Applying and scaling DevOps in Enterprise Organizations Motivation As continues to grow in importance in our daily life, Enterprises of all types see themselves forced to become their own “ versions”. technology digital Either because of pressure of their super connected consumers or pushed by new competitors, they soon realize that their current processes are no longer able to keep up the pace of business and faster cycles. innovation feedback While most of these organizations have already shifted their development methodologies towards Agile, this agility is usually confined into the development teams silos and have little, if any, impact on the overall organization . time to market is definitely one of the key practices that are being used to end to end delivery and innovation, but usually face many to this culture, compared to startup or pure companies. DevOps accelerate large companies challenges scale technology Below, I go through a few ideas that can you during this . help journey 1. Automation Squads Everybody knows how a typical Enterprise IT looks like: several , spread in multiple locations, , multiple and programs going on in . teams vendors communication challenges projects parallel How companies usually try to tame this ? The standard approach: . dragon Standards Get people to create documents describing the and , hand it over to the people involved, define manual verification and approval gates between each phase. DOs DONTs Results: delivery , , engineers spending too much time on paperwork, no optimization on the long run. delays dependency hells A better ( ) approach: (technical) and . DevOps Contracts Tools That is, your processes, automate whatever is possible (Building, Testing, Delivery, Monitoring). Focus on agility on the whole delivery stream, put automated speed over (human and error prone) control. digitalize In a (you may wonder), engineering teams would be able to , (from multiple areas and stakeholders…) and implement these tools themselves. perfect world identify get buy-in In real scenario (with both internal and external players), you will probably need to put in place a focused team (an ) with and to do so. enterprise Automation Squad focus empowerment This should not be a new “ ”. This group must create that other to develop and deliver their software autonomously. Change Management team tools enable teams Jenkins (an Open Source Automation Tool) can probably be a good base platform for this team and is probably already being used by many of your development teams anyway 2. Application Analytics Not everyone understand that Agility is not only about “moving ”, but also about “ your ” as you . fast changing direction need And this usually comes in two flavors: and . need user feedback technical reasons My experience is that the first type is usually already in place. There is already very strong business pressure around it, and it is something companies have being doing for many years already. Tools like give Product Owners and business stakeholder access to key insights on how the application is performing at the (page views, conversion rates, …). Google Analytics user level The good ol’ Google Analytics It does not mean that there is no room for improvements. There are many new tools that can be of great value, specially for . If you take a look on and similar ones you will have a sense of what is possible with this newer bread of tools. User Analytics Designers HotJar HotJar Heatmap example Now, in order to support DevOps teams you need a tool with a , something that can provide things like: totally different perspective Issue debugging. analysis. Performance and audit logs. Security And for that, you usually need access to all the generated , not only samples and summarized data (that is usually what you get from the previous category of tools). logs Off course there are many Enterprise grade tools with this capability, but if you want to start with the basics, the number one (hands down) option is (ElasticSearch+LogStash+Kibana). ELK Sample ELK Dashboard (analysis of HTTP/Apache logs). You can setup your own infrastructure, or you can search for SaaS options (there are several available). The important thing is, you need to have a tool that enables and between the multiple roles in a DevOps organization. productive communication interaction If any you have on production takes (and dozens of e-mail threads) to be analyzed and solved, you are still running on the traditional “Dev vs Ops” model. incidents several days 3. A New Security Mindset Differently from the Automation topic, where I think a approach can work best in enterprise organizations, I think the must be applied for . centralized opposite security You can put in place to check system vulnerabilities and perform , but people (all of them) must be really the center of your security strategy. tools penetration tests Why? Most of the hard to catch ( bugs I have troubleshoot in the last years were caused by , and by that I mean: . functional) accident skilled people doing something (exceptionally) wrong But when I think about the level of being delivered in many projects, it is totally the opposite. The security and were created by people that did not have a clue of the they were making. The success would be the exceptional case. security flaws breaches mistakes Go ask your team a few questions: Do they know what is all about? OWASP Can they give you some examples of ? XSS Do they understand the different files are sit on their ~/. folder? If so, are they still connecting on the servers using passwords? ssh Are their hard drives ? What about the ones on the server they are working on? encrypted What are they using? password manager What type of SSL/TLS they are deploying on their web applications? certificates They will probably not be able to answer some of them. Security is unfortunately still not a very important topic on most of computing/development courses. You have to put in place and practices to foster this skill in your teams. training knowledge sharing The fastest (but not the best…) way to make companies invest on security training and tools is to get — . hacked sad but true The next topic can give you another, much better way, to bring this to everyone’s attention. 4. War Games DevOps being defined as a of integration of , a key thing to do is to put together some activities to make it happen for real. culture different teams team building One way of doing that is performing some “ ”, simulations and exercises involving different goals and people. Some ideas: War Games change: test your whole development and deployment flow by changing a single line of code. Single line Internal /Penetration test: Try to hack your own system and use this to create security awareness (see topic above). Hacking : Simulate different disaster (single server, single AZ, complete region). You can do that using a backup of your system. You do not need to be a Netflix company running for that. Disaster Recovery chaos monkey : What happens to your application/infrastructure during a severe demand peak. Will it be able to scale as designed? Peak demand Each of these exercises will put different skills to the test, and definitely will help your teams to handle real life situations with much more confidence. — Let me know if you have any DevOps implementation experiences to share!
