Professional Documents
Culture Documents
DevOps:
mented by tool kits that promise to transform
the speed and quality with which IT organizations
deliver applications and services to businesses.
Three Common
actual adoption. This is largely due to three major
stumbling blocks: the state of organizational
preparedness; the number of extant heritage
reducing cycle time, managing constraints In short, technology adoption for agility does
and preventing handoff of defects down- not mean eliminating total quality manage-
stream. ment (TQM) practices. Rather, it is the other
way around: TQM maturity is a prerequisite for
Eliminating wait times and enabling the feed- technology-driven agility adoption in a DevOps
back loop to return to the earliest part of ecosystem. ITIL disciplines become integral to
definition, design and development. continuous delivery much in the same way as
CMMI disciplines into continuous integration
Resilience engineering by continuously inject-
(CI) are the foundation of the broader DevOps
ing tension into the system to reinforce habits
practices.
and improve performance.
Collaborative Operating Models
Throwing technology tools into lifecycle auto-
mation will not be fruitful without an appre- Developing collaborative operating models
ciation of each type of maturity. Technology for continuous everything is the most diffi-
injection in a black box development and oper- cult readiness dimension to address. Almost all
ations environment will lead only to blackouts, organizations falter on their first attempts to
however effective the integration and address the cultural changes associated with
deployment automation technology chosen. the DevOps operating model and its consequent
need for organizational silos to be broken down.
3
Regulatory ing costly delays later trying to correct missing or
Compliance incomplete security features in the release.
2
Infrastructure The DevOps approach helps make over the system, like
applying a Velociraptor skin on a placid Apatosaurus.
1
Technology-Enabled Agility although it is an important enabler.
Competency Orchestration
The success of orchestration requires the DevOps practice
Collaborative Operating Model
to empower developers to be self-sufficient in delivering
timely features without breaking production disciplines.
Figure 1
Third-party IT service delivery has made this a with pride, build further and collaborate on a
larger challenge because the sourced and/or revised offering.
offshore elements increase compartmentaliza-
tion and accountability demarcations within the It is only natural that success in the continu-
organization and providers. For collaboration ous-everything DevOps model needs continuous
to truly work in an Agile environment with a working collaboration. There is no room for
continuous everything mindset, the following siloed outcomes; each work center or specializa-
steps are necessary: tion must have a bidirectional collaboration with
its predecessor and successor.
Breaking down silos and establishing a mul-
tidisciplinary group with a shared vision Organization design is not the silver bullet
across internal and supplier staff guided by a for collaboration, although it is an important
common understanding of the business value enabler. Collaboration must happen without the
stream enabled by IT. artificiality of management leading the trust-
fall sessions with the team. Some practical
Extending development practices into enablers include:
operations and operations disciplines into
development. Multiple iterative Scrums A behavioral orientation that any information
should have a single repository of truth or work is collective, not singular, and success
with trail-based quality gates, standardized is interdependent. The efficiency of collab-
build and deploy processes, regimented oration becomes a leading indicator. Look out
operations discipline, simulated production for contracted work that is not interlocked
readiness and assurance in development. The with this behavioral orientation.
development Scrums should include oper-
Componentized knowledge organized as a
ational simulations to break things early and
central knowledge bank with a visual work
often with real-time feedback.
map of associated work centers and interde-
pendencies. This is akin to a map of a mall or
Establishing a single point of accountabil-
ity and cohesive operating model across a park, on which the viewers location is marked
meshed organization design. You are here for orientation and quick iden-
tification of the trails to a desired destination.
Cooperation must give way to true collabora-
tion. With expertise that is an inch wide and Strong culture of inclusion, trust, empow-
a mile deep required, no functional group or erment and feedback. Development needs
supplier can expect to make the transition to a operations inclusion to enable design for
DevOps practice alone because solutions exist operations and operations needs develop-
within functional and technology intersections ments inclusion to ensure operations work;
that span multiple groups. Organizations and dont go backward; that is, no rework or
functional groups need to adjust their mindsets unplanned work.
and operating models to allow them to borrow
Most organizations stumble at this block as they A full stack continuous monitoring and man-
struggle to manage culture, cooperation, com- agement model with communication and
partmentalization and contracts to enable collab- notification becomes as important as execu-
oration for continuous everything. tion across the release lifecycle.
The worlds most valuable code still runs heritage with modern software platforms
on heritage platforms (Cobol, PL/I, etc.) with a single interface for developing,
whether for ordering pizzas via smart- debugging, testing and deploying code.
phones or global banking platforms.
Reengineering this code would be a Development tool kits enable developers
nightmare. to easily understand heritage application
interdependencies and abstract heritage
DevOps practices absolutely apply to code to modern programming concepts.
heritage (e.g., mainframe) development MVP-based Agile feature development
and maintenance with minimal modifi- is an equally acceptable concept on the
cation. While there are conditional heritage platform. Leveraging the
differences based on heritage software reliability and efficiency of Cobol in a new
coding patterns, there is enough tooling development and delivery framework is
to circumvent these idiosyncrasies. the epitome of heritage modernization.
System Z
and/or
Distributed
Applications Private Direct Link
APIs Private
Cloud Connection Virtual Private
Cloud
Infrastructure Infrastructure
Figure 2
premises, cloud or hybrid). There is Fail early, fail often: Simulated failures
surprising maturity in the APIs on early in the lifecycle can provide insights
heritage platforms; in fact, often- to help develop more resilient processes,
times integration is based on a set of tools and capabilities.
well understood and easily accessi-
ble connectors based on REST/JSON8 Data management strategies: These
patterns, allowing cross-platform should be distributed, fault tolerant and
leverage. This allows only the rele- in some cases, even self-healing, spawning
vant microservices that need agility nodes as needed.
to be exposed in an as a code con-
Extending DevOps practices to security
struct. RESTful APIs are available from
operations: Security practitioners are a
one end point to existing heritage
frustrated lot in many organizations, often
platforms (e.g., mainframes) sub-
being branded speed breakers by the devel-
systems and data.
opment community. Information security
professionals often think the DevOps par-
adigm of continuous everything will lead
to overlooked security issues. The answer to
these concerns is to extend DevOps practices
to security operations to maintain develop-
RELIABILITY, SECURITY AND ment momentum while also addressing
REGULATORY COMPLIANCE security issues. Some tactics to consider:
While the DevOps methodology is known for
Make security operations code-able.
accelerating product and service develop-
Inject code analysis tools into
ment, its speed raises a stumbling block. Some
the development process, automate
practitioners believe that DevOps speed and
attacks against preproduction code and
continuous development, delivery and integra-
environments, and conduct continuous
tion can somehow compromise system reliability,
penetration testing.
security and compliance. Yet there are answers
to each of these concerns, including: Turn the adversary to an ally. Security
professionals with the right security
Adopting resilience vs. reliability: In DevOps, automation and operational tools
reliability must give way to a richer concept,
expertise may become an integral part of
that of resilience. Yet resilience is a paradox
the developer community rather than just
with regard to TQM. In an attempt to stabilize
an audit entity.
a complex system by reducing variation, the
system becomes less resilient to unexpected Foster the mindset that security and
events. In DevOps, the attempt is to create DevOps are complementary. Businesses
an adaptive system with highly independent want to accelerate time to market while
agents and a dynamic structure, where the maintaining resilience and security.
focus is on resilience and variation. Stability DevOps practices can ensure security is
should be engineered into the variance (rather built into applications as they are devel-
than forcing a trade-off between the two). The oped, preventing costly delays later trying
approaches to creating resilience include: to correct missing or incomplete security
features in a new release.
Coding the compliance question: Regulatory DevOps adoption in relation to the current
requirements are so far-reaching that even state of maturity, thereby building a
without DevOps, full compliance is a myth. It contextual roadmap for DevOps adoption and
is normally a tradeoff between its good to a clearly defined point of arrival. Mapping the
go vs. we dont go until we have crossed route should include regular assessments of
every t and dotted every i. Compliance organizational preparedness and cultural ori-
concerns can effectively reduce develop- entation, to enable changing mindsets and
ment velocity, which goes against the DevOps breaking down silos; the extent of heritage
practice of agility. The way to shift the systems; and an evaluation of reliability, com-
compliance paradigm is to think of compliance pliance and security issues likely to arise in
as being code-able. Consider the following: the target state. This exercise will help the
organization appreciate and set appropriate
Extend the developer mindset into the priorities for overcoming those obstacles and
audit, compliance and risk function. creating a smoother path for broader DevOps
Developers should start seeing these con- implementation.
trols as work packages to be codified at
the appropriate phases of the lifecycle. It is prudent to also apply the Scrum-based
DevOps development principles to DevOps
Ensure only relevant compliance suites adoption. Identify small, iterative quick
are added bases for the change scope of win bundles among platforms and applica-
the Scrum. tions that have smaller maturity gaps, or new
applications that have limited dependencies,
Simplify compliance governance and
and then extend and repeat the experience
reporting. Build control into the devel-
in quick succession. Further, DevOps adop-
oper work practice and avoid proving
tion implies an enterprise-wide change in
compliance just because its a row item on
working models. This includes IT partners and
a checklist.
contracted functions that should not be
missed in the roadmap or the associated
LOOKING AHEAD: NEXT STEPS adoption Scrums.
We recommend the following to overcome the
With a roadmap delineating the most likely
three main stumbling blocks organizations
DevOps obstacles, the organization can begin
encounter as they embark on DevOps adoption.
the adoption journey well prepared to overcome
Identifying which obstacles your organ- them, implement DevOps more widely, and begin
ization may encounter is akin to develop- transforming the speed and quality of its applica-
ing a You are here map. The map should tions and services delivery.
clearly delineate the aspirational level of
FOOTNOTES
1
Web services that use REST architecture are called REST APIs (Application Programming Interfaces). REST stands for repre-
sentational state transfer, an architectural style used to build lightweight, maintainable and scalable services.
2
z/OS is a 64-bit operating system for IBM mainframes.
3
Integrated pipeline mode enables requests to be handled through a unified pipeline. This is enabled by the integration of
development platform runtime with the web server.
4
x86 is a family of backward compatible instruction set architectures based on the Intel 8086 CPU.
5
For mainframes, million instructions per second (MIPS) is a way to measure the cost of computing: the more MIPS delivered
for the money, the better the value.
6
Source-to-image (S2I) is a framework that makes it easy to write images that take application source code as an input and
produce a new image that runs the assembled application as output.
7
Fabric (infrastructure and device) as code is the process of managing and provisioning computing infrastructure (processes,
bare-metal servers, virtual servers, etc.), devices and their configuration through machine-processable definition files, rather
than physical hardware configuration or the use of interactive configuration tools.
8
JSON (JavaScript Object Notation) is a lightweight data-interchange format utilizing REST architecture.
Copyright 2017, Cognizant. All rights reserved. No part of this document may be reproduced, stored in a retrieval system, transmitted in any form or by any means,electronic, mechanical,
photocopying, recording, or otherwise, without the express written permission from Cognizant. The information contained herein is subject to change without notice. All other trademarks
mentioned herein are the property of their respective owners.
TL Codex 2630