SlideShare una empresa de Scribd logo

How Financial Institutions Must Enforce DevOps Organizational Policy

Descargar como PPTX, PDF
T
Tamir Belzer

Enterprises' transition to Agile development has led to a dramatic increase in the number of releases and development cycles. It has also intensified the challenges of controlling, tracking, and auditing changes to the application and database. This has led to critical errors, data loss, and costly downtime.

Software
1 de 28
How Financial Institutions Must Enforce DevOps Organizations Policy
Agenda ▪ Continuous Delivery at enterprise scale ▪ The reasons why the database is often left behind ▪ Best practices of Continuous Delivery for modern applications ▪ The way to achieve the optimal delivery pipeline – including the database ▪ Q&A
Presenter Yaniv Yehuda Co-Founder & CTO at DBmaestro Spent the last years raising awareness about the challenges around database development and deployment, and how to support database Continuous Delivery.
This is me I like going fast, but I do need to manage risks…
About DBmaestro ▪ DevSecOps for databases: ▪ Database version control ▪ Release management ▪ Security management
DevOps! Everyone is talking about it!
Financial Services Business Demands Providing best customer experience in a highly competitive market: Gaining customer’s loyalty in the mobile and hyper-connected world In one of the most regulated sectors Customers are looking for: ▪ Intuitive service over any application ▪ Device agnostic connectivity ▪ Reliability - you cannot be too careful about their money Implications on Development, QA and Delivery: release applications fast, safe and NEVER make errors!
ARA on the Rise, Database Lagging Behind Manual work: can’t scale, can’t match CD frequency, not repeatable, prone to error * Dzone DevOps survey 2016
Fail fast fail often – continuous improvement Code is easy... Building and releasing code ▪ Code can be replicated, branched and merged ▪ Best practices suggest a single build process ▪ Release process is done by copying compiled code & executables
Fail fast? Pay the price… Database is not that simple Building and releasing databases ▪ A database is not a collection of files on the file system ▪ Each database environment contains a copy of the configuration ▪ Inconsistencies between environments ▪ Configuration drifts / out of process changes… ▪ Release process is incremental ▪ Cannot copy a DB from QA to Prod… ▪ Database upgrade and rollback scripts are separate from DB configuration
Pay the price ▪ Big Bank correlates 60% of release issues to the database − Managing environments, automating ▪ Banking app failing for a day! - Index removed from production − Choosing the right tools to automate with ▪ Disastrous down time - 5gb Table dropped from production… − Controlling release process
X Int QA Stage Prod Dev Dev Dev Model ‘Break Glass’ Out of Process Change X X X X X X Configuration drift… So how can we automate? This is exactly why we are doing things manually! The risk of over simplifying automation
The old days... ▪ Waterfall : Consolidating changes to one big release − Every 3-6-9 months? ▪ Being BIG − Big dev cycles − Big QA efforts − ‘Getting ready’ for the Big release well in advance ▪ Spending time evaluating changes − Developer/ ADBA introducing changes, building db upgrade scripts − DBA evaluates, suggests improvements or approves − DBA pushes changes forward / runs on higher environments
The old days... Safe but slow ▪ The Dev team is responsible − For creating logical changes to the app/db ▪ The DBA is responsible − For db changes code reviews (especially around high risk areas) − For handling rollout and rollout risks − For the health and continuous operation of the db ▪ Problem? Slow process…
Modern days – going faster ▪ Agile : small focused − Every 2-3-4 weeks? − Continuously? ▪ CD/CD − Small/atomic changes − Quick feedback loops (unit tests, automated tests…) − Small changes being quickly pushed all the way to (pre) production ▪ Evaluate changes? − Dev team often says DBA team is a bottle neck… (numbers game…)
Going faster – managing risk Who is responsible?? − Dev teams wants to be agile and self-sufficiency • Be responsible for pushing their changes forward − DBAs are responsible for the health and continuous operation of the db − Who is responsible for handling rollout and rollout risks? • Evaluating changes? • Managing risk? • Blamestorming is inevitable…
Tension & Risk ▪ Dev team: “we accepts responsibility” ▪ DBA team: “we will most likely be one you turn to in trouble…” {…you shouldn't have gotten into in first place} ▪ Enter: DevOps!
DevOps: going forward fast, yet safely DevOps for databases • Cross responsibilities - Dev team, DBA, Release manager, DevOps expert… • Creating a repeatable processes – Release Automation – Handling exceptions • Setting ground rules – what goes where? when? • Setting process controls – handling risk: policies & roles • Managing Risk
Int QA Stage Prod Dev Dev Dev Model ‘Break Glass’ Out of Process Change Validate OR Validate Validate Dev Goal: effective and productive Ops Goal: safe, predictable, scalable & controlled Any Source Of change Balancing Dev & Ops
Database Release Automation challenges Releasing ▪ Different sources of change (IDEs, scripts, App Setup) ▪ Simplistic automation potentially breaking environments ▪ Requires skill, diligent and invest a lot of efforts ▪ Dealing with configuration drifts ▪ Out of process changes & break glass scenarios ▪ How are we validating Success? ▪ And control Policies? ▪ Garbage in, garbage out? ▪ Achieving Compliance and Auditing
QA Stage Prod ‘Break Glass’ Out of Process Change Validate Validate 1. Comply to Policy rules 1. Enforce security roles 2. Prevent non-policy updates 2. Validate pre-release configuration 1. Stop automation 2. Notify Drift 3. Suggest resolution 3. Execute upgrade 1. Audit changes 4. Validate post-release results 1. Activate tests 2. Enable rollback if required 5. Alert or prevent out of process changes Safe, Fast, Stable, Repeatable, Scalable and Secure Database Automation Validated & Safe Automation
 Need to answer: Who? What? Where? When? Why?  Security roles – Control who can do what and where  Audit - Who did what when and why Security, Compliance & Audit
Policy Management ▪ Define the policy rules to govern changes on a per- environment basis − Incoming changes, whether in scripts or interactive changes are measured against policy rules − What? Where? When? − Prevent execution of risky or non-policy code (prevent dropping of a column, prevent removal of an index in prod etc)
 Jenkins, Bamboo, TeamCity, CircleCi, CA-ARA, XebiaLabs, Automic, Jira Heterogeneous CD Pipeline
Q&A
Connect with us
Thank you

Recomendados

DevOps By The Numbers
DevOps By The NumbersDevOps By The Numbers
DevOps By The NumbersXebiaLabs
 
Doc is Dead! How Walkthroughs Changed Salesforce's Content Strategy
Doc is Dead! How Walkthroughs Changed Salesforce's Content StrategyDoc is Dead! How Walkthroughs Changed Salesforce's Content Strategy
Doc is Dead! How Walkthroughs Changed Salesforce's Content StrategySalesforce Engineering
 
Scrum is Disruptive in Your Organisation
Scrum is Disruptive in Your OrganisationScrum is Disruptive in Your Organisation
Scrum is Disruptive in Your OrganisationShane Wheller
 
Maintaining a-healthy-architecture-in-sf
Maintaining a-healthy-architecture-in-sfMaintaining a-healthy-architecture-in-sf
Maintaining a-healthy-architecture-in-sfpanayaofficial
 
Qa & You
Qa & YouQa & You
Qa & YouJon Robinson
 
itSMF Belgium kickoff 2015
itSMF Belgium kickoff 2015itSMF Belgium kickoff 2015
itSMF Belgium kickoff 2015itSMF Belgium
 
Engineering Effectiveness
Engineering EffectivenessEngineering Effectiveness
Engineering EffectivenessMarcio Sete
 
Lean Prod Development ProductCamp Vancouver Feb15
Lean Prod Development ProductCamp Vancouver Feb15Lean Prod Development ProductCamp Vancouver Feb15
Lean Prod Development ProductCamp Vancouver Feb15Joe Lukan
 

Recomendados

DevOps By The Numbers
DevOps By The NumbersDevOps By The Numbers
DevOps By The NumbersXebiaLabs
 
Doc is Dead! How Walkthroughs Changed Salesforce's Content Strategy
Doc is Dead! How Walkthroughs Changed Salesforce's Content StrategyDoc is Dead! How Walkthroughs Changed Salesforce's Content Strategy
Doc is Dead! How Walkthroughs Changed Salesforce's Content StrategySalesforce Engineering
 
Scrum is Disruptive in Your Organisation
Scrum is Disruptive in Your OrganisationScrum is Disruptive in Your Organisation
Scrum is Disruptive in Your OrganisationShane Wheller
 
Maintaining a-healthy-architecture-in-sf
Maintaining a-healthy-architecture-in-sfMaintaining a-healthy-architecture-in-sf
Maintaining a-healthy-architecture-in-sfpanayaofficial
 
Qa & You
Qa & YouQa & You
Qa & YouJon Robinson
 
itSMF Belgium kickoff 2015
itSMF Belgium kickoff 2015itSMF Belgium kickoff 2015
itSMF Belgium kickoff 2015itSMF Belgium
 
Engineering Effectiveness
Engineering EffectivenessEngineering Effectiveness
Engineering EffectivenessMarcio Sete
 
Lean Prod Development ProductCamp Vancouver Feb15
Lean Prod Development ProductCamp Vancouver Feb15Lean Prod Development ProductCamp Vancouver Feb15
Lean Prod Development ProductCamp Vancouver Feb15Joe Lukan
 
Agile at Salesforce From theory to practice, how to be agile at scale
Agile at Salesforce From theory to practice, how to be agile at scaleAgile at Salesforce From theory to practice, how to be agile at scale
Agile at Salesforce From theory to practice, how to be agile at scaleSalesforce Engineering
 
Cl212
Cl212Cl212
Cl212Juliette Ponnet
 
An Introduction to the Agile SoC
An Introduction to the Agile SoCAn Introduction to the Agile SoC
An Introduction to the Agile SoCCybereason
 
Lean Practices For Software Development
Lean Practices For Software DevelopmentLean Practices For Software Development
Lean Practices For Software DevelopmentSandeep Yadav
 
Scrum in Your SOC @Blackhat USA 2017
Scrum in Your SOC @Blackhat USA 2017Scrum in Your SOC @Blackhat USA 2017
Scrum in Your SOC @Blackhat USA 2017Justin Erdman
 
Kaizen lite
Kaizen liteKaizen lite
Kaizen liteZachar Prychoda
 
Flow-based Product Development
Flow-based Product DevelopmentFlow-based Product Development
Flow-based Product DevelopmentDaniel Gordon
 
The Agile SOC @SANS SOC Summit 2017
The Agile SOC @SANS SOC Summit 2017The Agile SOC @SANS SOC Summit 2017
The Agile SOC @SANS SOC Summit 2017Justin Erdman
 
Switch tokanban2
Switch tokanban2Switch tokanban2
Switch tokanban2Skills Matter
 
Sorabh Mangalx
Sorabh MangalxSorabh Mangalx
Sorabh MangalxSorabh Mangal
 
Understanding devops
Understanding devopsUnderstanding devops
Understanding devopsJames Samuel
 
Flow efficiency - a digital operations strategy
Flow efficiency - a digital operations strategyFlow efficiency - a digital operations strategy
Flow efficiency - a digital operations strategyMarcio Sete
 
Solid Testing & Assurance A5 Flyer
Solid Testing & Assurance A5 FlyerSolid Testing & Assurance A5 Flyer
Solid Testing & Assurance A5 Flyerrobseels
 
From Measurement to Insight: Putting DevOps Metrics To Work
From Measurement to Insight: Putting DevOps Metrics To WorkFrom Measurement to Insight: Putting DevOps Metrics To Work
From Measurement to Insight: Putting DevOps Metrics To WorkDevOps.com
 
+Agile basics
+Agile basics+Agile basics
+Agile basicswalid sassi
 
Why Does (My) Monitoring Suck?
Why Does (My) Monitoring Suck?Why Does (My) Monitoring Suck?
Why Does (My) Monitoring Suck?Todd Palino
 
Code Yellow: Helping Operations Top-Heavy Teams the Smart Way
Code Yellow: Helping Operations Top-Heavy Teams the Smart WayCode Yellow: Helping Operations Top-Heavy Teams the Smart Way
Code Yellow: Helping Operations Top-Heavy Teams the Smart WayTodd Palino
 
When down is not good enough. SRE On Azure - PolarConf
When down is not good enough. SRE On Azure - PolarConfWhen down is not good enough. SRE On Azure - PolarConf
When down is not good enough. SRE On Azure - PolarConfRene Van Osnabrugge
 
Presentation1
Presentation1Presentation1
Presentation1AgileNetwork
 
Being Agile
Being AgileBeing Agile
Being AgileTim Huegdon
 
The end of traditional enterprise IT - ING's journey to the next generation I...
The end of traditional enterprise IT - ING's journey to the next generation I...The end of traditional enterprise IT - ING's journey to the next generation I...
The end of traditional enterprise IT - ING's journey to the next generation I...NLJUG
 
Deploying 30 times a day, and making sure everything stays 200 OK by Eric Sigler
Deploying 30 times a day, and making sure everything stays 200 OK by Eric SiglerDeploying 30 times a day, and making sure everything stays 200 OK by Eric Sigler
Deploying 30 times a day, and making sure everything stays 200 OK by Eric SiglerDevOpsDays Baltimore
 

Más contenido relacionado

La actualidad más candente

Agile at Salesforce From theory to practice, how to be agile at scale
Agile at Salesforce From theory to practice, how to be agile at scaleAgile at Salesforce From theory to practice, how to be agile at scale
Agile at Salesforce From theory to practice, how to be agile at scaleSalesforce Engineering
 
An Introduction to the Agile SoC
An Introduction to the Agile SoCAn Introduction to the Agile SoC
An Introduction to the Agile SoCCybereason
 
Lean Practices For Software Development
Lean Practices For Software DevelopmentLean Practices For Software Development
Lean Practices For Software DevelopmentSandeep Yadav
 
Scrum in Your SOC @Blackhat USA 2017
Scrum in Your SOC @Blackhat USA 2017Scrum in Your SOC @Blackhat USA 2017
Scrum in Your SOC @Blackhat USA 2017Justin Erdman
 
Flow-based Product Development
Flow-based Product DevelopmentFlow-based Product Development
Flow-based Product DevelopmentDaniel Gordon
 
The Agile SOC @SANS SOC Summit 2017
The Agile SOC @SANS SOC Summit 2017The Agile SOC @SANS SOC Summit 2017
The Agile SOC @SANS SOC Summit 2017Justin Erdman
 
Understanding devops
Understanding devopsUnderstanding devops
Understanding devopsJames Samuel
 
Flow efficiency - a digital operations strategy
Flow efficiency - a digital operations strategyFlow efficiency - a digital operations strategy
Flow efficiency - a digital operations strategyMarcio Sete
 
Solid Testing & Assurance A5 Flyer
Solid Testing & Assurance A5 FlyerSolid Testing & Assurance A5 Flyer
Solid Testing & Assurance A5 Flyerrobseels
 
From Measurement to Insight: Putting DevOps Metrics To Work
From Measurement to Insight: Putting DevOps Metrics To WorkFrom Measurement to Insight: Putting DevOps Metrics To Work
From Measurement to Insight: Putting DevOps Metrics To WorkDevOps.com
 
Why Does (My) Monitoring Suck?
Why Does (My) Monitoring Suck?Why Does (My) Monitoring Suck?
Why Does (My) Monitoring Suck?Todd Palino
 
Code Yellow: Helping Operations Top-Heavy Teams the Smart Way
Code Yellow: Helping Operations Top-Heavy Teams the Smart WayCode Yellow: Helping Operations Top-Heavy Teams the Smart Way
Code Yellow: Helping Operations Top-Heavy Teams the Smart WayTodd Palino
 
When down is not good enough. SRE On Azure - PolarConf
When down is not good enough. SRE On Azure - PolarConfWhen down is not good enough. SRE On Azure - PolarConf
When down is not good enough. SRE On Azure - PolarConfRene Van Osnabrugge
 

La actualidad más candente (20)

Agile at Salesforce From theory to practice, how to be agile at scale
Agile at Salesforce From theory to practice, how to be agile at scaleAgile at Salesforce From theory to practice, how to be agile at scale
Agile at Salesforce From theory to practice, how to be agile at scale
 
Cl212
Cl212Cl212
Cl212
 
An Introduction to the Agile SoC
An Introduction to the Agile SoCAn Introduction to the Agile SoC
An Introduction to the Agile SoC
 
Lean Practices For Software Development
Lean Practices For Software DevelopmentLean Practices For Software Development
Lean Practices For Software Development
 
Scrum in Your SOC @Blackhat USA 2017
Scrum in Your SOC @Blackhat USA 2017Scrum in Your SOC @Blackhat USA 2017
Scrum in Your SOC @Blackhat USA 2017
 
Kaizen lite
Kaizen liteKaizen lite
Kaizen lite
 
Flow-based Product Development
Flow-based Product DevelopmentFlow-based Product Development
Flow-based Product Development
 
The Agile SOC @SANS SOC Summit 2017
The Agile SOC @SANS SOC Summit 2017The Agile SOC @SANS SOC Summit 2017
The Agile SOC @SANS SOC Summit 2017
 
Switch tokanban2
Switch tokanban2Switch tokanban2
Switch tokanban2
 
Sorabh Mangalx
Sorabh MangalxSorabh Mangalx
Sorabh Mangalx
 
Understanding devops
Understanding devopsUnderstanding devops
Understanding devops
 
Flow efficiency - a digital operations strategy
Flow efficiency - a digital operations strategyFlow efficiency - a digital operations strategy
Flow efficiency - a digital operations strategy
 
Solid Testing & Assurance A5 Flyer
Solid Testing & Assurance A5 FlyerSolid Testing & Assurance A5 Flyer
Solid Testing & Assurance A5 Flyer
 
From Measurement to Insight: Putting DevOps Metrics To Work
From Measurement to Insight: Putting DevOps Metrics To WorkFrom Measurement to Insight: Putting DevOps Metrics To Work
From Measurement to Insight: Putting DevOps Metrics To Work
 
+Agile basics
+Agile basics+Agile basics
+Agile basics
 
Why Does (My) Monitoring Suck?
Why Does (My) Monitoring Suck?Why Does (My) Monitoring Suck?
Why Does (My) Monitoring Suck?
 
Code Yellow: Helping Operations Top-Heavy Teams the Smart Way
Code Yellow: Helping Operations Top-Heavy Teams the Smart WayCode Yellow: Helping Operations Top-Heavy Teams the Smart Way
Code Yellow: Helping Operations Top-Heavy Teams the Smart Way
 
When down is not good enough. SRE On Azure - PolarConf
When down is not good enough. SRE On Azure - PolarConfWhen down is not good enough. SRE On Azure - PolarConf
When down is not good enough. SRE On Azure - PolarConf
 
Presentation1
Presentation1Presentation1
Presentation1
 
Being Agile
Being AgileBeing Agile
Being Agile
 

Destacado

The end of traditional enterprise IT - ING's journey to the next generation I...
The end of traditional enterprise IT - ING's journey to the next generation I...The end of traditional enterprise IT - ING's journey to the next generation I...
The end of traditional enterprise IT - ING's journey to the next generation I...NLJUG
 
Deploying 30 times a day, and making sure everything stays 200 OK by Eric Sigler
Deploying 30 times a day, and making sure everything stays 200 OK by Eric SiglerDeploying 30 times a day, and making sure everything stays 200 OK by Eric Sigler
Deploying 30 times a day, and making sure everything stays 200 OK by Eric SiglerDevOpsDays Baltimore
 
~~Putting~~ Convincing the Ops in DevOps by Jamie Jones
~~Putting~~ Convincing the Ops in DevOps by Jamie Jones~~Putting~~ Convincing the Ops in DevOps by Jamie Jones
~~Putting~~ Convincing the Ops in DevOps by Jamie JonesDevOpsDays Baltimore
 
Visual studio 2017 Launch keynote - Afterworks@Noumea
Visual studio 2017 Launch keynote - Afterworks@NoumeaVisual studio 2017 Launch keynote - Afterworks@Noumea
Visual studio 2017 Launch keynote - Afterworks@NoumeaJulien Chable
 
DevSecOpsNess: Adding the business dimension to DevOps by Tanusree McCabe
DevSecOpsNess: Adding the business dimension to DevOps by Tanusree McCabeDevSecOpsNess: Adding the business dimension to DevOps by Tanusree McCabe
DevSecOpsNess: Adding the business dimension to DevOps by Tanusree McCabeDevOpsDays Baltimore
 
Third-Wave DevOps: What we can learn from Coffee by Jason Yee
Third-Wave DevOps: What we can learn from Coffee by Jason YeeThird-Wave DevOps: What we can learn from Coffee by Jason Yee
Third-Wave DevOps: What we can learn from Coffee by Jason YeeDevOpsDays Baltimore
 
Building trust within the organization, first steps towards DevOps
Building trust within the organization, first steps towards DevOpsBuilding trust within the organization, first steps towards DevOps
Building trust within the organization, first steps towards DevOpsGuido Serra
 
JavaOne 2015 Devops and the Darkside CON6447
JavaOne 2015 Devops and the Darkside CON6447JavaOne 2015 Devops and the Darkside CON6447
JavaOne 2015 Devops and the Darkside CON6447Steve Poole
 
Delitos Sexuales
Delitos SexualesDelitos Sexuales
Delitos SexualesRiveroM25
 
3Com 21H9856
3Com 21H98563Com 21H9856
3Com 21H9856savomir
 
3Com 5998014246917
3Com 59980142469173Com 5998014246917
3Com 5998014246917savomir
 
3Com 10505-04
3Com 10505-043Com 10505-04
3Com 10505-04savomir
 
3Com 3CPCCOMBO-CB1
3Com 3CPCCOMBO-CB13Com 3CPCCOMBO-CB1
3Com 3CPCCOMBO-CB1savomir
 

Destacado (15)

The end of traditional enterprise IT - ING's journey to the next generation I...
The end of traditional enterprise IT - ING's journey to the next generation I...The end of traditional enterprise IT - ING's journey to the next generation I...
The end of traditional enterprise IT - ING's journey to the next generation I...
 
Deploying 30 times a day, and making sure everything stays 200 OK by Eric Sigler
Deploying 30 times a day, and making sure everything stays 200 OK by Eric SiglerDeploying 30 times a day, and making sure everything stays 200 OK by Eric Sigler
Deploying 30 times a day, and making sure everything stays 200 OK by Eric Sigler
 
~~Putting~~ Convincing the Ops in DevOps by Jamie Jones
~~Putting~~ Convincing the Ops in DevOps by Jamie Jones~~Putting~~ Convincing the Ops in DevOps by Jamie Jones
~~Putting~~ Convincing the Ops in DevOps by Jamie Jones
 
Visual studio 2017 Launch keynote - Afterworks@Noumea
Visual studio 2017 Launch keynote - Afterworks@NoumeaVisual studio 2017 Launch keynote - Afterworks@Noumea
Visual studio 2017 Launch keynote - Afterworks@Noumea
 
DevSecOpsNess: Adding the business dimension to DevOps by Tanusree McCabe
DevSecOpsNess: Adding the business dimension to DevOps by Tanusree McCabeDevSecOpsNess: Adding the business dimension to DevOps by Tanusree McCabe
DevSecOpsNess: Adding the business dimension to DevOps by Tanusree McCabe
 
Third-Wave DevOps: What we can learn from Coffee by Jason Yee
Third-Wave DevOps: What we can learn from Coffee by Jason YeeThird-Wave DevOps: What we can learn from Coffee by Jason Yee
Third-Wave DevOps: What we can learn from Coffee by Jason Yee
 
Building trust within the organization, first steps towards DevOps
Building trust within the organization, first steps towards DevOpsBuilding trust within the organization, first steps towards DevOps
Building trust within the organization, first steps towards DevOps
 
DevOpsVersion2
DevOpsVersion2DevOpsVersion2
DevOpsVersion2
 
JavaOne 2015 Devops and the Darkside CON6447
JavaOne 2015 Devops and the Darkside CON6447JavaOne 2015 Devops and the Darkside CON6447
JavaOne 2015 Devops and the Darkside CON6447
 
Delitos Sexuales
Delitos SexualesDelitos Sexuales
Delitos Sexuales
 
Отчет Коллегии по жалобам на прессу за 2014 - 2017 годы
Отчет Коллегии по жалобам на прессу за 2014 - 2017 годы Отчет Коллегии по жалобам на прессу за 2014 - 2017 годы
Отчет Коллегии по жалобам на прессу за 2014 - 2017 годы
 
3Com 21H9856
3Com 21H98563Com 21H9856
3Com 21H9856
 
3Com 5998014246917
3Com 59980142469173Com 5998014246917
3Com 5998014246917
 
3Com 10505-04
3Com 10505-043Com 10505-04
3Com 10505-04
 
3Com 3CPCCOMBO-CB1
3Com 3CPCCOMBO-CB13Com 3CPCCOMBO-CB1
3Com 3CPCCOMBO-CB1
 

Similar a How Financial Institutions Must Enforce DevOps Organizational Policy

Challenges and Best Practices of Database Continuous Delivery
Challenges and Best Practices of Database Continuous DeliveryChallenges and Best Practices of Database Continuous Delivery
Challenges and Best Practices of Database Continuous DeliveryDBmaestro - Database DevOps
 
Geek Sync I In Database Automation We Trust
Geek Sync I In Database Automation We TrustGeek Sync I In Database Automation We Trust
Geek Sync I In Database Automation We TrustIDERA Software
 
Challenges and best practices of database continuous delivery
Challenges and best practices of database continuous deliveryChallenges and best practices of database continuous delivery
Challenges and best practices of database continuous deliveryDBmaestro - Database DevOps
 
The Role of Automation in the Journey to Continuous Delivery
The Role of Automation in the Journey to Continuous DeliveryThe Role of Automation in the Journey to Continuous Delivery
The Role of Automation in the Journey to Continuous DeliveryXebiaLabs
 
Pay pal paypal continuous performance as a self-service with fully-automated...
Pay pal paypal continuous performance as a self-service with fully-automated...Pay pal paypal continuous performance as a self-service with fully-automated...
Pay pal paypal continuous performance as a self-service with fully-automated...Dynatrace
 
Webinar: Demonstrating Business Value for DevOps & Continuous Delivery
Webinar: Demonstrating Business Value for DevOps & Continuous DeliveryWebinar: Demonstrating Business Value for DevOps & Continuous Delivery
Webinar: Demonstrating Business Value for DevOps & Continuous DeliveryXebiaLabs
 
The Challenges & Pitfalls of Database Continuous Delivery
The Challenges & Pitfalls of Database Continuous DeliveryThe Challenges & Pitfalls of Database Continuous Delivery
The Challenges & Pitfalls of Database Continuous DeliveryPerforce
 
sitHH16 - The Implications of Becoming Agile
sitHH16 - The Implications of Becoming AgilesitHH16 - The Implications of Becoming Agile
sitHH16 - The Implications of Becoming AgileMarkus Theilen
 
2019 State of DevOps Report: Database Best Practices for Strong DevOps
2019 State of DevOps Report: Database Best Practices for Strong DevOps2019 State of DevOps Report: Database Best Practices for Strong DevOps
2019 State of DevOps Report: Database Best Practices for Strong DevOpsDevOps.com
 
Security, Policy & Drift - Getting Database Risk Under Control in Release Aut...
Security, Policy & Drift - Getting Database Risk Under Control in Release Aut...Security, Policy & Drift - Getting Database Risk Under Control in Release Aut...
Security, Policy & Drift - Getting Database Risk Under Control in Release Aut...DevOps.com
 
Continuous delivery
Continuous deliveryContinuous delivery
Continuous deliveryMasas Dani
 
Building enterprise platforms - off the beaten path - SharePoint User Group U...
Building enterprise platforms - off the beaten path - SharePoint User Group U...Building enterprise platforms - off the beaten path - SharePoint User Group U...
Building enterprise platforms - off the beaten path - SharePoint User Group U...Andy Talbot
 
Tools and practices to use in a Continuous Delivery pipeline
Tools and practices to use in a Continuous Delivery pipelineTools and practices to use in a Continuous Delivery pipeline
Tools and practices to use in a Continuous Delivery pipelineMatteo Emili
 
Continuous Delivery at Wix, Yaniv Even Haim
Continuous Delivery at Wix, Yaniv Even HaimContinuous Delivery at Wix, Yaniv Even Haim
Continuous Delivery at Wix, Yaniv Even HaimDevOpsDays Tel Aviv
 

Similar a How Financial Institutions Must Enforce DevOps Organizational Policy (20)

Challenges and Best Practices of Database Continuous Delivery
Challenges and Best Practices of Database Continuous DeliveryChallenges and Best Practices of Database Continuous Delivery
Challenges and Best Practices of Database Continuous Delivery
 
Geek Sync I In Database Automation We Trust
Geek Sync I In Database Automation We TrustGeek Sync I In Database Automation We Trust
Geek Sync I In Database Automation We Trust
 
Challenges and best practices of database continuous delivery
Challenges and best practices of database continuous deliveryChallenges and best practices of database continuous delivery
Challenges and best practices of database continuous delivery
 
The Role of Automation in the Journey to Continuous Delivery
The Role of Automation in the Journey to Continuous DeliveryThe Role of Automation in the Journey to Continuous Delivery
The Role of Automation in the Journey to Continuous Delivery
 
DevOps Overview
DevOps OverviewDevOps Overview
DevOps Overview
 
Pay pal paypal continuous performance as a self-service with fully-automated...
Pay pal paypal continuous performance as a self-service with fully-automated...Pay pal paypal continuous performance as a self-service with fully-automated...
Pay pal paypal continuous performance as a self-service with fully-automated...
 
Enterprise scale continuous delivery
Enterprise scale continuous deliveryEnterprise scale continuous delivery
Enterprise scale continuous delivery
 
Webinar: Demonstrating Business Value for DevOps & Continuous Delivery
Webinar: Demonstrating Business Value for DevOps & Continuous DeliveryWebinar: Demonstrating Business Value for DevOps & Continuous Delivery
Webinar: Demonstrating Business Value for DevOps & Continuous Delivery
 
The Challenges & Pitfalls of Database Continuous Delivery
The Challenges & Pitfalls of Database Continuous DeliveryThe Challenges & Pitfalls of Database Continuous Delivery
The Challenges & Pitfalls of Database Continuous Delivery
 
sitHH16 - The Implications of Becoming Agile
sitHH16 - The Implications of Becoming AgilesitHH16 - The Implications of Becoming Agile
sitHH16 - The Implications of Becoming Agile
 
2019 State of DevOps Report: Database Best Practices for Strong DevOps
2019 State of DevOps Report: Database Best Practices for Strong DevOps2019 State of DevOps Report: Database Best Practices for Strong DevOps
2019 State of DevOps Report: Database Best Practices for Strong DevOps
 
Webinar: "In database automation we trust"
Webinar: "In database automation we trust"Webinar: "In database automation we trust"
Webinar: "In database automation we trust"
 
Devops as a service
Devops as a serviceDevops as a service
Devops as a service
 
Taking Database Development to the 21st Century
Taking Database Development to the 21st CenturyTaking Database Development to the 21st Century
Taking Database Development to the 21st Century
 
Security, Policy & Drift - Getting Database Risk Under Control in Release Aut...
Security, Policy & Drift - Getting Database Risk Under Control in Release Aut...Security, Policy & Drift - Getting Database Risk Under Control in Release Aut...
Security, Policy & Drift - Getting Database Risk Under Control in Release Aut...
 
In (database) automation we trust
In (database) automation we trustIn (database) automation we trust
In (database) automation we trust
 
Continuous delivery
Continuous deliveryContinuous delivery
Continuous delivery
 
Building enterprise platforms - off the beaten path - SharePoint User Group U...
Building enterprise platforms - off the beaten path - SharePoint User Group U...Building enterprise platforms - off the beaten path - SharePoint User Group U...
Building enterprise platforms - off the beaten path - SharePoint User Group U...
 
Tools and practices to use in a Continuous Delivery pipeline
Tools and practices to use in a Continuous Delivery pipelineTools and practices to use in a Continuous Delivery pipeline
Tools and practices to use in a Continuous Delivery pipeline
 
Continuous Delivery at Wix, Yaniv Even Haim
Continuous Delivery at Wix, Yaniv Even HaimContinuous Delivery at Wix, Yaniv Even Haim
Continuous Delivery at Wix, Yaniv Even Haim
 

Último

What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
cpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptcpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptrcbcrtm
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Software Coding for software engineering
Software Coding for software engineeringSoftware Coding for software engineering
Software Coding for software engineeringssuserb3a23b
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 

Último (20)

What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
cpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptcpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.ppt
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Software Coding for software engineering
Software Coding for software engineeringSoftware Coding for software engineering
Software Coding for software engineering
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 

How Financial Institutions Must Enforce DevOps Organizational Policy

  • 1. How Financial Institutions Must Enforce DevOps Organizations Policy
  • 2. Agenda ▪ Continuous Delivery at enterprise scale ▪ The reasons why the database is often left behind ▪ Best practices of Continuous Delivery for modern applications ▪ The way to achieve the optimal delivery pipeline – including the database ▪ Q&A
  • 3. Presenter Yaniv Yehuda Co-Founder & CTO at DBmaestro Spent the last years raising awareness about the challenges around database development and deployment, and how to support database Continuous Delivery.
  • 4. This is me I like going fast, but I do need to manage risks…
  • 5. About DBmaestro ▪ DevSecOps for databases: ▪ Database version control ▪ Release management ▪ Security management
  • 7. Financial Services Business Demands Providing best customer experience in a highly competitive market: Gaining customer’s loyalty in the mobile and hyper-connected world In one of the most regulated sectors Customers are looking for: ▪ Intuitive service over any application ▪ Device agnostic connectivity ▪ Reliability - you cannot be too careful about their money Implications on Development, QA and Delivery: release applications fast, safe and NEVER make errors!
  • 8. ARA on the Rise, Database Lagging Behind Manual work: can’t scale, can’t match CD frequency, not repeatable, prone to error * Dzone DevOps survey 2016
  • 9. Fail fast fail often – continuous improvement Code is easy... Building and releasing code ▪ Code can be replicated, branched and merged ▪ Best practices suggest a single build process ▪ Release process is done by copying compiled code & executables
  • 10. Fail fast? Pay the price… Database is not that simple Building and releasing databases ▪ A database is not a collection of files on the file system ▪ Each database environment contains a copy of the configuration ▪ Inconsistencies between environments ▪ Configuration drifts / out of process changes… ▪ Release process is incremental ▪ Cannot copy a DB from QA to Prod… ▪ Database upgrade and rollback scripts are separate from DB configuration
  • 11. Pay the price ▪ Big Bank correlates 60% of release issues to the database − Managing environments, automating ▪ Banking app failing for a day! - Index removed from production − Choosing the right tools to automate with ▪ Disastrous down time - 5gb Table dropped from production… − Controlling release process
  • 12. X Int QA Stage Prod Dev Dev Dev Model ‘Break Glass’ Out of Process Change X X X X X X Configuration drift… So how can we automate? This is exactly why we are doing things manually! The risk of over simplifying automation
  • 13. The old days... ▪ Waterfall : Consolidating changes to one big release − Every 3-6-9 months? ▪ Being BIG − Big dev cycles − Big QA efforts − ‘Getting ready’ for the Big release well in advance ▪ Spending time evaluating changes − Developer/ ADBA introducing changes, building db upgrade scripts − DBA evaluates, suggests improvements or approves − DBA pushes changes forward / runs on higher environments
  • 14. The old days... Safe but slow ▪ The Dev team is responsible − For creating logical changes to the app/db ▪ The DBA is responsible − For db changes code reviews (especially around high risk areas) − For handling rollout and rollout risks − For the health and continuous operation of the db ▪ Problem? Slow process…
  • 15. Modern days – going faster ▪ Agile : small focused − Every 2-3-4 weeks? − Continuously? ▪ CD/CD − Small/atomic changes − Quick feedback loops (unit tests, automated tests…) − Small changes being quickly pushed all the way to (pre) production ▪ Evaluate changes? − Dev team often says DBA team is a bottle neck… (numbers game…)
  • 16. Going faster – managing risk Who is responsible?? − Dev teams wants to be agile and self-sufficiency • Be responsible for pushing their changes forward − DBAs are responsible for the health and continuous operation of the db − Who is responsible for handling rollout and rollout risks? • Evaluating changes? • Managing risk? • Blamestorming is inevitable…
  • 17. Tension & Risk ▪ Dev team: “we accepts responsibility” ▪ DBA team: “we will most likely be one you turn to in trouble…” {…you shouldn't have gotten into in first place} ▪ Enter: DevOps!
  • 18. DevOps: going forward fast, yet safely DevOps for databases • Cross responsibilities - Dev team, DBA, Release manager, DevOps expert… • Creating a repeatable processes – Release Automation – Handling exceptions • Setting ground rules – what goes where? when? • Setting process controls – handling risk: policies & roles • Managing Risk
  • 19. Int QA Stage Prod Dev Dev Dev Model ‘Break Glass’ Out of Process Change Validate OR Validate Validate Dev Goal: effective and productive Ops Goal: safe, predictable, scalable & controlled Any Source Of change Balancing Dev & Ops
  • 20. Database Release Automation challenges Releasing ▪ Different sources of change (IDEs, scripts, App Setup) ▪ Simplistic automation potentially breaking environments ▪ Requires skill, diligent and invest a lot of efforts ▪ Dealing with configuration drifts ▪ Out of process changes & break glass scenarios ▪ How are we validating Success? ▪ And control Policies? ▪ Garbage in, garbage out? ▪ Achieving Compliance and Auditing
  • 21. QA Stage Prod ‘Break Glass’ Out of Process Change Validate Validate 1. Comply to Policy rules 1. Enforce security roles 2. Prevent non-policy updates 2. Validate pre-release configuration 1. Stop automation 2. Notify Drift 3. Suggest resolution 3. Execute upgrade 1. Audit changes 4. Validate post-release results 1. Activate tests 2. Enable rollback if required 5. Alert or prevent out of process changes Safe, Fast, Stable, Repeatable, Scalable and Secure Database Automation Validated & Safe Automation
  • 22.  Need to answer: Who? What? Where? When? Why?  Security roles – Control who can do what and where  Audit - Who did what when and why Security, Compliance & Audit
  • 23. Policy Management ▪ Define the policy rules to govern changes on a per- environment basis − Incoming changes, whether in scripts or interactive changes are measured against policy rules − What? Where? When? − Prevent execution of risky or non-policy code (prevent dropping of a column, prevent removal of an index in prod etc)
  • 24.  Jenkins, Bamboo, TeamCity, CircleCi, CA-ARA, XebiaLabs, Automic, Jira Heterogeneous CD Pipeline
  • 25.
  • 26. Q&A