DevOps and SecOps practices for continuous delivery pipelines
•Download as PPTX, PDF•
0 likes•317 views
This document discusses DevOps and SecOps practices for continuous delivery. It describes how DevOps aims to reduce the time between committing code changes and releasing to production while ensuring high quality. SecOps integrates security into the deployment pipeline so developers and operations teams collaborate on security. The document also provides a case study on factors to consider for designing a continuous delivery architecture for a CRM system. These include requirements documentation, architecture readiness for continuous delivery, infrastructure readiness, building a pipeline, and integrating quality assurance such as testing, security, and configuration checks into the pipeline.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to DevOps and SecOps practices for continuous delivery pipelines
Similar to DevOps and SecOps practices for continuous delivery pipelines (20)
More from Dr. Anish Cheriyan (PhD)
More from Dr. Anish Cheriyan (PhD) (15)
Recently uploaded
Recently uploaded (20)
DevOps and SecOps practices for continuous delivery pipelines
- 1. Prepared by : Anish Cheriyan, Director, Huawei Prepared By Anish Cheriyan, Director, Huawei Technologies
- 2. Topics • DevOps & SecOps • Practices in Detail • Summary
- 3. Background • Application & Embedded Development. • Network Management System • Protocol Stack
- 4. Traditional Quality Assurance Gated Approach for Quality Assurance Requirem ent Design Coding Unit Test Functiona l Testing includes ities Independ ent V&V Launch
- 5. DevOps DevOps is a set of practices intended to reduce the time between committing a change to a system and the change being placed into normal production, while ensuring high quality
- 6. Security Picture Courtesy: http://threatgeek.typepad.com/.a/6a0147e41f3c0a97 0b01a73dba51f6970d-pi ‘To err is human, to really screw up you need root password’
- 7. SecOps SecOps built into the Deployment Pipeline. Dev & Ops Collaborate and ensure desired level of Security Picture Courtesy: http://threatgeek.typepad.com/.a/6a0147e41f3c0a97 0b01a73dba51f6970d-pi
- 8. Case Study • Consider and CRM System which uses a Modeling tool to automate the business processes. • The system which has two key parts-Workflow Engine and Workflow Modeling tool (UI) team . Workflow Engine works based on the rule engine. Modeling Tool uses the Engine. Total team size is around 60. • What are factors you will consider to designing your Continuous Delivery Architecture.
- 9. Short Feedback Loops DevOps Delivery Deploym ent Picture Coutesy: https://www.flickr.com/photos/
- 10. •Requirement documentation at right granularity •OPS Perspective- deployability, modifiability, monitoribility Requirements Picture Coutesy: https://www.flickr.com/photos/libramano/9372711893/
- 11. . Architecture Readiness for CD- deployability, modifiability, monitoribility , testability . Continuous Delivery Architecture . Build Pipeline Architecture Picture Coutesy: https://www.flickr.com/
- 12. Infrastructure Readiness •Environment Provisioning based on customer requirement analysis (OPS) •Right Tool Usage (VM, Container like Docker etc) for the respective requirement
- 14. SystemArchitecture L1 CIArhitecture L2 DeploymentPipeline L3 C1 C2 C3 M1 C1 Continuous Integration System C2 Continuous Integration System C3 Continuous Integration System C1 Deployment Pipeline C2 Deployment Pipeline C3 Deployment Pipeline Hierarchical Approach for CD and DevOps
- 15. Quality Assurance in the Pipeline Inspectio n /Static QA Test QA Security Assuranc e Configura tion QA 'ities' Assuranc e
- 16. Inspection/Static QA Simian Rules for managing the rules
- 17. Test QA Read at : http://www.thinkinginagile.com/2015/07/agile-testing-practices-mapped-to.html
- 18. Security Assurance Static/Dyna mic Analysis (Fortify, Coverity) Scanning (Nessus, Nmap) Security Test (Threat Model) Attack
- 19. Configuration QA • Single Source Repository for all items • Build Script Quality (abstraction, modularization, coding guidelines) (Automatic or manual way)
- 20. Analysis of the Build Pipeline Build Private Build Version Build Function Build ities Build Deploym ent Build Build 01 Pass Pass Fail Fail Fail Build 02 Pass Pass Pass Fail Fail Build 03 Pass Pass Fail Fail Fail Build 04 Pass Pass Pass Fail Fail Build 05 Pass Pass Fail Fail Fail Build 06 Pass Pass Fail Fail Fail Build 07 Pass Pass Fail Fail Fail
- 21. Test your Deployment pipeline Repea tabilit y Perfor mance Reliabi lity Recov erabili ty Intero perabil ity Testabi lity Modifi ability
- 23. Summary • Continuous attention to technical excellence and good design enhances agility • Lets Build Quality & Security into the deployment pipeline