required to support legacy applications, tools and processes. All of the custom work done by the Electric Cloud professional services teams was done in DSL, that is, source code first. Customizations are maintained in a source control system and applied to the various staging environments through automated script execution managed by Electric Flow. While the Electric Flow UI was not used to author content, it was used to verify implementation and provide a convenient ways for the client to monitor progress of their application delivery. The result was a highly maintainable and scalable implementation that could be customized and adjusted on a moment’s notice. Indeed, the project has been managed in a lean agile manner with three week sprints.
DOES SFO 2016 - Rich Jackson & Rosalind Radcliffe - The Mainframe DevOps Team...Gene Kim
This session will discuss the success story from Walmart on how they built a set of services on the mainframe to provide capabilities at a large scale for their distributed teams, as well as discuss the transformation required for mainframe teams to achieve this success.
DOES SFO 2016 - Greg Padak - Default to OpenGene Kim
Large enterprises have hierarchical organizations to define areas of responsibility and drive better accountability. Those structures often block cross-team interactions and knowledge sharing that slow innovation and agility. We will discuss strategies that use open platforms to drive meaningful development outcomes through collaboration and productivity across the enterprise.
DOES SFO 2016 - Michael Nygard - Tempo, Maneuverability, InitiativeGene Kim
Tempo. Most people are familiar with it in the musical sense. It’s the speed, cadence, rhythm that the music is played. It drives the music forward - and pulls it back. But there’s more to tempo than a musical beat. In war, like in business, tempo - the speed at which you can transition from one task to the next - is a critical component for victory.
No single person nor department owns tempo. Somebody can’t just shout, “I now control the tempo,” and take charge. If you operate at a faster tempo than your cycle time allows, then you’ll get thrashing. The rate of tempo emerges organically as companies move around that action loop of sensing, deciding and acting.
Tempo emerges from the convergence of architecture, infrastructure, organization, and mindset. All these things have to align to achieve tempo. None of them can be changed in isolation.
In this talk, we will look at different models for transforming an organization to high tempo and high performance. We'll see how that can get derailed and what to do about it.
DOES SFO 2016 - Alexa Alley - Value Stream MappingGene Kim
Value Stream Mapping can streamline development processes and workflows. This talk will cover how Hearst has done internal Value Stream Mapping workshops to improve team collaboration and release times.
In this talk, I will discuss Value Stream Mapping and how it has helped transform internal processes for businesses within Hearst to adopt a DevOps culture. I’ll walk through the successes and learning experiences we’ve gained by holding VSM sessions at different businesses, in varying verticals at Hearst. We will review real examples of workflows, release times, benefits to the contributors and business, and how the collaboration has helped teams. While there are great successes, I will also share where we saw room for improvement and how we continually make changes to bring the most value to our teams. The most important value is how these have helped to start building a DevOps mindset in a company of over 25,000 employees.
DOES SFO 2016 - Mark Imbriaco - Lessons From the Bleeding EdgeGene Kim
DevOps news is dominated by discussions about tools, and with good reason. It's not unusual for the amount of infrastructure-related code in a system to approach or even exceed the amount of code dedicated to the actual problem the system is solving, even in small systems. As our systems scale in size and complexity, we invest an ever increasing amount of resources into building solutions to help manage our our complex technical systems. And rightly so.
What's often overlooked, however, is the human component of our systems. All too often our approaches to tools, processes, and systems management attempt to remove humans rather than empower them.
I'll make the case that humans are not a source of entropy to be safeguarded against in our systems, but rather a fundamental source of resilience and even efficiency. We'll discuss ways that we can use this point of view to our advantage when constructing our systems to move faster without sacrificing safety. We'll look at things like tools and our interactions with them, team collaboration, and even organizational structure and policies.
We've had plenty of talks about building for web scale, cloud scale, and even planetary scale. Let's spend some time talking about designing for human scale.
DOES SFO 2016 - Cornelia Davis - DevOps: Who Does What?Gene Kim
Within the IT organizational structures that have dominated the last several decades roles and responsibilities are fairly standardized. But with the dramatic changes that DevOps practices and supporting toolsets bring, many are left feeling a bit off balance - it’s no longer clear who is responsible for even things as “straight-forward” as development or operations.
In this talk I will take traditional roles that are distributed across fairly standard IT structures and sort them into a new organizational context. What is the role of the Enterprise Architect? Who does capacity planning and how? How can change management step out of the way all while still satisfying the requirements of safe deployments? How do agile teams interface with personnel responsible for maintaining legacy systems? I’ll leave the audience with a blueprint for a new organizational structure.
DOES SFO 2016 - Avan Mathur - Planning for Huge ScaleGene Kim
Installing one CI server or configuring a deployment pipeline for a specific application might be easy enough. However, as enterprises look to scale their DevOps adoption and optimize their software delivery practices across the organization (to support additional teams, product lines, application releases, processes and infrastructure) -- software delivery pipeline(s) need to scale to support enterprise workloads.
For some enterprises, this means having a pipeline that can withstand the velocity and throughput of thousands of product releases, supporting tens of thousands of developers and distributed teams, hundreds of thousands of infrastructure nodes, multitudes of inter-dependent application components, or millions of builds and test-cases.
This scale poses unique challenges and implications for your pipeline design. This talk covers best practices for analyzing and (re)designing your software delivery pipeline – regardless of your chosen tool-set or technologies. Obtain tips and tools for ensuring your pipelines and DevOps infrastructure have the right architecture and feature-set to support your software production as it scales, while also ensuring manageability, governance, security, and compliance.
Learn best practices for how to:
1) Plan for scale: how to project for the types of performance indicators/vectors you’d need to scale across.
2) How to design of your pipeline and supporting infrastructure and operations (such as data retention, artifact retrieval, monitoring, etc.).
3) Design your pipeline workflows and processes to allow reusability and standardization across the organization, while also enabling flexibility to support the needs of specific teams/apps.
4) Design your pipeline in a way that enables fast rollout- easy onboarding thousands of applications, across hundreds of teams
5) Incorporate security access controls, approval gates and compliance checks as part of your pipeline and have them standard across all releases
6) Ensure your architecture support HA, DR and business continuity.
As organizations invest in DevOps to release more frequently, there’s a need to treat the database tier as an integral part of your automated delivery pipeline – to build, test and deploy database changes just like any other part of your application.
However, databases (particularly RDBMS) are different from source code, and pose unique challenges to Continuous Delivery - especially in the context of deployments. Often, code changes require updating or migrating the database before the application can be deployed. A deployment method that works for installing a small database or a green-field application may not be suitable for industrial-scale databases. Updating the database can be more demanding than updating the app layer: database changes are more difficult to test, and rollbacks are harder. Furthermore, for organizations who strive to minimize service interruption to end users, database updates with no-downtime are a laborious operation.
Your DB stores the most mission-critical and sensitive data of your organization (transaction data, business data, user information, etc.). As you update your database, you’d want to ensure data integrity, ACID, data retention, and have a solid rollback strategy - in case things go wrong …
This talk covers strategies for database deployments and rollbacks:
• What are some patterns and best practices for reliably deploying databases as part of your CD pipeline?
• How do you safely rollback database code?
• How do you ensure data integrity?
• What are some best practices for handling advanced scenarios and backend processes, such as scheduled tasks, ETL routines, replication architecture, linked databases across distributed infrastructure, and more.
• How to handle legacy database, alongside more modern data management solutions?
DOES SFO 2016 - Marc Priolo - Are we there yet? Gene Kim
2 years ago at DOES14, I presented “Vision Versus Execution: Implementing Continuous Delivery”. I shared how we achieved a big Continuous Delivery win – increasing software test coverage and delivery velocity and efficiency.
Since then, we have been busy scaling DevOps, Continuous Delivery and Lean principles across teams and practices throughout Urban Science. This rollout included both a cultural aspect, as well as an implementation of a centralized, shared, self-service automation solution for our teams – enabling them to “opt-in” to an automated pipeline.
In this talk I will present anecdotes and learnings gathered through our experience over the past two years and discuss the challenges and the value of scaling DevOps across the organization.
DOES SFO 2016 - Steve Brodie - The Future of DevOps in the EnterpriseGene Kim
DevOps adoption is growing rapidly, especially in the enterprise. What started as a “keeping up with the unicorns” grassroots movement within more forward thinking companies, has matured to large, complex enterprises now often being on the forefront of DevOps innovation.
DOES SFO 2016 - Aimee Bechtle - Utilizing Distributed Dojos to Transform a Wo...Gene Kim
Aimee Bechtle of Capital One’s Card Technology Advanced Engineering team will share how they have utilized Distributed Dojos to transform to a workforce skilled in DevOpsSec, public cloud and automation. Their Distributed Dojo strategy was formed when they needed to quickly and efficiently meet the challenges of a large cloud migration but were limited by local resources. Reaching out to a prominent retail chain they learned how draw from their engineering talent to form short-term, highly focused delivery teams. These teams now work cohesively across multiple locations to solve the challenges introduced when migrating such a large-scale, complex infrastructure to the cloud. They will explain how within weeks several Dojo teams were formed and releasing automation that not only supported Card Technology’s DevOpsSec and cloud mission, but provided associates with new skills that could be proliferated throughout the company.
DOES SFO 2016 - Ray Krueger - Speed as a Prime DirectiveGene Kim
Speed as a Prime Directive
Ray Krueger, Vice President of Engineering, Hyatt Hotels Corporation
Hyatt is transforming into a technology company that delivers digital experiences in the Hospitality industry. We're applying Continuous Delivery in order to achieve our goals faster. In the process, we are simplifying and abstracting legacy environments and building a hospitality technology platform.
DOES SFO 2016 - Paula Thrasher & Kevin Stanley - Building Brilliant Teams Gene Kim
After an initial DevOps transformation as a company, we had to grapple with how to scale and grow the talent and workforce to build a NextGen DevOps-minded company of 18,000+ people. We have built a number of programs to expand awareness, encourage growth mindsets, and drive workforce development. We will share the different ways we are working to "Build Brilliant Teams" to drive our DevOps transformations.
DOES SFO 2016 - Kevina Finn-Braun & J. Paul Reed - Beyond the Retrospective: ...Gene Kim
At DOES15, we presented the work we'd done at Salesforce to take their SRE teams to the "blameless cloud." We worked with various roles in the SRE teams so they could start asking the right questions about failure, and through the postmortem and retrospective process, begin to make lasting changes in _how_ Salesforce worked with and remediated identified failures.
But DevOps espouses less siloed thinking and more shared responsibilities, so we found postmortems within the SRE organization weren't enough. As Salesforce was moving toward a model of "service ownership," teams along
the entire software delivery value stream needed to start to understand their roadblocks to remediation and what aspects of the complex system they worked in were impeding their ability to "own their service."
We'll discuss the second phase of our work in helping these operations _and product_ teams gain a deeper understanding of service ownership, and why
just "DevOps'ing it up" wasn't quite enough on its own to help. plus we'll introduce an expanded model from last year's talk that incorporates human factors and complexity theory. These additions helped prime the teams to more effectively grapple with the challenges facing them on the road to true service ownership.
DOES SFO 2016 - Andy Cooper & Brandon Holcomb - When IT Closes the DealGene Kim
Equifax powers the financial future of individuals and organizations around the world. Using the combined strength of unique trusted data, technology and innovative analytics, Equifax has grown from a consumer credit company into a leading provider of insights and knowledge that helps its customers make informed decisions.
Delivering on that trust requires both business and technical operations excellence. Faced with the growing challenges of the modern marketplace, the Equifax IT organization embarked on a top-to-bottom cultural and technical transformation. This presentation will outline how the Equifax IT team has taken steps towards transforming itself into a nimble, efficient and internally-capable organization. Topics will include key management lessons learned, budget realignment, creating partnerships across organizational boundaries and strategic projects to focus the organization’s transformation efforts. The early results? IT is no longer viewed as a liability to the business, instead IT is now an asset – a strategic partner that is actively helping to close deals.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
14. @TopoPal
Deliver High Quality Working Software Faster
• Across LOBs, Shared Services and 3rd
Parties
• Tested end-to-end
• All dependencies are satisfied
• How fast? ASAP?
25. @TopoPal
Pipeline must have 16 gates
Source code version control
Optimum branching strategy
Static analysis
> 80% Code coverage
Vulnerability scan
Open source scan
Artifact version control
Auto provision
Immutable servers
Integration testing
Performance testing
Build, Deploy, Testing automated for every commit
Automated Change Order
Zero downtime release
Feature Toggle
34. @TopoPal
Risks are real
• Intentional damage
• Unintentional damage
• Untested code in production
But….
There is a better way
35. @TopoPal
Hypothesis
• DevOpsSec & CI/CD provide better
controls
• A model with ~30 practices can satisfy
audit and compliance
• If everything is source code, no one
needs access to production
• For emergency, “Break Glass”
36. @TopoPal
Result
Production Release 1+ / dayOnce / sprint
# of Applications with Release Automation: 20+
Max. # of Releases in 1 day for 1 Application: 34
With “Segregation of Duties”
Good Morning everyone.
My name is Tapabrata Pal, I go by Topo.
My twitter handle is @TopoPal.
And I am an engineer at Capital One.
This is my third year at this conference. And let me tell you that it’s an honor to be back on this stage for the third time and speak to you all. It’s like a home coming for me.
Most of you know Capital One is a Credit Card company. We are one of the largest in the US with over 70 million accounts. Many know that we are also one of the nation’s largest banks. Fewer, however, realize that we are a Founder led 20 years old Technology Company. Our “youngest” competitor is 108 years old. In that sense, we are a startup in this industry.
A typical bank organization will largely procure third-party software for its internal and customer-facing operations. Over the past five years we have transformed ourselves to an organization that truly builds its own software and develops its own solutions.
That is a different DNA.
Today, we are hyper-focused on how we can get more productive, move quicker, get things to market faster, and constantly iterate.
• We build on the public cloud, leveraging continuous integration and delivery methods to deploy our products into production.
• We build using micro-services architecture and restful APIs.
using Open Source
and practicing DevOpsSec and Continuous Delivery
I joined Capital One six years ago.
I started as an Enterprise Architect – I have been involved with Capital One’s DevOps journey from the beginning, many a times I led some key efforts around DevOpsSec adoption, Scaling DevOps across the enterprise, Open Source governance that formalizes open source adoption. I led creation of our Enterprise DevOpsSec Strategy – I helped standing up our Shared Delivery Tools platform. And that led to my movement from Enterprise Architecture to Shared Technology organization.
Currently I am the product manager of our Shared Continuous Delivery Tools Platform that offers typical DevOps tools for the enterprise as services.
In the meantime, few of us at Capital One developed Hygieia DevOps Dashboard and Open Sourced it. It’s the first open source product from Capital One. I am the community manager and one of the core contributors. I can’t tell you enough about my excitement around Hygieia. Since its launch in July 2015, it has become very popular. Google “DevOps dashboard” and the first non-ad hit you get is Hygieia github repo! Many large enterprises are either using it or testing it out. It has won “Open Source rookie of 2015”. If any of you are using it or thinking of it and need some help or have new feature ideas, send me a quick note - @TopoPal or open a github issue.
Overall, I am loving it. Let me tell you the best part of my job – I get to learn new things every day. This is so true when you are in the middle of an awesome transformation and been a part of it.
Our Agile and DevOps transformation over the last 5 years have been quite successful. At a high level, we have transformed ourselves from waterfall to agile – across the board. From manual build, code promotion, testing, release to full automation. Exceptions are off-the-self products and products that are pre-historic . Any new product that have been created over the past 4 years are following agile and devopssec principles. From Vertical Silos of Dev, Ops, QA, Support to Autonomous Product based teams. We are not fully there yet, but we are getting there.
Biggest are these three big transformation is the fact we went from mostly outsourced company to mostly in-sourced. We are continuously hiring skilled engineers.
From vertical silos such as Dev Team, Ops Team, QA Team…. we now have Product Teams. Autonomous teams with everyone needed to develop a product.
As I said this is my third year on this stage.
In 2014, I shared with you our DevOpsSec Strategy, Initial successes of our automation efforts and also shared our success story around scaling DevOpsSec in an Enterprise Scale.
In 2015, last year, I shared our success stories around an Engineering Transformation – not just DevOps. An awesome transformation that I will always be proud of being involved in. I shared how Open Source, Open Technology, Innovation and Sharing changed Capital One culture drastically.
This time, I am going to share our learnings around DevOps maturity through measurement and continuous improvements.
Let me start with where we left off last time – our typical success story – before and after. This is before-and-after for one of our biggest product line. It has more than 250 engineers in the product team that includes dev, qa, ops everyone. A single Github repository with application code, test code, infrastructure and configuration code. The application runs on a public cloud infrastructure.
As you can imagine the result of automation and shift-left are quite apparent in these numbers. Builds every 15 minutes, automated testing, automated deployment to all the environments – it’s all good; and it really is. But this is not where we want to stop. In particular, we are not happy with our deployment frequency.
Let me put a disclaimer right here. For us, a deployment means real application code change. It does not include content changes, style changes, network changes, database changes, system resource changes and so on. Whether we should count those too or not is a different topic of discussion. All I am saying is that a deployment here represents a set of new application code, in whatever form, being installed in production. In other words, the deployment number here is a small subset of production changes that are going on.
2016, the year of “What’s in your pipeline”.
We have been asking our teams a very simple question “What’s in your pipeline”. We have been doing DevOpsSec for a while – for about 5 years now. Our engineers know what DevOps means – or not!
In my honest opinion, we need to stop defining DevOps. Instead of asking what DevOps is, we should be asking Why do we need DevOps.
In my point of view, the answer is very straight forward: the goal is to Deliver High Quality Working Software Faster. Now, we all know what each of these words mean. But “Faster”? How fast? This is so much confusing in many ways… What is a good number? Why do we need to go that fast? We used to do 1 release per quarter… now we have release every month – isn’t that fast enough…
In my point of view, the answer is very straight forward: the goal is to Deliver High Quality Working Software Faster. Now, we all know what each of these words mean. But “Faster”? How fast? This is so much confusing in many ways… What is a good number? Why do we need to go that fast? We used to do 1 release per quarter… now we have release every month – isn’t that fast enough…
To be honest, I cannot answer the question as to how fast is optimum or how fast is feasible. But there is scientific proof that faster is better. There is also evidence that frequent deployment is better. And so, faster and frequent is better – an indicator of high performing IT organization.
It was loud in clear in DevOps Survey. If you have not read this yet, do it tonight.
So, faster is better.
I kept thinking… is there a scientific proof? I know Nicole will tell me that the survey is scientific. And it is. I am thinking I have read this proof somewhere… years ago when I was a kid.
Let me digress here a little bit.
It was Bernoulli in the early 18th century.
Based on Bernoulli’s work, you can explain why when the flow of an incompressible fluid is constricted, the fluid velocity increases. And the dynamic fluid pressure decreases and the energy remain constant.
In essence, science had proven long ago that smaller chuck of changes delivered in a continuous flow through a pipeline increases velocity and creates less pressure…
In order to increase speed in delivery, we started looking at pipelines. Continuous Delivery pipelines. With all the automation, shit-left, practices that we developed over the years, we now wanted to build these pipelines that magically takes a commit from commit stage to production with zero touch.
Easier said than done. We looked at some sample pipelines that people started creating – both inside at Capital One and outside…
We found some rather interesting ones…
Like some pipelines that never end.
Some pipelines are so complex that you don’t know where they start and where they end.
And then, this is the most popular type of pipelines – you need an army to support the pipeline.
I have also seen pipelines that just builds and deploys – but as far as I am concerned, a pipeline that does not have security embedded and that does not have test automation – is not a pipeline. Period. I really don’t care about rest of the things that the pipeline does.
So, to summarize, we had these tasks for ourselves
1. Design and implement a pipeline
2. Measure and identify bottlenecks
3. Fix bottlenecks
Let me share what we did on each of these areas and then I will share with you the outcome.
I call it 10 commandments -- in Hexadecimal. We as an enterprise have come together on these criteria to measure our DevOpsSec success. Every product team are being tracked on these – all the way to the CIO – he sees the progress at a lines of business level.
We spent a lot of time on discussing what to measure, how to measure and how to interpret what we measured. We attacked it from different angles.
Last year during about this time Jez Humble showed me the survey that he and Nicole Forsgren were working on. It looked very promising and we agreed to participate.
We did some proof of concepts, went back and forth on many things; I think we had some good influence on two aspects of the survey: Security and Test Data Management.
We went to the executive leaders and got a green signal from our CIO and then ran the survey in many teams across the Enterprise. They produced some interesting and encouraging numbers. First, and most importantly, that we are moving to the right direction and we need to keep doing what we had been doing so far… and in fact some of our new large product initiatives are at per with top industry performers category. The survey also pointed out few areas where we need to double down.
We also used our own Hygieia dashboard and the newest features in Hygieia that we developed to improve “speed”. We spent a lot of time brainstorming this topic. Speed of what? What is flowing through the pipeline? Business Value? Feature? Intent? Code? We could not come up with a full proof method to track the speed of delivery of business values and features.
What we have is a way to track each code commit through delivery lifecycle stages – from Commit stage to Production Deployed stage. The beauty of this is that we can now see the “wait time” between two stages. Why is this important?
1. In our opinion, you can speed up by reducing these wait times. Why are commits waiting for X number of hours before being deployed to Dev environment? May be lack of automation? May be the infrastructure is unstable?
2. The team can decide which “wait time” needs to be reduced to speed up the pipeline. You do not want the team to spend time in reducing a 10 min build cycle to 5 mins where the test cases take few hours to finish.
3. The teams decide what to do and they will do it. Believe me. You just need to make it transparent. In some cases, you need a bigger effort when it comes to processes.
Both the measurements showed us few things that we needed to address at an enterprise level.
First is process and technical bottleneck to go to production. By decisively selecting public cloud, we had our arms around the technical bottleneck. Technically now we can deploy to production by clicking a button. But, who knew clicking a button is so difficult?
The core of this bottleneck is what all the big enterprises face …. CAB! Change Approval Board. Before going to CAB, you need pre-approvals before getting approvals, and then change management, and review of change management. I am sure it is much more complicated that it sounds. This year we worked very closely with our Audit, Compliance and Risk offices to take a deep dive into our processes and how we can do a better job. We have developed a hypothesis and we are testing it out. Let me share, at a high level, what that hypothesis is… before that, let me state that we started from a set of common believes..
We proved via empirical data that “Trunk based” development is better for Continuous Delivery and this is what we want for our teams to follow. But it is hard to enforce this to hundreds of product teams. So, what we came up with is this simple formula
If team goal is to deploy 3 times a day; CI takes 30 minutes; CD takes 3 hours and Prod deployment takes 1 hour. The team must merge code to release branch within about 3 hours of the original commit.
The core of this bottleneck is what all the big enterprises face …. CAB! Change Approval Board. Before going to CAB, you need pre-approvals before getting approvals, and then change management, and review of change management. I am sure it is much more complicated that it sounds. This year we worked very closely with our Audit, Compliance and Risk offices to take a deep dive into our processes and how we can do a better job. We have developed a hypothesis and we are testing it out. Let me share, at a high level, what that hypothesis is… before that, let me state that we started from a set of common believes..
These Risks are real. You can not deny that. But… there is a better way to mitigate these risks.
Remarkable Results.
Production Release - Only Code release - from 1 / sprint -> 10
Preparing for testing these hypothesis was no way easy. We ended up developing our own release automation tool which has an onboarding process that ensures that a team practices required practices, creates a change order automatically and approves it.
We also forked out LGTM Github review tool – enhanced the tool with many configurable rules that helped us in this work. We wanted to give it back to LGTM but they proposed that we host it as a new product.
In the very near future, we are going to open source the modified LGTM as a new tool.
We are also going to open source those 30 practices as a model.
And unless you have not noticed in DevOps news, there is another DevOpsSec tool that we open sourced this year – it’s called Cloud Custodian.
I will end by sharing a picture of my favorite T-Shirt.
“All of Chuck Norris’s Change Controls are FullCycle… and they are always APPROVED”.