Scaling�DevOps To�The�Enterprise�

Benjamin�Wootton@benjaminwootton

DevelopmentTeam1

DevelopmentTeam2

DevelopmentTeam3

DevelopmentTeam4

DevelopmentTeam5

DevelopmentTeam6- Mobile

DevelopmentTeam7- Vendor

MonitoringTeam

MiddlewareTeam

AppSupport Team1

AppSupport Team2

DBATeam

NetworkTeam

WintelTeam

UnixTeam

Infrastructure

• DevOps isaboutimprovingthecollaborationbetweenthetraditionallysiloed developmentandoperationsfunctions(andindeedotherareaswithintheITfunction)

• DevOps isanextensionofagilesoftwaredevelopmentprinciples.Agileasverydevelopmentfocussed,butoftenmovedthebottleneckdownstream

ScalingDevOpsImplicationsForPeople&

Teams

DeveloperDeveloper Developer Tester Tester Sysadmin DBA AppSupport

AgileTeam

CrossFunctionalDev/OpsTeam

ProductAligned Dev/OpsTeam

ProductAligned Dev/OpsTeam

ProductAligned Dev/OpsTeam “DevOps Team”

TheDevOps teamareresponsible forthepathtoproduction.

TipstomakeDevOps teamasuccess:

• Enableotherteams

• Don’tbecomeasilo

• Coachingandtraining

• ReferenceArchitecture

• Automaterelentlessly

• Selfserviceforproductaligned teams

Developers Testers ITOps

Developers Testers ITOps

Developers Testers ITOps

UnixMiddlewareDBANetwork

X-FunctionalDev/OpsTeamX-FunctionalDev/OpsTeamX-FunctionalDev/OpsTeam

PlatformServicesTeam

Dev/Ops:

Development:

Operations:

TraditionalITOperations becomesevensmaller,moretechnologyaligned.Deepspecialism retained,providingoptimised building blocks.

Theseengineersbecomemoreapplicationaligned,helping theappplication teamsreleasetheircodequickly andefficiently

Incrediblyimportantthatthesepeople don’tbecomeasilothatdriveDevandOpsfurtherapart.Theyenable ratherthandoworkonbehalfofdeliveryteams.

ProductAligned Dev/OpsTeam

Developers Testers ITOps

Continuous Delivery Pipeline

Platform As A Service(Container Based)

LeverageLean

CollaborativePortable

CloudBased

Training

Evangelism

Enablement

Hiring

EnablementWorking with teams in a dual

delivery and upskilling capacity to raise their own capability.

HiringBringing in new skills with a

specific aim to upskill people in DevOps approaches.

TrainingOnline and classroom based

training to teach people about higher level or technical concepts

EvangelismExposing our people to industry

best practices and modern approaches related to DevOps

0102

0304

CulturalChange,Coaching,Learning&Upskilling

ScalingDevOpsImplicationsForYourApplicationPortfolio

High Low Low

High

Rate

Of C

hang

e

Cost Of Change

TBC

TBCTBC

GTL

TBC

TBC

TBC

TBC

DevOps InTheLegacyEstate

• Rateofchange• Costofchange• Currentmaturity• Costofremediation

=

BusinessCase

ScalingDevOpsRigour &BusinessCase

CultureOrganisationalDesign

PEOPLE

CollaborationPhysicalEnvironment

FederationSkills

PEOPLE PEOPLE

PEOPLEPEOPLE PEOPLE

PEOPLEPEOPLE PEOPLE

Retention

Incentives

Recruitment

67.0045.00 55.00 53.00

80.0049.00

66.00 70.0045.00 49.00

45.0055.00

13.00

66.0035.00 98.00

44.0055.00

49.0058.00

68.0075.00

43.00

90.00

45.00

80.00

18.00

70.00

50.0060.00

0.00

50.00

100.00

150.00

200.00

250.00

TeamA TeamB TeamC TeamD TeamE TeamF TeamG TeamH Team I TeamJ

DevOpsMaturityScore

People Process Technology

0

5

10

15

20

25

30

1 2 3 4 5 6 7 8 9 10 11

DevOpsMaturity

TeamA TeamB TeamC

Technology– Operate&Improve

People –Organisational Design

Technology– Test&Deploy

Technology– Design&Buld

Process– Agile&LeanMaturity Process– EngineeringBestPractices

Process–WaysofWorking

People - Culture

People –Skills,Recruitment&Retention

ScalingDevOpsRaisingSecurityWith

DevSecOps

Developer

ArtifactoryStaticAnalysis DynamicAnalysis

SecurityTests

Build ExportPackage

Development

Trigged viaJenkins

Maintainssecureversionedpackages

Security&ControlPointsInPipeline

DevOpsTeamWithSegregationOfDuty

Developer Deployment Engineer

Production Engineer

Thisexamplewillidentifyanycodethattriestomountdiskvolumes.Ifcodeisidentified,itwillbeauditedandthenworkflowcancontroltheactionofthisdeviationtostandards.

Example- StaticCodeAnalysis

Example– PCICompliance

PCI2.3 - Encryptallnon-consoleadministrativeaccesssuchasbrowser/Web-basedmanagementtools.

rules ’PCI 2.3 – Confirm telnet port not available'rule on run_controlwhen

name = 'should be listening'resource_type = 'port'resource_name = '23'status != 'success'

thenaudit:error("PCI 2.3 - Encrypt all non-console

administrative access such as browser/Web-based management tools.")

notify("security-team@financialcorp.com", "A machine is listening for connections on port 23/telnet!")

endend

RuleControlcontrols 'port compliance' do

control port(23) doit "has nothing listening"expect(port(23)).to_not

be_listeningend

endend

Example– SOXCompliance

SOXSection302.4.B– Establishverifiablecontrolstotrackdataaccess.

rules 'force key based auth'rule on run_controlwhen

name = 'is disabled'resource_type = 'File'resource_name = '/etc/ssh/sshd_config'status = 'failed'

thenaudit:error("SOX Section 302.4.B – Establish

verifiable controls to track data access.")notify(‘security-team@financialcorp.com’, "A

machine has password login enabled!")end

end

RuleControlcontrols 'password authentication' do

control file('/etc/ssh/sshd_config') doit "is disabled”

expect(file('/etc/ssh/sshd_config')).to_notmatch(/^\s*PasswordAuthentication\s+yes/i)

endend

end

Acheving ThisWithADevOpsAssessment&Strategy

CultureOrganisationalDesign

PEOPLE

CollaborationPhysicalEnvironment

FederationSkills

PEOPLE PEOPLE

PEOPLEPEOPLE PEOPLE

PEOPLEPEOPLE PEOPLE

Retention

Incentives

Recruitment

Want�to�know�more�about�Enterprise�DevOps?

www.contino.ioBenjamin.Wootton@contino.io

@benjaminwootton