DevOps nirvana
Firstly, achieving DevOps nirvana does not happen overnight. As a result, many organizations are in the transition towards the ideal set up. As a result, that nirvana takes time. However, for every milestone reached in the transformation process, there are many benefits. But, in contrast, there are also new challenges.
Therefore, this White Paper sets out three broad DevOps scenarios. With the intention to discuss the relationship between Dev & Ops, so the specific benefits you’ll gain can be explored. Specifically, from a configuration data management point of view.
Under these circumstances, there’s no such thing as good or bad DevOps. So, Benny Van de Sompele outlines the perks of each scenario, providing three key broad ways of working.
In reality, most DevOps teams are still separate. That means the nirvana is, for many large organizations, still far away. However, that doesn’t mean there’s no value in assessing the steps you can take right now. With that in mind, you’ll be better prepared for the future …
Author Bio
Benny Van De Sompele
Co-Founder & CTO
Benny turned his experience from implementing Continuous Delivery for enterprise applications (at companies such as CA Technologies, Nolio and Oblicore) into a software platform that’s carving the way for modern DevOps teams to fully automate the config data within their entire application estate and across every stage of the application life cycle.
2. A White Paper by Sweagle
A DevOps culture
DevOps is all about the culture of bringing Dev and Ops together, so that
processes run more smoothly at higher velocity, resulting in more
deliverables and fewer errors. So that's the theory and it sounds great, but
what does it mean in reality?
Achieving DevOps nirvana does not happen overnight. Many organizations
are in the transition towards the ideal DevOps set up, and that journey can
take some time. For every milestone reached in the transformation
process there are benefits... but also new challenges.
Let’s look at the specific needs and challenges for every stage of the
DevOps transformation in a bit more detail. We'll start with the ideal
DevOps organization, where a single team owns the process from Dev to
Ops.
[Dev] & [Ops][Dev] <-> [Ops] [DevOps]
- RBAC
- Diff compare
- Root cause
- Validation policies
- Consolidated model
- Pipeline visibility
- Dynamic organization
- Cross team
collaboration
- Evidence repository
Independent
teams
Embedded
(nirvana)
Working in
tandem
3. Dev & Ops
embedded
In its most pure and ideal form, a
DevOps team is fully self-running, self-
organizing and taking ownership from
Dev to Ops. This is the nirvana.
“You build it, you run it” is their credo,
and every DevOps team has the right
talent onboard to cover the horizontal
track from development to running and
managing applications in production.
From a config data perspective, it means
the whole team has (or should have)
access to all the config data... with one
big limitation. ONLY for the applications
that are in scope for the DevOps team.
Being part of a DevOps team doesn’t
mean you can access ANY production
config data, anywhere, for any of the
components in the company. There's
governance required around this.
A White Paper by Sweagle
4. Why config data matters...
when Dev & Ops are
embedded
Having a robust config data management platform matters when your Dev & Ops
teams are embedded, because you need a way to scale up or down, collaborate
more openly and combine all CDIs into a central audit trail.
Cope with a dynamic DevOps organization
As teams scale up and down, and take on more applications or transition
ownership from one team to another, it should be a requirement that some kind of
governance, control and structure is in place to facilitate these changes. Security
and governance need to be applied horizontally from Dev to Ops but limited to the
subset of applications within their scope - at any point in time. A common config
data repository with fine granular access permissions, roles and policies will help.
Collaboration between DevOps teams
Because modern application architectures have no technical dependencies at all
between their components, DevOps teams can deliver innovations and changes
in parallel at their own frequency. But new patterns like feature activations,
functional dependencies and canary deployments do require a cross-functional
DevOps team with coordination and control. A comprehensive config data
management platform will enable this cross-functionality, collaboration and
automation. And it will make sure all required components (or versions) are
available in any environment before activating certain functionalities.
Collection of all config data
Can you access settings and changes at any point within the pipeline, past or
present? Agile DevOps doesn’t mean uncontrolled and ungoverned changes. A
config data management platform will provide an unalterable audit trail and
evidence repository tracking so you'll know exactly which component was
running where, for how long, and with which settings - for any point in time.
A Sweagle White Paper
5. Dev & Ops
working in
tandem
But perhaps it's not possible to have
every DevOps team equipped with team
members who are experts in the full
stack of technologies as well as having a
handle on all the complexities and
particulars of different environments.
DevOps can also mean that
Development and Operations work
closely together in the cadence of an
agile development and delivery cycle.
It involves tight collaboration with Ops
having clear visibility of what's coming
through the CI/CD pipeline. And a way
for Dev to not only push and promote
code, but also the required settings and
changes.
It involves a proactive approach to
take the input from Development as
early as possible and prepare the
upstream environments proactively to
be ready to host the changes and
deliverables as soon as they reach their
go-live status.
A Sweagle White Paper
6. Why config matters...
when Dev & Ops are working
in tandem
Having a robust config data management platform matters when your teams
work in tandem, because you need a way to check that upcoming changes are
fully release-ready, validated and within a common data model.
Preparation & validation
You want to ensure that all suggested changes and settings for deliverables
coming through the pipeline are correctly prepared and validated prior to
deployment. This requires checking that no mandatory settings are missing,
that no configurations contain unidentified tokens and that no parameters
have conflicting values. A comprehensive config data management platform
will provide automated validations which proactively check that any upcoming
change is fully ready. This reduces manual workload and prevents errors.
Common config data model
You want your teams to collaborate around a common configuration data
model, adapted to the technical specifications of Development and that the
specific configurations for the environments are present and correct. After all,
the settings for a new application component in a lower test environment will
(or should) be different from the production environment. A config data
management platform will automate the merging of config data changes for
new releases with the specific settings for the target environment.
Environment policies
When your teams are working in tandem, you need to control and validate all
suggested config data changes and settings to ensure they are in line with the
policies and validations for every environment. Functional, technical and
compliancy validation checks will be automated through your config data
management platform before the changes are applied.
A Sweagle White Paper
7. Dev & Ops are
independent
teams
But perhaps parts of your organization
and teams are still structured in
separate verticals or silos with handover
processes between them.
And this isn't limited to a separation of
Dev from Ops.
Even within Dev you might have silos
such as the database DEV team,
middleware team or JAVA team.
In the same way your Ops might have an
infra silo, network silo or PRD versus
non-PRD silo. Or perhaps part of the
operations work is outsourced...
which can have its own challenges and
complications.
A Sweagle White Paper
8. Why config matters...
when Dev & Ops are
indepent teams
Having a robust config data management platform matters when your teams
are independent, because you need a way to control and diff compare the
config data between those teams, especially when sensitive data is involved.
Role based access control
If you want to enforce RBAC on config data between teams. then security and
governance need to be applied vertically by silo. You will need a way to make
sure only the right team gets access to the config data they are allowed to see
or edit. A config data management platform will do this for you.
Sensitive data
To enable the encryption and security of sensitive data, you'll need more
segregation of roles and duties. This, in turn, comes with the need for a
higher level of auto-encryption and securing of sensitive data. A configuration
data management platform that collects and consolidates config data from
various sources will automatically pinpoint any of the config data sources that
contain unencrypted sensitive data. That instantly leads to a higher
vulnerability for unauthorized access and data leaks.
Diff compare
How often have you seen multiple team members spending countless hours
trying to understand changes from what they currently see (e.g. an issue with
application X in Production) and how it looked a week ago (when there was no
apparent problem)? A configdata management platform will allow you to easily
get a handle on the changes from the infra, environment and application point
of view.
A Sweagle White Paper
9. Accelerate root cause analysis
With many changes happening at infra, environment and application point of
view by different teams and stakeholders at various moments in time, it is
critical to have access to all config data for reporting and analytics. An
intelligent management platform offers an agnostic data model in which all
config data is not only stored but also made actionable. Machine Learning
algorithms can also assist in automatically discovering the root cause for any
issues at hand, and prevent the same bad config from happening ever again.
Why config matters...
when Dev & Ops are independent teams
A Sweagle White Paper
10. Final
thought
"Actionable evidence repository"
Configuration data matters so much -
regardless of where your organization is
on the DevOps journey. A configuration
data management platform will reduce
manual workload, will continuously
validate config data and provide an
actionable evidence repository for every
component in every environment. It's
also designed especially for highly
automated CI/CD.
Sweagle, the global SaaS platform,
manages, validates and secures
configuration data. Our customers range
from mature agile DevOps organizations
to traditional silo based enterprises. We
also work with cloud native, legacy and
hybrid application architectures.
A Sweagle White Paper
Author
Benny Van de Sompele
Co-Founder & CTO,
Sweagle
11. The end
But it's really only the
beginning...
Find out what benefits Sweagle could bring to your CI/CD pipeline.
Contact us to secure your config data success.
A White Paper by Sweagle
www.sweagle.com 2019