This talk focused on how the quality assurance practices need to be seen in different view when the software delivery is done in DevOps and SecOps Approach. SecOps stands for Security Operations. I will talk about the practices like Architecture and Infrastructure readiness , Quality Assurance / Security Assurance and Test Quality Assurance in the pipeline, Dev and Ops Collaboration, Quantitative analysis of the Continuous Delivery System , Periodic Assessment for System Refactoring Pattern, Causal Analysis feedback (Defects, Problems Learning) to CD System.

1. Prepared by :
Anish Cheriyan, Director, Huawei
Prepared By Anish Cheriyan,
Director, Huawei Technologies

2. Topics
• DevOps & SecOps
• Practices in Detail
• Summary

3. Background
• Embedded Development.
• Network Management System
• Protocol Stack

4. Traditional Quality Assurance
Gated Approach for Quality Assurance
Requirem
ent
Design
Coding
Unit Test
Functiona
l Testing
includes
ities
Independ
ent V&V
Launch

5. DevOps
DevOps is a set of practices intended
to reduce the time between
committing a change to a system
and the change being placed into
normal production, while ensuring
high quality

6. Security
Picture Courtesy:
http://threatgeek.typepad.com/.a/6a0147e41f3c0a97
0b01a73dba51f6970d-pi
‘To err is human, to really
screw up you need root
password’

7. SecOps
SecOps built into the Deployment
Pipeline. Dev & Ops Collaborate and
ensure desired level of Security
Picture Courtesy:
http://threatgeek.typepad.com/.a/6a0147e41f3c0a97
0b01a73dba51f6970d-pi

8. Case Study
• Consider and CRM System which uses a Modeling tool
to automate the business processes.
• The system which has two key parts-Workflow Engine
and Workflow Modeling tool (UI) team . Workflow
Engine works based on the rule engine. Modeling Tool
uses the Engine. Total team size is around 60.
• What are factors you will consider to designing your
Continuous Delivery Architecture.

9. Short Feedback Loops
DevOps
Delivery
Deploym
ent
Picture Coutesy: https://www.flickr.com/photos/

10. •Requirement
documentation at right
granularity
•OPS Perspective-
deployability,
modifiability,
monitoribility
Requirements
Picture Coutesy: https://www.flickr.com/photos/libramano/9372711893/

11. . Architecture
Readiness for CD-
deployability,
modifiability,
monitoribility ,
testability
. Continuous
Delivery
Architecture
. Build Pipeline
Architecture
Picture Coutesy: https://www.flickr.com/

12. Infrastructure Readiness
•Environment
Provisioning based on
customer requirement
analysis (OPS)
•Right Tool Usage (VM,
Container like Docker etc)
for the respective
requirement

13. Build Pipeline
http://blog.xebialabs.com/2016/02/09/how-ing-increased-software-deployments-to-twice-a-day/continuous-deployment-pipeline/

14. SystemArchitecture
L1
CIArhitecture
L2
DeploymentPipeline
L3
C1
C2
C3
M1
C1 Continuous
Integration System
C2 Continuous
Integration System
C3 Continuous
Integration System
C1 Deployment Pipeline
C2 Deployment Pipeline
C3 Deployment Pipeline
Hierarchical Approach for CD and DevOps

15. Quality Assurance in the Pipeline
Inspectio
n /Static
QA
Test QA
Security
Assuranc
e
Configura
tion QA
'ities'
Assuranc
e

16. Inspection/Static QA
Simian Rules for managing
the rules

17. Test QA
Read at : http://www.thinkinginagile.com/2015/07/agile-testing-practices-mapped-to.html

18. Security Assurance
Static/Dyna
mic
Analysis
(Fortify,
Coverity)
Scanning
(Nessus, Nmap)
Security
Test (Threat
Model)
Attack

19. Configuration QA
• Single Source Repository
for all items
• Build Script Quality
(abstraction,
modularization, coding
guidelines) (Automatic or
manual way)

20. Analysis of the Build Pipeline
Build
Private
Build
Version
Build
Function
Build
ities
Build
Deploym
ent Build
Build 01 Pass Pass Fail Fail Fail
Build 02 Pass Pass Pass Fail Fail
Build 03 Pass Pass Fail Fail Fail
Build 04 Pass Pass Pass Fail Fail
Build 05 Pass Pass Fail Fail Fail
Build 06 Pass Pass Fail Fail Fail
Build 07 Pass Pass Fail Fail Fail

21. Test your Deployment pipeline
Repea
tabilit
y
Perfor
mance
Reliabi
lity
Recov
erabili
ty
Intero
perabil
ity
Testabi
lity
Modifi
ability

22. Cross Cutting Collaboration

23. Summary
• Continuous attention to technical excellence
and good design enhances agility
• Lets Build Quality & Security in..

24. Thank You
@anishcheriyan
www.anishcheriyan.com