Scaling�DevOps To�The�Enterprise�
Benjamin�Wootton@benjaminwootton
DevelopmentTeam1
DevelopmentTeam2
DevelopmentTeam3
DevelopmentTeam4
DevelopmentTeam5
DevelopmentTeam6- Mobile
DevelopmentTeam7- Vendor
MonitoringTeam
MiddlewareTeam
AppSupport Team1
AppSupport Team2
DBATeam
NetworkTeam
WintelTeam
UnixTeam
Infrastructure
• DevOps isaboutimprovingthecollaborationbetweenthetraditionallysiloed developmentandoperationsfunctions(andindeedotherareaswithintheITfunction)
• DevOps isanextensionofagilesoftwaredevelopmentprinciples.Agileasverydevelopmentfocussed,butoftenmovedthebottleneckdownstream
ScalingDevOpsImplicationsForPeople&
Teams
DeveloperDeveloper Developer Tester Tester Sysadmin DBA AppSupport
AgileTeam
CrossFunctionalDev/OpsTeam
ProductAligned Dev/OpsTeam
ProductAligned Dev/OpsTeam
ProductAligned Dev/OpsTeam “DevOps Team”
TheDevOps teamareresponsible forthepathtoproduction.
TipstomakeDevOps teamasuccess:
• Enableotherteams
• Don’tbecomeasilo
• Coachingandtraining
• ReferenceArchitecture
• Automaterelentlessly
• Selfserviceforproductaligned teams
Developers Testers ITOps
Developers Testers ITOps
Developers Testers ITOps
UnixMiddlewareDBANetwork
X-FunctionalDev/OpsTeamX-FunctionalDev/OpsTeamX-FunctionalDev/OpsTeam
PlatformServicesTeam
Dev/Ops:
Development:
Operations:
TraditionalITOperations becomesevensmaller,moretechnologyaligned.Deepspecialism retained,providingoptimised building blocks.
Theseengineersbecomemoreapplicationaligned,helping theappplication teamsreleasetheircodequickly andefficiently
Incrediblyimportantthatthesepeople don’tbecomeasilothatdriveDevandOpsfurtherapart.Theyenable ratherthandoworkonbehalfofdeliveryteams.
ProductAligned Dev/OpsTeam
Developers Testers ITOps
Continuous Delivery Pipeline
Platform As A Service(Container Based)
LeverageLean
CollaborativePortable
CloudBased
Training
Evangelism
Enablement
Hiring
EnablementWorking with teams in a dual
delivery and upskilling capacity to raise their own capability.
HiringBringing in new skills with a
specific aim to upskill people in DevOps approaches.
TrainingOnline and classroom based
training to teach people about higher level or technical concepts
EvangelismExposing our people to industry
best practices and modern approaches related to DevOps
0102
0304
CulturalChange,Coaching,Learning&Upskilling
ScalingDevOpsImplicationsForYourApplicationPortfolio
High Low Low
High
Rate
Of C
hang
e
Cost Of Change
TBC
TBCTBC
GTL
TBC
TBC
TBC
TBC
DevOps InTheLegacyEstate
• Rateofchange• Costofchange• Currentmaturity• Costofremediation
=
BusinessCase
ScalingDevOpsRigour &BusinessCase
CultureOrganisationalDesign
PEOPLE
CollaborationPhysicalEnvironment
FederationSkills
PEOPLE PEOPLE
PEOPLEPEOPLE PEOPLE
PEOPLEPEOPLE PEOPLE
Retention
Incentives
Recruitment
67.0045.00 55.00 53.00
80.0049.00
66.00 70.0045.00 49.00
45.0055.00
13.00
66.0035.00 98.00
44.0055.00
49.0058.00
68.0075.00
43.00
90.00
45.00
80.00
18.00
70.00
50.0060.00
0.00
50.00
100.00
150.00
200.00
250.00
TeamA TeamB TeamC TeamD TeamE TeamF TeamG TeamH Team I TeamJ
DevOpsMaturityScore
People Process Technology
0
5
10
15
20
25
30
1 2 3 4 5 6 7 8 9 10 11
DevOpsMaturity
TeamA TeamB TeamC
Technology– Operate&Improve
People –Organisational Design
Technology– Test&Deploy
Technology– Design&Buld
Process– Agile&LeanMaturity Process– EngineeringBestPractices
Process–WaysofWorking
People - Culture
People –Skills,Recruitment&Retention
ScalingDevOpsRaisingSecurityWith
DevSecOps
Developer
ArtifactoryStaticAnalysis DynamicAnalysis
SecurityTests
Build ExportPackage
Development
Trigged viaJenkins
Maintainssecureversionedpackages
Security&ControlPointsInPipeline
DevOpsTeamWithSegregationOfDuty
Developer Deployment Engineer
Production Engineer
Thisexamplewillidentifyanycodethattriestomountdiskvolumes.Ifcodeisidentified,itwillbeauditedandthenworkflowcancontroltheactionofthisdeviationtostandards.
Example- StaticCodeAnalysis
Example– PCICompliance
PCI2.3 - Encryptallnon-consoleadministrativeaccesssuchasbrowser/Web-basedmanagementtools.
rules ’PCI 2.3 – Confirm telnet port not available'rule on run_controlwhen
name = 'should be listening'resource_type = 'port'resource_name = '23'status != 'success'
thenaudit:error("PCI 2.3 - Encrypt all non-console
administrative access such as browser/Web-based management tools.")
notify("[email protected]", "A machine is listening for connections on port 23/telnet!")
endend
RuleControlcontrols 'port compliance' do
control port(23) doit "has nothing listening"expect(port(23)).to_not
be_listeningend
endend
Example– SOXCompliance
SOXSection302.4.B– Establishverifiablecontrolstotrackdataaccess.
rules 'force key based auth'rule on run_controlwhen
name = 'is disabled'resource_type = 'File'resource_name = '/etc/ssh/sshd_config'status = 'failed'
thenaudit:error("SOX Section 302.4.B – Establish
verifiable controls to track data access.")notify(‘[email protected]’, "A
machine has password login enabled!")end
end
RuleControlcontrols 'password authentication' do
control file('/etc/ssh/sshd_config') doit "is disabled”
expect(file('/etc/ssh/sshd_config')).to_notmatch(/^\s*PasswordAuthentication\s+yes/i)
endend
end
Acheving ThisWithADevOpsAssessment&Strategy
CultureOrganisationalDesign
PEOPLE
CollaborationPhysicalEnvironment
FederationSkills
PEOPLE PEOPLE
PEOPLEPEOPLE PEOPLE
PEOPLEPEOPLE PEOPLE
Retention
Incentives
Recruitment