3. DevOps…It’s About the Software Potential In Your Business!
Opportunity – Does software have the potential to improve your business?
Challenge – Has traditional IT or Software Development been too slow?
Internally – Can teams do more with less / Can business get more from IT?
Externally – Are there new technologies that simplify & improve efforts?
Risks – Can new technology address scale, security or evolution?
Return – Can business leverage global velocity and quality to grow!
4
4. Enterprise Software Before Agile & DevOps…
Betting on a software process was
like a horserace bet without knowing
the horse, race details or the person with a tip.
People do get lucky, but it’s not a good strategy!
Software processes, like horses,
come in all shapes and sizes.
Some software teams are disadvantaged
before they even start a project.
Instead of driving blind with your
Software processes, you should
determine if you have a modern
team with advantages, or not!
6. See my DevOps Flat-IT Fixing Slides
Enterprise IT – Then
Legacy IT: Traditional processes (and legacy infrastructure) don’t really scale in fast changing markets
$
Cost Center IT
1M+ Code lines
1K+ Developers
100+ Features
Manual handoffs
Competitive Silos
2-3 Year cadence
Now how do I Itell him
Now how do tell him
we need to increase
we need to increase
production by 3000%
production by 3000%
by next week?
by next week?
7. See my DevOps Flat-IT Fixing Slides
Enterprise IT – Then and Now
Legacy IT:
$
1M+ Code lines
1K+ Developers
100+ Features
Manual handoffs
Competitive Silos
2-3 Year cadence
1-3 Y ears with Legacy
Modern IT:
10’s of Code lines
5-7 Developers
3-7 Features
Auto-deploy / Cloud
Collaborative IT
2-6 Week cadence
6
DevOps
Projects – Agile & Micro Apps - Auto-Deploy & Cloud - Simplified IT – Services
Sprints with Automation 2-6 weeks
8. See my DevOps Swimming Lane Slides
Transforming the Enterprise
M oving from…Mega - Complex - Silos…
with isolated decision-making and internally competitive teams
“You can’t buy a culture transformation,
it is hard work from within the organization”
Dr. Ahmed Sidky
Moving to…Micro - Simple - Cross-discipline…
with shared decision-making, ownership, standards and automation
With Agile and DevOps… “the differences between a
developer and operations engineer
is becoming less visible and will eventually dissolve.”
DevOps-Pivoting Beyond Pockets, Kamal Manglani
9. While We Are Not “THERE” yet…
You M ay Be Closer Than You Think!
10. A Model: For IT Transformation Discussions
Sonar
12. A Practical Sonar User Story…
Driving blind…
…Moving forward with agility and speed...
…Pinging and listening for obstacles…
…”Reacting” appropriately to the echo/feedback!
10
14. Sonar Model: Agile and Project-DONE
Cross-discipline (Dev/QA) - Collaboration & Feedback Drives Project Velocity & Quality
What drives your high “velocity and quality” efforts to “PROJECT-DONE”?
Scrum, Kanban, Lean, XP – Culture, Process and Technology (tools)
12
16. A Sea Change in Software Development
Agile Good News: Fast-moving, Leveraging Heavy Reuse…
Written
&
Delivered
14
agile-fast!
17. An Ecosystem at Risk
Agile Bad News: Fast-moving, Leveraging Heavy Reuse…
In One Year…
15
18. M ore Agile Bad News: Compounding Ecosystem Realities
16
19. Agile Transformations: Don’t Forget Your Code and Tools
Accelerated Micro-projects need controls and feedback for global Code decisions
Global and Long-term
Visibility
Real-time and Adaptive
Controls
Transparent and Traceable
Fast-Fix
17
21. Agile Development: DevOps
More Agile Good-News…
Agile teaches Development teams and processes to
collaborate, listen and adapt…quickly!
DevOps is simply an extension of Agile principles
across the IT teams, technologies, tools and system flows…
collaborating, listening, adapting-globally and over-time!
22. Sonar Model: Agile & DevOps Velocity – Operationally DONE
Cross-discipline (Dev & Ops) – Deploy Collaboration Drives Product Velocity
CI
CD
Deploy
CI
CD
20
Continuous Integration - Test Driven Dev – Test Automation – QA Collaboration…
Continuous Delivery - Deployment Automation - Application Release Automation…
23. Sonar Model: DevOps & Business Quality – Business DONE
Apps live long after Agile teams can break-up – Feedback Drives Product Quality
Agile Project Cadence
DevOps and Business Feedback data
How can Agile projects remain connected to Ops and
Business feedback to benefit future Agile Development?
21
24. Sonar Model: Does Agile Store Dev Feedback & Knowledge?
DevOps and Business data
Can DevOps and Business feedback be tied to an Agile System with
long-term memory and real-time global visibility?
22
25. Product Example: DevOps/Business Feedback Drives Quality
Adding PPM -like functionality can improve corporate visibility, business & cost alignment. Is that DevOps too?
23
26. Sonar Model: Cont. Improvement – A Business Advantage
The only “real” sustainable competitive advantage
is the ability to learn faster than the competition.
- Peter Senge
27. Iterative Agile & DevOps: Adapting with long-tail feedback
Feedback
(Formal or Informal)
Artifacts
(Formal or Informal)
28. A Continuous Evolution of Projects, Products and Business
Dev & Code / Dev & Test / Dev & Ops / Dev & Business Users / Dev & Bus. Strategy
Continuous Improvement
The Feedback-loops & system practices will keep EVOLVING
create a continuous improvement environment with competitive business advantages.
26
29. DevOps Eco-Systems: Conversations & System Flows
The SOFIA test
27
(for culture & technology)
-
Speedy - Open - Flexible - Integrated - Accountable
30. DevOps: The 4 Pillars of Corporate Transformation
1) Align the Dev Systems
- to the adoption of Agile and improve project velocity and quality
2) Optimize processes flows
- leverage deployment automation to improve product velocity
3) Create a system of Continuous Improvement
- feedback from Ops, Business and Corp. planning to improve product quality
4) Protect IP & Identify areas with Competitive Advantages
- leverage data and feedback to adapt and improve the business
31. Questions?
Managing software will always have an element of driving blind.
The Sonar model lets you drive forward with a lot more confidence!
DevOps = Business Agility
Your Competitive Advantage!
Notes de l'éditeur
Does DevOps have to choose to S-I-N-K the rich history Traditional IT?
Work in Hidden Pockets / Exploratory side ventures
Set a New Global Standard / Net-New or Restart (Boil the Ocean?)
Can DevOps choose to S-Y-N-C established IT practice and get a different outcome?
Work with IT to Optimize single-tracks of innovation / Set-up Hybrid Pilots (A/B Testing)
Coordinate a Global effort of a Collaborative and Silo Integrated IT organization?
What are the trade-offs with either decision?
Technical Debt, Cultural baggage, Throwing good money at bad investments?
Adjusting expectation and the reward systems
Is there an ROI? – Or a Risk / Benefits Assessment?
Brief Waterfall is a sequential design process in which progress is seen as flowing steadily downwards through the phases
The waterfall development model originates in the manufacturing and construction industries: highly structured physical environments in which after-the-fact changes are prohibitively costly, if not impossible. Since no formal software development methodologies existed at the time, this hardware-oriented model was simply adapted for software development.
Active sonar uses a sound transmitter and a receiver. When the two are in the same place it is monostatic operation. When the transmitter and receiver are separated it is bistatic operation.
Active sonar creates a pulse of sound, often called a "ping", and then listens for reflections (echo) of the pulse. This pulse of sound is generally created electronically using a sonar projector consisting of a signal generator, power amplifier and electro-acoustic transducer/array.
Build quality in at the beginning, and listen for feedback all the way to the end
Project-flows:
every check-in,
Unit Test, functional tests
User acceptance tests and performance
Build (success or failure) and staged auto release effort
Service-Flow:
All repackaging activity, performance data, disruptions, Ops scripting practices…
Service Desk (education), request surges, complaints, concerns, etc.
Business-flows:
User adoption (or abandonment), Efficiency gains/revenue, ROI
Sustainability costs, transition to common services/blended resources, reusable/competitive advantage potential….
More evidence that a solution is badly needed:
46 mill downloads of insecure versions of the 31 most popular security libraries and frameworks, etc.
18k organizations have downloaded a Struts version with a “severe” security flaw.
4k organizations using an older version of Struts that can easily be exploited with a simple HTTP request (can even be done from a mobile phone).
+++
More metrics:
96% of attacks were not highly difficult. 79% of breach victims were targets of opportunity. 2012 Verizon Business data breach investigations report.
The cost of cybercrime will increase 10% per year through 2016 due to continuing discovery of new vulnerabilities. Gartner Top 2012 predictions.
2011 cost of a data breach was $219 per record. Ponemon study.
59% of developers and close to half of security practitioners state their company has experienced between 1-10 data breaches over the past 24 months due to compromised or hacked applications. Ponemon Study 2012.
81% indicate data risks have increased over the past 3 years. AppSecInc and Unisphere 2011 study.
58% of software susceptible to large scale attacks. Veracode state of software report 2010.
12% of security personnel say all of their organization’s applications meet regulations for privacy, data protection and information security. 15% of developers feel the same way. Ponemon 2012.
Average cost due to lost business following a breach is $3MM in the US. Ponemon 2012
Close to half (44%) of the developers surveyed stated there is absolutely no collaboration between their development organization and the security organization when it comes to application security. Ponemon 2012.
56% of IT auditors report their organizations are actively investing to reduce security risks, software quality, or intellectual property risk. Security highest at 24%. ISACA webinar survey 2012.
New Vulnerability Discovery: Proactive discovery of new vulnerabilities for existing components
Enterprise-wide View: New violation summary by threat level provides enterprise visibility
First Step to Resolution: Actionable remediation allows new vulnerabilities to be fixed quickly
Here is an example of how the CLM is integrated into the repository manager and build / CI systems.. This example shows Nexus, but Sonatype is taking a tools agnostic approach and will support other repo managers as well as other IDEs, CI systems, etc.
This particular example show license, security and policy information.
Global and Long-term VISIBILITY
- Helping Developers the are NEW or Separated by distance or time
- Find assets, feedback, guidance, peers and insightful data quickly…
- Example: Code composition, problem discovery, change, historic success or knowledgeable peers
Real-time and Adaptive CONTROLS
- Help organizations to find, remove and avoid vulnerabilities (bugs and liabilities) early; - Reduce delays related to
- QA, Build failures, Open Source distribution, - Deployment surprises, Ops Services disruptions, Change incompatibilities, Service Desk surges - or Repetitive “design” frustrations by business users an/or Customers…
- Enable policies coordinated with Dev, Ops, security or business related teams.
Transparent and Traceable designs for FAST-FIX
- Help organizations leverage responsive SWARM efforts and PROACTIVE replace strategies
- Increase efficiencies in response to learning opportunities, business disruptions and for change/risk impact
- Creating learn-once frameworks to help with remediation efforts that benefits global teams
Build quality in at the beginning, and listen for feedback all the way to the end
Project-flows:
every check-in,
Unit Test, functional tests
User acceptance tests and performance
Build (success or failure) and staged auto release effort
Service-Flow:
All repackaging activity, performance data, disruptions, Ops scripting practices…
Service Desk (education), request surges, complaints, concerns, etc.
Business-flows:
User adoption (or abandonment), Efficiency gains/revenue, ROI
Sustainability costs, transition to common services/blended resources, reusable/competitive advantage potential….