Running DevOps Projects Into a Tree
How to destroy every
well-meant DevOps project
Introduction and Background
Rainer Stropek
- Passionate software developers for 25+ years
- Microsoft MVP, Regional Director
- Trainer, Teacher, Mentor
- đź’• community
How To Run every DevOps Project Into a Tree?
Focus on
DevOps Tools
DevOps Tools
-
DevOps is primarily a way of working
- Change organizational structures
- Change processes
- Change culture and mindset
- DevOps definitely requires new skills
- Make better use of existing tools
- DevOps might require new tools
- Cloud computing is an enabler
- Details will follow later
Make DevOps The Responsibility of a Newly Founded DevOps Team
DevOps Teams
- The whole point of DevOps is to integrate
- ​Not to separate or isolate
- "DevOps" just a new name for Ops?
- A DevOps support/consulting team might be useful
- Helps teams to get started
- Servant leaders
Foster Kingdoms and Silos
Ops
Security
Architects
Devs
My fiefdom is building web apps, so I don't worry
about operational stuff like API gateways, telemetry,
auto-scaling. That's the job of our admins.
đź‘Ť People know how to delegate
đź‘Ť Clear separation of concerns
đź‘Ť Specialization leads to quality and efficiency
đź‘Ť Don't reinvent the wheel
My fiefdom is Active Directory, so I am super restrictive on what
people can do with it.
Â
đź‘Ť Principle of least privilege
đź‘Ť Security in the hand of specialists
đź‘Ť Guarantee security through
   centrally enforced policies
Missing
Trust
Conway's Law
„Any organization that designs a system will inevitably produce a design whose structure is a copy of the organization’s communication structure”
Source: Conway, How Do Committees Invent, Datamation magazine, April 1968
DevOps
"You build it, you run it"
Underestimate Complexity
Standing on the shoulders of giants
-
Public Cloud solves this problem!
- PaaS
- Serverless
- SaaS
- Low code
- Ready-made services for cross-cutting concerns
Ignore Fears and Reservations
Deal With Fears
-
Fear of losing power and influence
- No more fiefdoms​
-
Fear of taking ownership
- Fear of failures
- Feeling of lacking abilities
- Fear of overwhelming responsibilities
-
Fear of losing control​
- Decentralized​​
- Built on trust
- ​Work on company culture
Forget Security
View of
Developers
DevOps
"You build it, you run it"
DevSecOps
...and you are responsible for its security
Making Your DevOps Project a Success
DevSecOps
- Operations and security are no longer the responsibility of specific, isolated teams
- It becomes a shared responsibility
- Take responsibility for the entire software solution
- Team has overall picture 👉 better security and SLA
- DevSecOps needs cultural change
- DevSecOps needs organizational change
Success Factors
-
Ensure management support
- Understanding for overall goals
- Change organizational structure and processes
- Clear communication regarding changes
- Accept limits (10x developer myth)
-
Simplify
- Consider professional cloud providers
- Surrender some amount of control
- Benefit from limited responsibility
- Economy of scale, economy of scope
- Use PaaS and Serverless instead of IaaS
- Avoid over-engineering
- Zero Trust Networking
- Consider professional cloud providers
Success Factors
-
Educate
- Repeat the basics (e.g. networking, encryption)
- Know your platforms (e.g. cloud, frameworks)
- Knowledge transfer between teams
- Well educated people are able to take ownership and responsibility
-
​T-shaped skills
- Deep expertise in a single field
- Ability to collaborate across disciplines and apply knowledge in other areas of expertise​
- Value long-term stability and success
- Redefine legacy
Success Factors
-
Support
- Internal/external consulting teams
- Blueprints, patterns, practices
- Allow autonomy
-
Embrace Infrastructure as Code (IaC)
- Repeatable, shareable
- Cooperative code reviews with consultants and/or custodians
- Embrace open source development style
- Learn from OSS
- Works internally, too
- Share, exchange, learn from others
Success Factors
-
Step-by-step approach
- Iterative improvement outdoes perfectionism
- Technical debt is part of backlog
-
Custodians
- Servant leadership
- Make suggestions, listen, not just say "no"
- Supported by automated policy checks
- Verify practices and guidelines automatically
- Work with teams, understand the consequences of decisions
How Can Azure Help?
-
PaaS and Serverless
- No more patching of base software infrastructure
-
Encryption of data in transit out of the box
- Certificate management (free managed certs)
- Key Vault secure storage for certs and secrets
-
Azure AD for authentication and authorization
- Users and services
- Managed identities for M2M communication
-
Private Endpoints
- PaaS/Serverless in locked-down network segments
- Logging, monitoring, and telemetry
- Application Insights
Avoid...
- ...secrets
- Use AAD instead
- E.g. AAD admin for Azure SQL
- (if not avoidable) ...storing secrets outside Key Vault
- ...putting old, legacy apps on the internet
- ..applying traditional perimeter-focused policies on cloud-native apps
- Make no sense with PaaS/Serverless cloud services
- ...forget logging/monitoring/telemetry
- ...underestimating the importance of AAD
- ...manually manage certificates and secrets
- ...inventing your own security protocols and services
Summary
-
DevOps and DevSecOps are necessary
- Become more productive
- Build real solutions for real people
- Master complexity
- Work on technology and organization
- How much time do we spend on technology decisions?
- How much time do we spend working on org/culture?
-
Cloud computing is an enabler
- Focus on your core responsibility
- Infrastructure-as-code
- Let people develop T-shaped skills
Q&A
Thank you for attending
Running DevOps Projects Into a Tree
By Rainer Stropek
Running DevOps Projects Into a Tree
- 438