Here are the 3 major principles that Verys observes when we engage with clients through our DevOps culture.
DevOps is the train that everyone wants to ride on but few have laid the track for it. We all envision thousands of code deploys per day while achieving stability, security, reliability, and availability. Yet, few of us has have mastered building a successful cross-functional team that can make our dream a reality. If you belong in an organization where development and operations are adversaries and testing and InfoSec activities happen right before deployment, I can almost guarantee that your deployment process is chaotic.
Regardless of the industry, to acquire customers and bring them value, you are dependent on the technology value stream. As Jeffrey Immelt, Ex CEO of General Electric said, “Every industry and company that is not bringing software to the core of their business will be disrupted.” Now more than ever, you need DevOps principles to bring innovation to the core of your business.
The main purpose of the first principle is to enable a fast flow of work to reduce the time to get to the marketplace.
Visualize the flow of work.
A technology value stream is a process required to convert a business idea to a service or a product delivered to a customer. The first step in optimizing the process is to visualize the process. To see where work is flowing well and where it is blocked, you need visual work boards such as Kanban boards or sprint planning boards.
Limit the number of Work in Progress Items and remove constraints.
Interrupting technology workers is easy because the consequences are invisible but the negative impact on productivity is far greater. Hence tools like Kanban boards can be used to limit the number of WIP cards in each lane. Limiting WIP also makes it easier to see problems that prevent the completion of work.
Build autonomous small integrated teams.
To enable market-oriented teams, bring the functional engineers (Dev, Ops, QA, InfoSec) and product owner into each service team so they can work independently and quickly to deliver value to customers. Market-oriented teams are not just responsible for feature development but also for testing, securing, and deploying their service in production.
Information Security is everyone’s concern.
When InfoSec is an assigned part of the team, they gain the business context they need to make better risk-based decisions. Integrate security into our deployment pipeline and automate as many information security tests as possible so they run alongside the rest of the business test cases in the deployment pipeline.
Small but frequent deployments.
If your current architecture is too tightly coupled, you can start decoupling parts of the functionality from the existing architecture using Strangler Pattern. The strangler pattern involves placing existing functionality behind an API where it remains unchanged and implementing new functionality using desired architecture. This will enable small teams to develop, test and deploy features in production frequently.
Establish a solid automated deployment pipeline.
To create a fast and reliable flow from dev to ops, we need to enable on-demand creation of dev, test, and production environments. Version Control is for everyone in our value stream, including operations and InfoSec. By bringing version control to infrastructure, we can quickly rebuild environments on-demand. Build automated configuration systems (Puppet, Chef, Ansible) to ensure consistency. To build quality into a product, build automated tests as part of the daily work. The tests should be fast and reliable to confirm that we have a green build in a deployable state.
Tame your release process.
The blue-green deployment is easy to implement and can increase the safety of software releases. Finally, deployment can happen during regular business hours. Canary releases will let you promote to successively larger and critical environments while confirming code is working as expected.
The main purpose of the second principle is to build a secure, reliable, and resilient system. The knowledge acquired in downstream operations should be integrated into the upstream work of development and product management. By creating fast feedback loops at every step of the process, everyone can immediately see the effects of their actions.
Gather metrics at all layers of the application stack
Create the infrastructure necessary to capture telemetry at all levels of the application stack and make it visible for the entire organization. We should define and link each metric to a business outcome metric at the earliest stages of feature definition and development. Hence, the product owners describe the business context of each feature for everyone in the value stream.
Log & Event Aggregation
Avoid silos of information where developers only create logging events that interest them, and operations only check whether environments are up and down. We need to generate logging events that will show how our application is behaving as a whole. When the entire application has monitoring and logging, it enables other important capabilities such as anomaly detection, proactive alerting, and escalation.
Avoid Metrics Gaps
Metrics should be captured at all the following levels to avoid any gaps:
It is very crucial to layout the business metrics side-by-side with the infrastructure and application metrics. When things go wrong at the infrastructure level, we should be able to spot the business impact, like a revenue drop.
Catch the issue before your customer does
Our goal is to catch errors in our deployment pipeline before they get into production. However, in any case, if there is an error, our production metrics would be able to detect it quickly. We may turn off the broken feature using feature toggles and fix the service.
It is important to schedule blameless post-mortem meetings after accidents have been resolved. This will encourage the people who made mistakes to educate others on how not to make them in the future. Injecting production failures periodically enables resilience and learning. Create internal consulting and coaching to spread the best practices. DevOps is not just a technological imperative but an organizational imperative.
Implementing feedback loops in the technology value stream brings visibility to the new features that are getting rolled out to the market. Feedback loops are a mixture of processes, automation, and tools. Tools like feature flags and A/B Testing should enable product owners to get early feedback from users to see whether they are heading in the right direction before releasing the entire product. Automated pipelines should help the InfoSec team to see if they have any security compliance issues from the very early stages of development. Application Metrics and Production Usage Metrics should give a fairly good idea of how reliable and resilient your software is and how often it is being used by customers. Having blameless post-mortem meetings should give general feedback about where the processes and people are failing.
We assert that with all this information, tools, and automation in hand, now your team is empowered to deploy often and get to market quickly while enjoying a stable, secure, reliable, and resilient system. DevOps will create organizations with a growth mindset that will out-innovate their competitors in the marketplace.