DevOps aims to break down silos between development and operations teams through collaboration, automation, and continuous delivery. While this provides benefits, it can also introduce security risks if security is not properly included. The presentation discusses five key aspects of a DevOps transformation and their security implications. It argues that DevOps and security are not mutually exclusive if security is incorporated through collaboration, automated testing of security requirements, and accelerating remediation of vulnerabilities.
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...Deborah Schalm
Discover how Sona Srinivasan, Senior Architect of Cisco IT’s Global Architecture and Technology Services group, helps transform an IT DevOps strategy to a Security DevOps strategy, with IBM Security's assistance. Cisco is presently implementing continuous security and agile methods throughout the software development lifecycle (SDLC), and specific examples of current initiatives will be reviewed in this session.
As companies have adopted faster development methodologies a new constraint has emerged in the journey to digital transformation: data. Data has long been the neglected discipline, the weakest link in the tool chain, with provisioning times still counted in days, weeks, or even months. In addition, most companies are still using decades-old processes to manage and deploy database changes, further anchoring development teams.
Today, organizations of all shapes and sizes depend on feature-packed application releases to keep end users productive and happy. In their new book, The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations, Gene Kim and his co-authors shared ways that high-performing organizations use DevOps principles to enable reliable deployments - and boring releases!
Gene Kim, CTO, DevOps researcher and co-author of the DevOps Handbook and The Phoenix Project, and Anders Wallgren, CTO of Electric Cloud shared their tips for overcoming the challenges of DevOps and Continuous Delivery at scale. During the webinar, they discussed:
- The business value of DevOps
- How to eliminate “deployment anxiety” and increase business agility
- Lessons learned from large scale DevOps transformations
- The advantages and disadvantages of practicing DevOps in large organizations
To successfully implement continuous delivery in an enterprise, there are specific needs and obstacles which must be addressed. In this webinar, we’ll address the pain points that most enterprises face, and how they can be overcome.
Detecting Insider Threats with Multi-layered Security Webcast Compuware
When it comes to enterprise security, nothing is more securable than your mainframe, but that doesn’t mean it’s impervious to application-level insider threats. You need tools that collaborate to monitor both mainframe hardware and mission-critical assets.
Learn how mainframe system and application security tools can work together to improve data protection. Compuware Product Manager John Crossno and RSM Technical Director Mark Wilson will:
- Discuss the state of mainframe security today
- Explain how to close mainframe security gaps and reach compliance
- Describe the advantages of leveraging system- and application-level security solutions together
Building an Automated Database Deployment PipelineGrant Fritchey
The pace of business accelerates fairly continuously and application development moves right with it. But we’re still trying to deploy databases the same way we did 10 years ago. This session addresses the need for changes in organizational structure, process and technology necessary to arrive at a nimble, fast, automatable and continuous database deployment process. We’ll use actual customer case studies to illustrate both the common methods and the unique context that led to a continuous delivery process that is best described as a pipeline. You will learn how to customize common practices and tool sets to build a database deployment pipeline unique to your environment in order to speed your own database delivery while still protecting your organization’s most valuable asset, it’s data.
According to service scale, there are hundreds or thousands of running containers in your service. Should we monitor each container by microscope or monitor each microservice by magnifier? This depends which granularity can help us find and solve the problems. In this sharing, I will introduce how to use cAdvisor, Icinga2, InfluxDB and Grafana to build a self-hosted monitoring system. In addition, I also discuss with how to embrace open source and share some practical experiences.
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...Deborah Schalm
Discover how Sona Srinivasan, Senior Architect of Cisco IT’s Global Architecture and Technology Services group, helps transform an IT DevOps strategy to a Security DevOps strategy, with IBM Security's assistance. Cisco is presently implementing continuous security and agile methods throughout the software development lifecycle (SDLC), and specific examples of current initiatives will be reviewed in this session.
As companies have adopted faster development methodologies a new constraint has emerged in the journey to digital transformation: data. Data has long been the neglected discipline, the weakest link in the tool chain, with provisioning times still counted in days, weeks, or even months. In addition, most companies are still using decades-old processes to manage and deploy database changes, further anchoring development teams.
Today, organizations of all shapes and sizes depend on feature-packed application releases to keep end users productive and happy. In their new book, The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations, Gene Kim and his co-authors shared ways that high-performing organizations use DevOps principles to enable reliable deployments - and boring releases!
Gene Kim, CTO, DevOps researcher and co-author of the DevOps Handbook and The Phoenix Project, and Anders Wallgren, CTO of Electric Cloud shared their tips for overcoming the challenges of DevOps and Continuous Delivery at scale. During the webinar, they discussed:
- The business value of DevOps
- How to eliminate “deployment anxiety” and increase business agility
- Lessons learned from large scale DevOps transformations
- The advantages and disadvantages of practicing DevOps in large organizations
To successfully implement continuous delivery in an enterprise, there are specific needs and obstacles which must be addressed. In this webinar, we’ll address the pain points that most enterprises face, and how they can be overcome.
Detecting Insider Threats with Multi-layered Security Webcast Compuware
When it comes to enterprise security, nothing is more securable than your mainframe, but that doesn’t mean it’s impervious to application-level insider threats. You need tools that collaborate to monitor both mainframe hardware and mission-critical assets.
Learn how mainframe system and application security tools can work together to improve data protection. Compuware Product Manager John Crossno and RSM Technical Director Mark Wilson will:
- Discuss the state of mainframe security today
- Explain how to close mainframe security gaps and reach compliance
- Describe the advantages of leveraging system- and application-level security solutions together
Building an Automated Database Deployment PipelineGrant Fritchey
The pace of business accelerates fairly continuously and application development moves right with it. But we’re still trying to deploy databases the same way we did 10 years ago. This session addresses the need for changes in organizational structure, process and technology necessary to arrive at a nimble, fast, automatable and continuous database deployment process. We’ll use actual customer case studies to illustrate both the common methods and the unique context that led to a continuous delivery process that is best described as a pipeline. You will learn how to customize common practices and tool sets to build a database deployment pipeline unique to your environment in order to speed your own database delivery while still protecting your organization’s most valuable asset, it’s data.
According to service scale, there are hundreds or thousands of running containers in your service. Should we monitor each container by microscope or monitor each microservice by magnifier? This depends which granularity can help us find and solve the problems. In this sharing, I will introduce how to use cAdvisor, Icinga2, InfluxDB and Grafana to build a self-hosted monitoring system. In addition, I also discuss with how to embrace open source and share some practical experiences.
Enterprise DevOps and the Modern Mainframe Webcast PresentationCompuware
Compuware and CloudBees demonstrate how you can apply modern DevOps practices to your mainframe applications using Compuware ISPW and Topaz for Total Test with CloudBees Jenkins. Compuware Product Manager Steve Kansa and CloudBees DevOps Evangelist Brian Dawson will:
- Position the mainframe as part of your DevOps and CI/CD journey
- Explain how Jenkins automates mainframe source code management and testing
- Demo a CI/CD workflow on a COBOL application
Watch the full presentation on YouTube: https://www.youtube.com/watch?v=x4MWrPy3bKM.
Much attention is focused to the technology aspects of DevOps, including how to automate security testing. But DevOps is as much a cultural movement as anything else, with a strong focus on feedback loops and continuous improvement. How can organizations implement these aspects of DevOps culture when integrating security, given the massive shortfall in skilled information security personnel? This talk discusses organizational and cultural aspects of DevOps with an emphasis on the role of “security champions”—developers cross-trained in information security basics—in executing a successful DevSecOps transformation.
Cloud and DevOps are independent but mutually reinforcing strategies for delivering business value through IT. However, the pace of disruption is accelerating.
If cloud is an instrument, then DevOps is the conductor that plays it. DevOps principles are transforming the way leading enterprises are shortening work cycles, increasing delivery frequency, and helping them adopt an attitude of continual experimentation.
These slides were used in a recent webcast featuring Kevin Behr, co-author of The Phoenix Project and VisibleOps Handbook and Mike Baukes, co-founder of ScriptRock who explored key aspects of how cloud computing can be leveraged to deliver ideas to market faster by activating DevOps principles in your IT Enterprise.
The live webcast can be found at http://info.scriptrock.com/devops_webinar_022714
KEYNOTE | WHAT'S COMING IN THE NEXT 10 YEARS OF DEVOPS? // ELLEN CHISA, bolds...DevOpsDays Tel Aviv
Fifteen years ago, we'd barely started to use S3, and ten years ago DevOps was the new thing. Today, we can add a new tool, technology, or trick every week, and more and more work is shifted into the application developer's workflow. If security, resiliency, and incident response become part of product teams, where will we be ten years from now, and what should we do today to get ready?
In this session, we will learn about Teamcity CI Server. We will look at the different options available and how we can set a CI pipeline using Teamcity.
Connect Ops and Security with Flexible Web App and API ProtectionDevOps.com
Organizations continue to adopt container orchestration to drive efficiencies in their CI/CD pipelines. Given the current business climate with more employees working from home and consumers transacting more online, how can development and operations teams release at increasing velocity with protection baked in?
Connecting operations and security teams have not always been a smooth process: developers and operations staff are charged with site reliability, availability, and uptime while security staff is held responsible for securing an organization’s always-moving perimeter and valuable web layer assets. But the lines have started to blur between DevOps teams and security: you can’t guarantee uptime without baking effective application security tooling into your processes and infrastructure configurations.
A true next-generation, holistic web application and API protection platform does just that: operations teams can integrate security into their workflows and ensure new infrastructure and app code released to production is both effective and secure. Join application security experts Aneel Dadani and Orlando Barerra II from Signal Sciences to learn how your team can deploy at scale safely while gaining layer 7 visibility in production environments. Attendees will learn:
How to inspect web traffic in containers, at the API gateway, or the ingress
How DevOps teams can scale their application footprint to meet demand while securing your codebase in production
How development teams can gain visibility into how their apps and APIs are being used in production and what vulnerabilities may exist that they overlooked
Demo these application security concepts with Ansible, a simple yet powerful IT automation engine that companies use to accelerate DevOps initiatives, including baking application security into their infrastructure.
Scaling Enterprise DevOps with CloudBeesDevOps.com
To successfully implement continuous delivery in an enterprise, there are specific needs and obstacles which must be addressed. In this webinar, we’ll address the pain points that most enterprises face, and how they can be overcome:
Enabling developers to use the latest technology tools and practices
Get build resources on demand, w/o disruptions or downtimes
Unify processes across different teams and business silos
Secure IP assets that are in the development process to ensure compliance
DevOps Will Save The World! : Public Safety, Public Policy, and DevOps In Context
Joshua Corman, CTO, Sonatype
Link to video: https://www.youtube.com/watch?v=K-hskShNyoo
When DevOps talks meet DevOps tactics, companies find that Continuous Integration is the make or break point. And implementing CI is one thing, but sustainable CI takes a little bit more consideration. CI is not all about releases, it is also about knowing more about how your software delivery pipeline works, it's weak points, and how you are doing over time.
Join CloudBees and cPrime as we discuss best practices for facilitating DevOps pipelines with Jenkins Workflow and reveal how the workflow engine of Jenkins CI and “Agilecentric” Devops practices together, support complex control structures, shortens the development cycle, stabilizes environments and reduces defects.
Here is the small presentation on DevOps to DevSecOps Journey..
- What is DevOps and their best practices.
- Practical Scenario of DevOps practices.
- DevOps transformation Journey.
- Transition to DevSecOps and why we need it.
- Enterprise CI/CD Pipeline.
Enterprise DevOps and the Modern Mainframe Webcast PresentationCompuware
Compuware and CloudBees demonstrate how you can apply modern DevOps practices to your mainframe applications using Compuware ISPW and Topaz for Total Test with CloudBees Jenkins. Compuware Product Manager Steve Kansa and CloudBees DevOps Evangelist Brian Dawson will:
- Position the mainframe as part of your DevOps and CI/CD journey
- Explain how Jenkins automates mainframe source code management and testing
- Demo a CI/CD workflow on a COBOL application
Watch the full presentation on YouTube: https://www.youtube.com/watch?v=x4MWrPy3bKM.
Much attention is focused to the technology aspects of DevOps, including how to automate security testing. But DevOps is as much a cultural movement as anything else, with a strong focus on feedback loops and continuous improvement. How can organizations implement these aspects of DevOps culture when integrating security, given the massive shortfall in skilled information security personnel? This talk discusses organizational and cultural aspects of DevOps with an emphasis on the role of “security champions”—developers cross-trained in information security basics—in executing a successful DevSecOps transformation.
Cloud and DevOps are independent but mutually reinforcing strategies for delivering business value through IT. However, the pace of disruption is accelerating.
If cloud is an instrument, then DevOps is the conductor that plays it. DevOps principles are transforming the way leading enterprises are shortening work cycles, increasing delivery frequency, and helping them adopt an attitude of continual experimentation.
These slides were used in a recent webcast featuring Kevin Behr, co-author of The Phoenix Project and VisibleOps Handbook and Mike Baukes, co-founder of ScriptRock who explored key aspects of how cloud computing can be leveraged to deliver ideas to market faster by activating DevOps principles in your IT Enterprise.
The live webcast can be found at http://info.scriptrock.com/devops_webinar_022714
KEYNOTE | WHAT'S COMING IN THE NEXT 10 YEARS OF DEVOPS? // ELLEN CHISA, bolds...DevOpsDays Tel Aviv
Fifteen years ago, we'd barely started to use S3, and ten years ago DevOps was the new thing. Today, we can add a new tool, technology, or trick every week, and more and more work is shifted into the application developer's workflow. If security, resiliency, and incident response become part of product teams, where will we be ten years from now, and what should we do today to get ready?
In this session, we will learn about Teamcity CI Server. We will look at the different options available and how we can set a CI pipeline using Teamcity.
Connect Ops and Security with Flexible Web App and API ProtectionDevOps.com
Organizations continue to adopt container orchestration to drive efficiencies in their CI/CD pipelines. Given the current business climate with more employees working from home and consumers transacting more online, how can development and operations teams release at increasing velocity with protection baked in?
Connecting operations and security teams have not always been a smooth process: developers and operations staff are charged with site reliability, availability, and uptime while security staff is held responsible for securing an organization’s always-moving perimeter and valuable web layer assets. But the lines have started to blur between DevOps teams and security: you can’t guarantee uptime without baking effective application security tooling into your processes and infrastructure configurations.
A true next-generation, holistic web application and API protection platform does just that: operations teams can integrate security into their workflows and ensure new infrastructure and app code released to production is both effective and secure. Join application security experts Aneel Dadani and Orlando Barerra II from Signal Sciences to learn how your team can deploy at scale safely while gaining layer 7 visibility in production environments. Attendees will learn:
How to inspect web traffic in containers, at the API gateway, or the ingress
How DevOps teams can scale their application footprint to meet demand while securing your codebase in production
How development teams can gain visibility into how their apps and APIs are being used in production and what vulnerabilities may exist that they overlooked
Demo these application security concepts with Ansible, a simple yet powerful IT automation engine that companies use to accelerate DevOps initiatives, including baking application security into their infrastructure.
Scaling Enterprise DevOps with CloudBeesDevOps.com
To successfully implement continuous delivery in an enterprise, there are specific needs and obstacles which must be addressed. In this webinar, we’ll address the pain points that most enterprises face, and how they can be overcome:
Enabling developers to use the latest technology tools and practices
Get build resources on demand, w/o disruptions or downtimes
Unify processes across different teams and business silos
Secure IP assets that are in the development process to ensure compliance
DevOps Will Save The World! : Public Safety, Public Policy, and DevOps In Context
Joshua Corman, CTO, Sonatype
Link to video: https://www.youtube.com/watch?v=K-hskShNyoo
When DevOps talks meet DevOps tactics, companies find that Continuous Integration is the make or break point. And implementing CI is one thing, but sustainable CI takes a little bit more consideration. CI is not all about releases, it is also about knowing more about how your software delivery pipeline works, it's weak points, and how you are doing over time.
Join CloudBees and cPrime as we discuss best practices for facilitating DevOps pipelines with Jenkins Workflow and reveal how the workflow engine of Jenkins CI and “Agilecentric” Devops practices together, support complex control structures, shortens the development cycle, stabilizes environments and reduces defects.
Here is the small presentation on DevOps to DevSecOps Journey..
- What is DevOps and their best practices.
- Practical Scenario of DevOps practices.
- DevOps transformation Journey.
- Transition to DevSecOps and why we need it.
- Enterprise CI/CD Pipeline.
What is DevOps?
Why DevOps?
How DevOps works?
DevOps impacts in testing.
Continuous Delivery.
Continuous Integration.
Continuous Testing and Automated Deployment.
A presentation on PHP's position in the enterprise, its past & present, how to get ready for developing for enterprise.
Inspired by Ivo Jansch's "PHP in the real wolrd" presentation.
Presented at SoftExpo 2010, Dhaka, Bangladesh.
Not every continuous delivery initiative starts with someone saying "drop everything. Let's do DevOps." Sometimes you have grow your practice incrementally. And sometimes, you don’t set out to grow a practice at all-- you are just fixing problems with your process, trying to make things better.
I'll walk through a case study of how our team worked on an exemplar project for the Department of Defense to show that agile could work in a decidedly waterfall culture. I’ll also discuss techniques and tools we used to bring a DevOps mindset and continuous delivery practices into an environment that wasn't already Agile.
I'll talk about how we were able to start in development, where we had the most control, with a "let's starting being Agile" initiative and working on "why is continuous integration important?" From there, we tackled one problem after another, each time making the release a little easier and a little less risky. We incrementally brought our practices through other environments until the project was confidently delivering working, QA-tested, security-tested releases that were ready for production every two weeks. I’ll discuss the journey we took and the tools we used to get to build quality into our product, our releases, and our release process.
This session is aimed at people that are trying to adopt agile and continuous delivery, but might be worried that it can’t work in their particular environment due to the enterprise, the culture, or the regulations that surround them.
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austinMatt Tesauro
An overview of how to change security from a reactive part of the org to a collaborative part of the agile development process. Using concepts from agile and DevOps, how can applicaton security get as nimble as product development has become.
DevOps, sibling of Agile is born of the need to improve IT service delivery agility to the more stable environment.
DevOps movement emphasizes tearing the boundaries between makers (Development) & caretakers (Operations) of IT services/products.
The DevOps methodology integrates development and operations so that system changes can get rolled out quickly without causing unplanned downtime. Industrial organizations that successfully implement DevOps will have a strong advantage, but knowing how to get started can be a real challenge.
The Continuous delivery Value @ codemotion 2014David Funaro
System Crash, failure data migration, partial update: issues that no one would ever want to meet during the deploy and ... hoping for the best is not enough.
The deployment activity is important as those that precede it. The Continuous Delivery will give you low risk, cheap, fast, predictable delivery and ... soundly.
Interested in DevOps but not sure how to get started? Join us to explore the real meaning behind DevOps and how to begin your own DevOps Journey. Every organization is different, but DevOps is a universal concept, and it can be applied anywhere. We'll explore some common patterns and approaches, both technical and cultural that can get your organization started on their own adventure!
Simon White, Marks and Spencer Group DevOps Manager discusses the disconnect between traditional SQA & Agile approaches and how DevOps can be perceived as the ‘mature Agile’ model.
Key takeaways
- Continuous “everything” is at the heart of agile and devops
- Continuous activities result in faster delivery and higher quality
- Rapid feedback and practice are essential for confidence in your delivery process
View webinar recording - http://testhuddle.com/resource/continuous-everything/
Similar to Security Implications for a DevOps Transformation (20)
Exploring Prometheus: Combining Metrics and Alerting to Improve Incident Mana...Deborah Schalm
While Monitoring and Alerting are a core activity for DevOps teams, many challenges remain in achieving effective incident management. To to this, highly effective incident management teams are trending away from traditional, static monitoring tools and instead turn to metrics and statistical analysis as their primary approach.
Prometheus has been a leading force in the adoption of time-series metric collection. The open-source platform has seen significant adoption in recent years because it provides a scalable approach to collecting metrics from applications, systems, and infrastructure. With strong support for container/microservices environments, Prometheus has become the go-to solution for metric-based analysis and monitoring.
Join Brian Berlin and Matthew Boeckman on November 7th as they detail an end-to-end monitoring and incident management workflow between Prometheus and VictorOps. The presentation will go in-depth into setting up a standalone Prometheus server to monitor vital parts of your infrastructure, and then building in push alerts through Alertmanager and VictorOps to drive dynamic incident management workflows.
When an organization takes on technical debt unknowingly we call it Dark Debt. While we’ve gotten good at identifying and managing technical debt, Dark Debt of the cultural variety is harder to see.
Is your IT organization’s culture impacted by:
Invisible and unplanned work
Late work or low quality work
Unclear priorities and wasted effort
If so, you’re likely dealing with unintended consequences of decisions that caused misalignment and a lack of visibility - two common causes of Dark Debt. Join us to learn how to recognize and avoid the causes of Dark Debt so you can start repairing the culture of your organization.
A Discussion of Automated Infrastructure Security with a Practical ExampleDeborah Schalm
New Common Vulnerabilities and Exposures (CVEs) are released often, leaving infrastructure at risk of compromise. Join us for a discussion of how to automate infrastructure security including a real world example where a critical CVE will be discovered in a build job, the base image will be patched and the fix will be confirmed.
Protect Your Organization Against Known Security DefectsDeborah Schalm
With the proliferation of vulnerabilities continuously being uncovered in untested software at alarming rates, organizations are prioritizing those that are most detrimental to their application landscape. The increased adoption of DevOps, the growing maturity of application security programs, and more formalized developer training initiatives are helping organizations test and ensure the delivery of secure software. Join Tim Jarrett, Sr. Director, Product Management at Veracode, as he discusses these trends based on the recently published State of Software Security Report, 2017. Specifically he’ll cover key statistics related to topics including:
-Industry trends such as vulnerability fix rates and percent of applications with vulnerabilities
-The pervasive risk from vulnerable open source components
-How shifts in Operations and Testing practices can significantly improve the quality and security of applications
Learn best practices for measuring application portfolio risk, remediating software vulnerabilities, and working with development teams to embed these concepts into the software development lifecycle.
In this webinar we will explore the common operational challenges many DevOps teams are facing today, how the traditional IT Operations best practices could be leveraged for use in a DevOps methodology, and how new operations management tools can help you carry out those best practices to meet your goals on an on-going basis.
Machine Learning to Turbo-Charge the Ops Portion of DevOpsDeborah Schalm
Already on a continuous or short-cycle delivery? Constantly rewiring your apps with microservice and similar architectures? Maintaining visibility and maximizing service levels once this stuff gets into production could be a regular nightmare. Coding instrumentation into your apps is time-consuming and error-prone. Instead, let machine learning do the work of adapting your monitoring to your fast-moving application environments. In this webcast learn about various types of machine learning that are optimized for operational data, and see in a demo how this could be leveraged to ensure your ops move as fast as rest of your DevOps pipeline.
Post-Equifax: How to Trust But Verify Your Software Supply ChainDeborah Schalm
We are bringing together IT leaders from TomiTribe and the Federal Reserve Bank of New York to discuss the importance of trusted software supply chains in the post-Equifax breach environment. Learn why Gartner believes establishing, managing and maintaining tiers of trust requires an integrated approach throughout your entire DevOps practice.
In this webinar, we will discuss how:
Leading DevOps teams responded in the wake of the Equifax Stuts2 breach
DevSecOps practices help us improve our defenses and mean time to remediate new vulnerabilities
Embed and quantify trust when using open source components and containers throughout the SDLC
All attendees will receive a copy of Gartner’s Managing Digital Trust in the Software Development Life Cycle. Register today!
ZeroStack will pull back the curtain and take a bare metal server to cloud right in front of your eyes. To take it one step further, ZeroStack's office manager (yes, you read that correctly) will show how easy this process is with the help of one of our engineers. He’ll talk while she drives. What could go wrong???
ZeroStack touts the only self-driving private cloud -- that gives you a public cloud consumption experience while keeping your workloads on prem -- ensuring better performance and lower latency.
Taking DevOps Monitoring to the Next Level - The 5 Step Guide to Monitoring N...Deborah Schalm
Companies are committed to delivering on higher levels of customer satisfaction for their online services. Unfortunately, many organizations trying to support these initiatives take an interrupt driven approach where they monitor everything with every tool available. The steps you should take to manage to these high levels of SLAs is to start with a review of your current approach and toolset against the business needs to help you create a path to continuous service delivery optimization.
The first step in getting control and visibility into your DevOps environment is to collect and instrument everything. But how do you get started, what are the next steps. In this webinar we will distill the learning from hundreds of our customers into a simple 5 step process.
Top 5 Considerations for Operating a Kubernetes Environment at ScaleDeborah Schalm
Organizations are leveraging new cloud technologies and building innovation-centric delivery models to enable the speed required by today’s new digital initiatives and customer demands. While many are embracing leading edge technologies, few are ready to successfully manage the complexities and fundamentally different operational challenges in this new digital era.
Join Keitaro and SignalFx for a deep dive on operating Kubernetes at scale. Hear about Keitaro’s experience in leveraging Kubernetes to increase scalabilities and accelerate deployment cycles and gaining comprehensive visibility in these environments with SignalFx.
Is a Monolith Standing in the Way of Your Digital Transformation? Refactor fo...Deborah Schalm
Monolithic applications are defined as single-tiered software in which the user interface and data access code is combined into a single application for a single platform. Monoliths can impact your ability to create APIs, deliver capability quickly, and even perform routine application maintenance. Refactoring is the antidote to monolithic software. It can result in improved team agility and autonomy, plus it paves the way for API creation. Learn how DevOps for the Enterprise software can help you refactor- from discovery of your z/OS assets and impact analysis, to the modularization task itself, including editing, compiling, testing, and debugging.
Application Discovery! The Gift That Keeps on GivingDeborah Schalm
nterprises are under tremendous pressure to deliver business value, and traditional businesses are under threat from disruptors. How can enterprises deliver business value from applications that have existed for as long as modern computing has been in place. Is it possible to monetize these monolithic applications residing on large System of Records?
In order to simplify and improve their productivity, enterprise developers are exploring ways to discover hidden patterns in their application delivery pipeline and adopting DevOps.
Learn how enterprises can unlock value from their existing applications with the help of Application Discovery methodologies combined with the power of APIs.
Join Rosalind Radcliffe - Distinguished Engineer, IBM & Suman Gopinath - Solution Architect , IBM as they discuss and help the mainframe enterprise tread the digital transformation journey.
Top 5 Challenges in Scaling DevOps in Brownfield EnvironmentsDeborah Schalm
Many believe that DevOps is primarily for greenfield projects. But, in order to compete enterprises must scale DevOps to utilize new technology solutions while maximizing the value of their current investments in critical IT infrastructure and business applications. Join Gary Gruver, well known DevOps leader and author, and Mark Levy, Director of Strategy at Micro Focus as they discuss the main challenges facing large enterprises as they try to scale DevOps across their brownfield environments.
The Coming Earthquake in WebSphere Application Server Configuration ManagementDeborah Schalm
A marketing-free, engineering-led webinar: What was “state of the art” in configuration management has changed a lot in just a few years. It is about to change a lot more. Hear DevOps and IT automation practitioners and visionaries outline recent configuration management evolution and contrast that to the coming revolution which includes automatic drift detection, automatic config comparisons and auto-remediation of out-of-compliance configurations. Q&A afterwards.
Planet of the APIs: Monitoring Transactions in the WildDeborah Schalm
APIs power today's connected digital world, but can also hurt your end-user’s experience if integrations are not available or functioning properly, so API monitoring has become critical to protecting performance.
Get Loose! Microservices and Loosely Coupled ArchitecturesDeborah Schalm
The recently published results from the 2017 State of DevOps Survey shows that loosely coupled architectures and teams are the strongest predictor of continuous delivery. Microservices and Containers are a great choice for creating these loosely coupled systems. But, many teams find it hard to decompose monolithic applications into Microservices, and they find it harder still to coordinate deployments and releases into the emergent “hyper-hybrid” operating environments.
Proactive Monitoring: Playing Offense for the WinDeborah Schalm
Everyone knows the adage, that the best defense is a good offense. This statement holds true for monitoring as well.
In current monitoring solutions and environments, the modus operandi is based on reacting to events as they happen, drilling down to the raw data, and looking for anomalies. This is a tedious task that can take a lot of time, and tends to be done while there is a business affecting failure.
Just because monitoring is defensive, does not mean that we can’t take an offensive/proactive approach. By using AI, Loom Systems mimics the actions taken by a DevOps engineer to find the root cause of the problem quickly and effectively.
No Tool is an Island: Building DevOps into your businessDeborah Schalm
IT toolstacks keep growing, with specialized tools that improve the efficiency of the business analysts, developers, testers, and service desk reps involved in the software delivery value stream. The problem is: NOTHING IS FLOWING! Tasktop was no exception. We struggled with the lack of visibility, communication bottlenecks, inefficiencies and waste created by a disconnected toolchain. In this webinar, we’ll describe the problems we faced and how we’ve solved them with relative ease through automation across our value stream.
Scale Continuous Deployment to Production with DeployHub and CloudBeesDeborah Schalm
Moving from a simple Jenkins CI workflow to Continuous Delivery requires a focus on Continuous Deployment. Join us for a discussion on how to integrate DeployHub, an open source application release automation solution, into your CloudBees pipeline to support automated deployments across dev, test and production. You will see how to create a Continuous Feedback loop, track change request and support rollback and version jumping all orchestrated via the CloudBees platform. Maturing your CD process to support continuous deployment using ARA has always been possible, but extremely expensive. DeployHub OSS solves the budget problem, integrated into CloudBees - and it is agentless for fast easy implementation.
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
5. Most DevOps conversation is loosely defined
● What DevOps isn’t
● Value proposition
● High-level characteristics
— Fewer silos
— Common tools
— Tech closer to customers
Practical DevOps
6. This makes it hard to quantify
What are the impacts on security?
15. Time for reinforcements
Harry Hello
Can say “Hello” in 57
languages
Wendy World
Can say “World” in 62
languages
Practical DevOps
16. Complication 1: Collaboration
● Who owns the file?
● Is someone else editing it?
● How do I request a change?
● What changed last?
Practical DevOps
17. Improvement 1: Version Control
Authoritative source for application code
● File history
● Change tracking
● Conflict resolution
● Version rollback
Practical DevOps
26. Let’s build a test server!
Practical DevOps
How about
“Harry”?
What do we
call it?
Test
Prod
27. Complication 3: Validation
Manual testing has weaknesses
● Slow: a person has to perform the steps
● Unreliable: people miss steps
● Late: can’t happen until after deployment
Practical DevOps
Test
Prod
28. Improvement 3: Automated tests
● Fast
● Consistent
● Run early and often
— Locally
— On check-in
— On deployment
Practical DevOps
32. Complication 4: Orchestration
We’re just telling the computers what to do
● Manage code
● Run tests
● Build packages
● Deploy packages
Practical DevOps
33. Improvement 4: Continuous Integration
Continuous Integration Servers
● Define jobs
● Run tests
● Build packages
● Deploy apps
● Run jobs on target servers
● Chain jobs together
● Stop execution if a job fails
Practical DevOps
34. Continuous Integration: Security Implications
● Single point of entry to infrastructure
● Elevated access to managed servers
● Arbitrary job execution
Practical DevOps
35. All the pieces are in place
Practical DevOps
Test
Prod
I’ll take it
from here
40. Improvement 5: Infrastructure as code
● Rewrite configuration instructions
● Interpreted by computers
● Managed identically to app code
Practical DevOps
41. Infrastructure as code: Security implications
● Agents run as root on all servers
● Code is generally trusted
● Wide-ranging abilities
— Package installation
— Service reconfiguration
— Arbitrary script execution
● Runs unattended
Practical DevOps
43. DevOps
The directed use of
automation to build a common
workflow for developers and
operations
DevOps
The directed use of
automation to build a common
workflow for developers and
operations
46. There is a perception that
DevOps is incompatible with
strong security.
47. We feed this perception
● Emphasize trust over verification
● Purist mentality
— If it interferes with efficiency, it’s not DevOps
● Security is an afterthought – deal with it
in Production
Practical DevOps
Is security the new ops?
49. Security concerns
● Financial protection
● Intellectual property
● Customer data
Practical DevOps
Compromises are costly and on the rise
50. Requirements of security organizations
● Rigor
— Minimize opportunities to introduce
vulnerabilities
● Visibility
— Understand what has changed, so that effects
can be evaluated
● Responsiveness
— When a vulnerability is identified, remediate it
as quickly as possible
Practical DevOps
52. DevOps Strength: Collaboration
● Dev and Ops teams working together is a
huge benefit
● Security often gets left out
● Stop throwing over the wall to ops, keep
throwing over the wall to security
Practical DevOps
53. DevOps Strength: Automation
● Fewer eyes and minds on the code
● Less consideration of concerns outside of
direct application functionality
— We’re only validating what we test
Practical DevOps
54. DevOps Strength: Speed
● More changes introduced to production
more frequently
● Less time to measure the impact of a
change
● Often making updates before previous
changes have been validated
Practical DevOps
56. Collaboration: Include Security
● Design for security
● Assess security implications of changes
in tickets
● Incorporate security patches into the
delivery pipeline
Practical DevOps
57. Automation: Automate tests and validation
● Trigger vulnerability scans on deploy to test
— This can be expensive
— Tie to deployment schedule, but leave time for remediation
● Build tests for security
— System configuration
— Package versions
— Input validation
● Incorporate monitoring, logging
— Install and configure servers and agents
— Detect, repor, and alertt on anomalous behavior
Practical DevOps
58. Speed: Accelerate remediation
● Use delivery pipeline to push OS patches
to production
● Update, test, and deploy custom
applications more quickly
● Use monitoring and logging to identify
vulnerabilities and anomalous behavior
more quickly
Practical DevOps
When you’re learning something new, you don’t dive in at the end – you start at the beginning. So let’s take that approach to familiarizing ourselves with DevOps. We’ll take the case of a new startup, and build to a DevOps toolchain as we encounter – and solve – the common problems in a software development process.
This is by design
We need a more concrete frame of reference in order to assess operational impacts of a DevOps transformation.
Peopleoften talk about a DevOps Toolchain, and present it like this. There’s an awful lot going on here, and this can only overwhelm people who don’t have a clear conception of DevOps.
Fundamentally, DevOps can be best understood as the latest step in a series of improvements to the way that IT organizations write software and deliver it to servers. By placing DevOps on a continuum in this way, we can give it context and define a company’s “DevOps transformation” in terms of the larger technological transformations that have led us to DevOps.
Let’s strip away all this complexity now and get back to basics.
Okay, so how did we get here?
When you’re learning something new, you don’t dive in at the end – you start at the beginning. So let’s take that approach to familiarizing ourselves with DevOps. We’ll take the case of a new startup, and build to a DevOps toolchain as we encounter – and solve – the common problems in a software development process.
When we’re just getting started, building our application is pretty easy.
When we’re just getting started, building our application is pretty easy.
It’s almost not worth calling it a workflow at this point. I’m just logging on to my single server and writing the webpage live. Easy-peasy.
Inevitably, when we go live we discover complications. In this case, we can’t very well say “Hello, world!” to the world if we only say it in English. Looks like we need to do some more work. But I can’t keep up with this. I’m not a language expert and I don’t have the time to go around looking up translations while doing the business of running my incredibly popular website. Let’s hire some developers.
So we hire some developers to handle the increasing demand for features.
Now that we have two people, our initial approach is already starting to break down. We need a more effective way to collaborate so we aren’t endlessly stepping on each other’s toes or spending lots of time trying to figure out what’s changed and who did what.
It’s a pain for people to keep track of all this
This is where a good version control system excels. It facilitates collaboration by handling all of the bookkeeping (change tracking, versioning, conflict resolution), and freeing the developers to focus more on writing code.
This is still mostly a manual process, and has some weaknesses. There’s no validation that I’m checking out the right thing, or putting it in the right place with the right permissions. I can’t manage dependencies. I need knowledge of the underlying VCS structure in order to manage versions. Some orgs have restrictions against having dev tools (such as VCS clients) on production systems.
Ask: How can we solve this one?
With a version control server in place, we can make our first revision to the workflow. Now, instead of making changes directly on the production server, we commit our changes to the version control server and then check out the new files on the production server.
This is still mostly a manual process, and has some weaknesses. There’s no validation that I’m checking out the right thing, or putting it in the right place with the right permissions. I can’t manage dependencies. I need knowledge of the underlying VCS structure in order to manage versions. Some orgs have restrictions against having dev tools (such as VCS clients) on production systems.
Ask: How can we solve this one?
We can overcome most of these limitations by introducing package management. Instead of copying files directly to our destination server, we can bundle them into a single, atomic package that contains metatdata (version info, installation location, dependencies) and provides facilities for automated installation and uninstallation activities.
This is still mostly a manual process, and has some weaknesses. There’s no validation that I’m checking out the right thing, or putting it in the right place with the right permissions. I can’t manage dependencies. I need knowledge of the underlying VCS structure in order to manage versions. Some orgs have restrictions against having dev tools (such as VCS clients) on production systems.
Ask: How can we solve this one?
Now we revise our workflow further. After checking the latest version of code, we build a package that contains all of the files. We then deploy that single package to the server, rather than copying a lot of files. This results in deployments that are faster, more reproducible, and more reliable than was previously possible.
ThinWe now have effective collaboaration and easy deployments. We can get our multi-lingual greeting site out to the people. Let’s do it.
Whoops. Automation without validation just gets bugs to production faster.
The most straightforward way to validate our code’s quality is to set up a test server, and deploy to it first before we deploy to production. That allows us to validate the test application before it hits production.
This helps, but our test process has the same weaknesses that all manual processes share. They are slow and unreliable. People aren’t as good at repetitive, systematic tasks like validation as machines are. This testing also happens late. By the time we run the first test, we’ve already committed the code to version control, built a package, and deployed it to one environment. That’s a lot of work when we have no idea whether the code is any good. It would be better to catch the problems earlier.
If we can come up with a way to allow the computer to do our tests, then we gain all the benefits of automation. Because of this, people have written a variety of automated testing frameworks that do just that. Once we’ve automated our tests, it’s easier to apply them earlier (and more frequently) in the lifecycle.
If we can come up with a way to allow the computer to do our tests, then we gain all the benefits of automation. Because of this, people have written a variety of automated testing frameworks that do just that. Once we’ve automated our tests, it’s easier to apply them earlier (and more frequently) in the lifecycle.
So now we revise the workflow again. Rather that a single, monolithic, manual test late in the process, we inject a series of automated tests throughout. This gets the tests dome more quickly and helps to ensure the quality of the code at each step of the process.
Remember, this is iterative.
Now, computers are doing the bulk of our work for us. They track the versions of the code, run tests on the code, bundle it into packages, deploy it to our servers. Outside of writing the code, just about the only thing that people are doing is telling the computers what to do and when.
Turns out we can offload that to computers, too.
Continuous Integration servers, at their root, are job execution engines. They can monitor entities (like a VCS repo) and kick off jobs in response to events, or they can be made to kick jobs off by invoking an API. The jobs can be invoked on any servers to which the CI server has access (generally via SSH or an installed agent). This gives us a way to let the computers. Jobs can be chained to other jobs, creating what is commonly known as a “pipeline.” You can even define workflow and reporting logic, so a pipeline run can be stopped and the proper people notified automatically if a job fails.
This allows us to take still more work out of the hands of people and transfer it to a machine.
If we can come up with a way to allow the computer to do our tests, then we gain all the benefits of automation. Because of this, people have written a variety of automated testing frameworks that do just that. Once we’ve automated our tests, it’s easier to apply them earlier (and more frequently) in the lifecycle.
Now we’ve automated all of the steps of the development process that lend themselves to automation. Our developers can focus solely on writing code, and as soon as they check something in, our automated workflow kicks in and does the rest. We’ve attained nirvana…
…almost.
Things always fail, and usually at the worst time. We’ve got a great app development and delivery process, but what happens when a piece of the infrastructure breaks?
We call in the sysadmin, of course. And this is where agile dreams have been dashed for decades. For a surprisingly long time, there was no good way to write the instructions for (re)building a server in a way that a computer could interpret. Instead, sysadmins operated from memory or from giant runbooks (paper or electronic).
We call in the sysadmin, of course. And this is where agile dreams have been dashed for decades. For a surprisingly long time, there was no good way to write the instructions for (re)building a server in a way that a computer could interpret. Instead, sysadmins operated from memory or from giant runbooks (paper or electronic).
Over time, we created a series of progressively smaller anchors, but we almost always came back to the giant runbook. Sometimes a shell script would replace a paragraph or two, but we’d still have a line in our tome that said “and then run this script.” Golden images and VM snapshots removed some of the drift and repetition, but those starting points were still generally built by hand an then imaged. If anything in the underlying image needed to change, we made the change by had and rebuilt the image.
What we really needed was the same thing the developers had all along: a way to rewrite the instructions that we followed for building a machine – that is, our runbook – in a way that allows a computer to interpret and act upon them. This breakthrough was infrastructure as code.
Over time, we created a series of progressively smaller anchors, but we almost always came back to the giant runbook. Sometimes a shell script would replace a paragraph or two, but we’d still have a line in our tome that said “and then run this script.” Golden images and VM snapshots removed some of the drift and repetition, but those starting points were still generally built by hand an then imaged. If anything in the underlying image needed to change, we made the change by had and rebuilt the image.
Once we have an implementation of infrastructure as code, we can apply all of the same tools that our developers have been using with such success to system configuration. This was the shift from agile development with an anchor to DevOps. It’s important to recognize that there is almost nothing new here – most of the technology and practice has existed for years in software development circles. The one thing that changed was the introduction of a way to express system configurations in a manner that allowed us to bring those software development practices to bear on system configuration management.
Please don’t call it DevOpsSec
But in a lot of ways, the DevOps community regards security orgs in a similar manner to ops in the past. We throw things over the wall for security to deal with later.
Even if a compromise doesn’t cause direct harm in the form of IP theft or financial loss, the negative publicity associated with disclosure can cause significant harm.
None of this is unreasonable. Though sometimes the processes to ensure them can be burdensome, the requirements themselves are sound.
The very things that make DevOps so successful as a development methodolgy undermine the confidence of security organizations.
Were you wondering when I’d get to the part where this is actually good for security?
Each of the testing and CI points in the pipeline represents an opportunity to incorporate security.
We can also extend this pipeline in order to incorporate automated logging and monitoring systems.