© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

May 20th, 2016

Ting-Chung Hu (胡定中), FRS

DevOps at FRS TrendMicro

How We Run DevOps

Agenda

• Introduction

• DevOps

• Continuous Integration and Continuous Delivery

Enabling a Smart Protection

Strategy

Inspired to Stay a Step Ahead

Global Threat Intelligence from

the Smart Protection Network

Backed by Global Research

and Support

Fast Facts

Founded: 1988, United States

Headquarters: Tokyo, Japan

Number of Employees: 5,258

File Reputation Solution

Files Process Solution

Who am I

Source : The Matrix

Source : Iron Man

Source : Hd computer guy

大標題文字DevOps

DevOps – What is DevOps?

• Development + Operations = DevOps

• DevOps is a culture, movement or practice that emphasizes the collaboration and communication of both software developers and other information-technology (IT) professionals while automating the process of software delivery and infrastructure changes.

• It aims at establishing a culture and environment where building, testing , and releasing software, can happen rapidly, frequently, and more reliably.

--Wikipedia

Our Challenges

Dev

Ops

• Gaps between Dev and Ops

• Developers

• Mostly concerned about faster feature delivery time

• Operations

• Mostly concerned about system stability and impact from changes

• The left hand doesn’t know what the right hand is doing

• Slow hardware acquisition

• Difficult capacity planning

Service Pool

HypervisorHadoop

Dev &

Staging

Hyper-

visors

Production

Hypervisor

Large size

VM

HypervisorDB Storage

What We Needed to Maintain on Premises

DevOps – Our Approach

• AWS

• Relieve Ops from ”unplanned work”

• CloudWatch enables us to monitor real-time health and performance of the resources

• More computing power when you need it, less when you don’t

• Detail billing records enable us make better capacity planning and budgeting

• Continuous Integration and Continuous Delivery

• Faster feature turn around time

• Leverage AWS CloudFormation and OpsWorks heavily

• Infrastructure as code and configuration as code

• RD/Development now take full responsibility for the entire stack

大標題文字Continuous Integration and Continuous Delivery

OpsWorks

• built-in application lifecycle

• interactive application console

Infrastructure provisioning

EC2

SQS, SNS, Kinesis, etc.

databases

VPC

IAM

Application deployment

download packages, install software, configure apps,

bootstrap apps, update software, restart apps,

etc.

CloudFormation

• templatize

• replicate

• automate

OpsWorks “inside” CloudFormation

CI/CD – Infrastructure

Engineer

Github

new

branch

push

Code Template

S3

CircleCI

Cloud Formation

Testing

Environment

Staging

Environment

Production

Environment

Integrate Deploy

Admin

CI/CD – Infrastructure (Cont.)

Template CloudFormation

Public Subnet

NAT GW

Public Subnet

NAT GW

Private Subnet

Private Subnet

Private Subnet

Private Subnet

IAM

S3

CircleCI

Testing

Environment

Staging

Environment

Production

Environment

Build & Test Deploy

OpsWorks

CI/CD – Application

Engineer

Github

Develop

Tech Lead

Private Subnet

CI/CD – Application (Cont.)

Template

Private Subnet

Private SubnetPrivate SubnetPublic Subnet

NAT GW

Public Subnet

NAT GW

CloudFormation

apps

apps

CircleCI OpsWorks

SNS

DynamoDB

ElastiCache

S3

RDS

RDS

Instances

Instances

CloudWatch

Alarm

What do we maintain now — Templates

Template

CloudFormation

Infra.Admin

VPC

Subnets

IGW

Routing Table

Rout

VPN

Shared S3

IAM

Security Group

Engineers

ELB

CloudFormation

EC2

DynamoDB

OpsWorks

App Deployment

AutoScaling

Recipe

Template

Lessons Learned

• CloudFormation• Use CloudFormation to manage all of your resources if

possible (Not all AWS resources supported yet)

• Difficult dynamic referencing between stacks

• Parameterize as much as possible

• Keep an eye on your limits

• Opsworks• Need to be familiar with Chef

• Limited built-in Windows support

• Limited auto-scaling support

Thank You!