Movatterモバイル変換

[0]ホーム
URL:

Gordon Haff, profile picture
Uploaded byGordon Haff
1,155 views

Optimizing the Ops in DevOps

The document discusses the evolution and optimization of DevOps practices, emphasizing the integration of cloud-native applications and automated workflows to enhance collaboration and efficiency among developers. It highlights the importance of security in the development process through a DevSecOps approach, advocating for automated security practices that do not impede agility. Additionally, it addresses challenges related to operational management in hybrid infrastructures and the need for effective resource optimization and lifecycle management.

Embed presentation

Downloaded 14 times
OPTIMIZING THE OPSIN DEVOPSGORDON HAFFTechnology Evangelist, Red HatCloud Expo Silicon Valley3 November 2016
DevOps
FOCUS ONCLOUD-NATIVEAPPLICATIONARCHITECTURES● Single-function units ownedby a team● Bounded context● Communicate throughlightweight APIsSource: PWC
FOCUS ON IMPROVEDAND LESS ISOLATEDDEVELOPER WORKFLOWS● Collaboration● CI/CD● Issue tracking● Source code control● Code review● IDE● xPaaSSource: Mike McGarr, Netflix
AN OPPOSING VIEW"I want to change my job because there is this horrible concept of"pager duty" or "oncall". Where the developer has to be ready forany issues that may occur. Are most software jobs like this? Is thisa norm? Where can I find software development positions withoutsuch concepts?"Anonymous Quora user
WE ALSO TALKABOUT CULTURE A LOT● Empathy● Trust● Learning● Cooperation● Responsibility
DevOpsBUT WHAT ABOUT THE OPS IN DEVOPS?
DevOpsBizSec
A FABLEFORDEVOPS
NO OPS? (OR IS IT EVOLVED DEVOPS?)"We have built tooling that removes many of theoperations tasks completely from the developer, andwhich makes the remaining tasks quick and selfservice. There is no ops organization involved inrunning our cloud, no need for the developers tointeract with ops people to get things done, and lesstime spent actually doing ops tasks than developerswould spend explaining what needed to be done tosomeone else."Adrian Cockroft, Netflix, 2012
FOCUS ON PROVIDING CORE SERVICESAND GETTING OUT OF THE WAY● Deploy a modern container platform● Enable automated developer workflows● Mitigate risk and automate security
MODERN PLATFORM
NEW CLOUD PLATFORM NEEDSWhat? Why?Scale-out to meet highly elastic servicerequirementsScale-up is not flexible or scalable enough tomeet changing business needsSoftware-defined everythingSoftware functions running on standardizedhardware increase flexibilityFocused on applications composed ofloosely-coupled servicesLarge monolithic applications are fragile andcan’t be updated quicklyEnable lightweight iterative softwaredevelopment and deploymentModern applications are often short-lived andrequire frequent refreshes/replacements
COMPREHENSIVE CLOUD-NATIVE INFRASTRUCTUREPhysical hardwareContainer orchestrationContainer-optimized LinuxContainer/servicesContainer/servicesContainer/servicesContainer/servicesContainer/servicesContainer/servicesHybrid cloud managementDevelopertoolingSoftware-defined compute, storage, and networkingPublicclouds
OPENSTACK SOFTWARE-DEFINED INFRASTRUCTURE
MAKING CONTAINERS USEFUL:ECOSYSTEM AND DEFACTO STANDARDS1 Open Container Initiative (OCI)2 Cloud Native Computing Foundation (CNCF)
OPERATED AT SCALE• Different aspects of scale:• Large scale workloads• Diverse workloads (batch and services)• Complex resource management (QoS,latency sensitivity, etc.)• Focus on lightweight containerized instances• Orchestration and resource management
HYBRID MANAGEMENT SERVICESSERVICEAUTOMATIONComplete lifecycle andoperational managementthat allows IT to remain incontrol.POLICY &COMPLIANCEDeploy across virtualization,private cloud, public cloud andcontainer-basedenvironments.UNIFIED HYBRIDMANAGEMENTDraws on continuousmonitoring and deepinsights to raise alerts orremediate issues.Streamline complex servicedelivery processes, savingtime and money.OPERATIONALVISIBILITY
AUTOMATEDDEVELOPER WORKFLOWS
BUILD A PIPELINE
LOTS OF TOOLS FOR THE PIPELINEgerrit
TRACK ANDVALIDATETHIRD-PARTYTOOLSANDCOMPONENTS
MITIGATE RISKAUTOMATE SECURITY
TRADITIONAL SECURITYWhat we did The problemCode audited for current complianceNew vulnerabilities constantlydiscovered and exploited with noopportunity for rapid remediation.Applications and systems deployed on“secured” platformThere is no perimeter.Largely relied on checklists, writtenprocesses, and manual actionsLimited throughput and prone to errors.“Patch Tuesdays” last all month.Primarily an end-of-process checkpoint Security is such a bottleneck!
DevSecOps● Build on the mindset that "everyone is responsible for security"● It’s the practice of building security into development processes● Security as code● Flips security from a defensive to an offensive posture that is both automated andconstant
BAKE IN SECURITY AND ASSURANCE● Components built from source code using a secure, stable, reproducible buildenvironment● Careful selection, configuration, and security tracking of packages● Automated analysis and enforcement of security practices● Active participation in upstream and community involvement● Thoroughly validated vulnerability management process
INTEGRATED SECURITY"Our goal as information security architects must be toautomatically incorporate security controls without manualconfiguration throughout this cycle in a way that is as transparentas possible to DevOps teams and doesn't impede DevOps agility,but fulfills our legal and regulatory compliance requirements aswell as manages risk. "DevSecOps: How to Seamlessly Integrate Security Into DevOpsGartner. DevSecOps: How to Seamlessly Integrate Security Into DevOps. September 2016. G00315283
AUTOMATING SECURITYCONFIGURATIONERRORSMISSINGPATCHESCODINGMISTAKEHUMAN ERRORBAD OPSEC
SECURING CONTENTEXAMPLE: CONTAINERSA validated supplychain helps ensureuse of tested andpatched software.
AN OPEN HYBRID CLOUD JOURNEYHybrid policy & managementData, workflow, & API integrationAutomationSoftware-defined infrastructureLegacy modernizationSelf-service & flexibilityOptimized virtualizationCloud migrationOrchestrated container platformDevOps toolingMobileOpen Innovation LabsSecured software supply chain
CREDITSDev: Nelson Pavlosky/flickr under CC http://www.flickr.com/photos/skyfaller/113796919/Ops: Leonardo Rizzi/flickr under CC http://www.flickr.com/photos/stars6/4381851322/Rainbows and Unicorns: http://kaigumo.deviantart.com/art/Unicorns-Fart-Rainbows-3-151273843Piggy bank: https://www.flickr.com/photos/marcmos/3644751092Stop: https://www.flickr.com/photos/r_grandmorin/6922697037
THANK YOUplus.google.com/+RedHatlinkedin.com/company/red-hatyoutube.com/user/RedHatVideosfacebook.com/redhatinctwitter.com/RedHatNews
TRADITIONAL SECURITYWhat we didCode audited for current complianceApplications and systems deployed on“secured” platformLargely relied on checklists, writtenprocesses, and manual actionsPrimarily an end-of-process checkpoint
TRUSTED CONTAINER CONTENT"From a security and governance perspective, trusting thecontainer image is a critical concern throughout the softwaredevelopment lifecycle. Ensuring that images are signed andoriginate from a trusted registry are solid security best practices. "5 keys to conquering container security, Amir Jerbi, Infoworld4 August 2016http://www.infoworld.com/article/3104030/security/5-keys-to-docker-container-security.html
NoOps?"This is part of what we call NoOps. The developers used tospend hours a week in meetings with Ops discussing what theyneeded, figuring out capacity forecasts and writing tickets torequest changes for the datacenter. Now they spend secondsdoing it themselves in the cloud."Adrian Cockroft, Netflix, 2012
BACK TO ADRIAN" We have built tooling that removes many of the operations taskscompletely from the developer, and which makes the remainingtasks quick and self service. There is no ops organization involvedin running our cloud, no need for the developers to interact withops people to get things done, and less time spent actually doingops tasks than developers would spend explaining what neededto be done to someone else. "Adrian Cockroft, Netflix, 2012
Strategies for sourcing softwareWild WestGo aheadand grab it!BlacklistIs it from aknown badsource?WhitelistIs it a known good source?Digitally signed/securely deliveredRapid updates for vulnerabilitiesRepeatable release processes
THE MOVE TO HYBRID INFRASTRUCTURESBRINGS ADDITIONAL MANAGEMENT CHALLENGESAPPLICATIONARCHITECTUREINFRASTRUCTUREPLATFORMOPERATIONALMODELOPERATIONALCHALLENGESTraditional ApplicationsVirtualizationOperationalAutomationOrchestrationAutomationPrivate CloudScalableApplicationsPublic CloudSaaS and PaaSCloud NativeServiceBrokeringContainersMicroservicesSelf-serviceAutomated provisioningLifecycle managementRoot cause analysisPerformance andcapacity managementHybrid ManagementPolicy complianceQuota enforcementChargeback
WHAT DEFINES A MODERN PLATFORM?● Built through collaborative innovation in Linux and other open source communities● Composed of integrated core software services● Open container format, runtime, and orchestration● Focused on large distributed system scale points
THE NEEDED MANAGEMENT SERVICESSERVICEAUTOMATIONComplete lifecycle andoperational managementthat allows IT to remain incontrol.POLICY &COMPLIANCEDeploy across virtualization,private cloud, public cloud andcontainer-basedenvironments.UNIFIED HYBRIDMANAGEMENTDraws on continuousmonitoring and deepinsights to raise alerts orremediate issues.Streamline complex servicedelivery processes, savingtime and money.OPERATIONALVISIBILITY
OPERATIONAL VISIBILITY CHALLENGESSystems that are not being utilizedshould be retired to reclaim resources.Budgets are tight. We have tomake sure that we are utilizingour systems efficiently.Tracking problems across infrastructurelayers can be a challenge.I’ve got to project infrastructure usageout into the future for planning purposes.CHALLENGESLIFECYCLE MANAGEMENTROOT-CAUSE ANALYSIS CAPACITY MANAGEMENTRESOURCE OPTIMIZATION
OPERATIONAL VISIBILITY WITH HYBRID MANAGEMENTWe now have complete lifecyclemanagement: provisioning, reconfiguration,deprovisioning, and retirement.Automatic resource optimizationintelligently places VMs and offersright-sizing recommendations.I can drill-down through infrastructurelayers to determine the root cause.Resource tracking and trending aids incapacity and what-if scenario planning.CHALLENGESLIFECYCLE MANAGEMENTROOT-CAUSE ANALYSIS CAPACITY MANAGEMENTRESOURCE OPTIMIZATION

Recommended

PDF
Your Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
PDF
Enterprise Cloud Native is the New Normal
PPTX
Building next gen applications and microservices
PPTX
All Things Open : Crash Course in Open Source Cloud Computing
PPTX
App Development Evolution: What has changed?
PDF
OpenWhisk - Serverless Architecture
PPTX
Cloud native programming model comparison
PPTX
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
PDF
Enable DevSecOps using Jira Software
PDF
Cloud Native Applications Maturity Model
PPTX
DevOps to DevSecOps Journey..
PPTX
Jelastic Docker Orchestrator
 
PPTX
Cloud Native Summit 2019 Summary
PPT
IBM Bluemix OpenWhisk: Interconnect 2016, Las Vegas: CCD-1088: The Future of ...
PDF
Evolving to Cloud-Native - Nate Schutta (2/2)
PDF
OpenWhisk - A platform for cloud native, serverless, event driven apps
PPTX
Bahrain ch9 introduction to docker 5th birthday
PDF
How to Design a Backend for IoT
PDF
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps
PPTX
2017 State Enterprise Multi Cloud Webinar
PPTX
Executive Briefing: The Why, What, and Where of Containers
 
PDF
Microservices for Mortals
PDF
Kick starting Network Automation
PPTX
IBM Bluemix OpenWhisk: Cloud Foundry Summit 2016, Frankfurt, Germany: The Fut...
PDF
Bi-modal IT: Bridge Traditional and Agile IT Services by Michal Svec, SUSE
PDF
DevSecOps at the GSA
PPT
OpenWhisk Introduction
PPTX
Api more than payload (2021 Update)
PDF
Fail Fast, Fail Often
PDF
Applying Lean Security To The Business

More Related Content

PDF
Your Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
PDF
Enterprise Cloud Native is the New Normal
PPTX
Building next gen applications and microservices
PPTX
All Things Open : Crash Course in Open Source Cloud Computing
PPTX
App Development Evolution: What has changed?
PDF
OpenWhisk - Serverless Architecture
PPTX
Cloud native programming model comparison
PPTX
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Your Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
Enterprise Cloud Native is the New Normal
Building next gen applications and microservices
All Things Open : Crash Course in Open Source Cloud Computing
App Development Evolution: What has changed?
OpenWhisk - Serverless Architecture
Cloud native programming model comparison
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...

What's hot

PDF
Enable DevSecOps using Jira Software
PDF
Cloud Native Applications Maturity Model
PPTX
DevOps to DevSecOps Journey..
PPTX
Jelastic Docker Orchestrator
 
PPTX
Cloud Native Summit 2019 Summary
PPT
IBM Bluemix OpenWhisk: Interconnect 2016, Las Vegas: CCD-1088: The Future of ...
PDF
Evolving to Cloud-Native - Nate Schutta (2/2)
PDF
OpenWhisk - A platform for cloud native, serverless, event driven apps
PPTX
Bahrain ch9 introduction to docker 5th birthday
PDF
How to Design a Backend for IoT
PDF
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps
PPTX
2017 State Enterprise Multi Cloud Webinar
PPTX
Executive Briefing: The Why, What, and Where of Containers
 
PDF
Microservices for Mortals
PDF
Kick starting Network Automation
PPTX
IBM Bluemix OpenWhisk: Cloud Foundry Summit 2016, Frankfurt, Germany: The Fut...
PDF
Bi-modal IT: Bridge Traditional and Agile IT Services by Michal Svec, SUSE
PDF
DevSecOps at the GSA
PPT
OpenWhisk Introduction
PPTX
Api more than payload (2021 Update)
Enable DevSecOps using Jira Software
Cloud Native Applications Maturity Model
DevOps to DevSecOps Journey..
Jelastic Docker Orchestrator
 
Cloud Native Summit 2019 Summary
IBM Bluemix OpenWhisk: Interconnect 2016, Las Vegas: CCD-1088: The Future of ...
Evolving to Cloud-Native - Nate Schutta (2/2)
OpenWhisk - A platform for cloud native, serverless, event driven apps
Bahrain ch9 introduction to docker 5th birthday
How to Design a Backend for IoT
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps
2017 State Enterprise Multi Cloud Webinar
Executive Briefing: The Why, What, and Where of Containers
 
Microservices for Mortals
Kick starting Network Automation
IBM Bluemix OpenWhisk: Cloud Foundry Summit 2016, Frankfurt, Germany: The Fut...
Bi-modal IT: Bridge Traditional and Agile IT Services by Michal Svec, SUSE
DevSecOps at the GSA
OpenWhisk Introduction
Api more than payload (2021 Update)

Viewers also liked

PDF
Fail Fast, Fail Often
PDF
Applying Lean Security To The Business
PDF
Containers: Don't Skeu Them Up. Use Microservices Instead.
PPTX
NetflixOSS for Triangle Devops Oct 2013
PDF
DevOps vs Traditional IT Ops (DevOps Days ignite talk by Oliver White)
PPTX
Demystifying DevOps for Ops - Including Findings from the 2015 State of DevOp...
 
PDF
DevOps with Sec-ops
PDF
Spring Cloud Netflix OSS
PDF
~~Putting~~ Convincing the Ops in DevOps by Jamie Jones
PDF
Netflix IT Ops 2014 Roadmap
PDF
DevSecOpsNess: Adding the business dimension to DevOps by Tanusree McCabe
PDF
Business Value of CI, CD, & DevOpsSec: Scaling to Billion User Systems Using ...
PDF
Disruption of Enterprise IT and DevOps
PDF
Continuous Security in DevOps
KEY
Consumer Science and Product Development at Netflix - OSCON 2012
PDF
From devOps to front end Ops, test first
PDF
Devops security-An Insight into Secure-SDLC
PPTX
Shepherding change: leading your DevOps transformation
PPTX
Implementing an Application Security Pipeline in Jenkins
PPT
Devops at Netflix (re:Invent)
Fail Fast, Fail Often
Applying Lean Security To The Business
Containers: Don't Skeu Them Up. Use Microservices Instead.
NetflixOSS for Triangle Devops Oct 2013
DevOps vs Traditional IT Ops (DevOps Days ignite talk by Oliver White)
Demystifying DevOps for Ops - Including Findings from the 2015 State of DevOp...
 
DevOps with Sec-ops
Spring Cloud Netflix OSS
~~Putting~~ Convincing the Ops in DevOps by Jamie Jones
Netflix IT Ops 2014 Roadmap
DevSecOpsNess: Adding the business dimension to DevOps by Tanusree McCabe
Business Value of CI, CD, & DevOpsSec: Scaling to Billion User Systems Using ...
Disruption of Enterprise IT and DevOps
Continuous Security in DevOps
Consumer Science and Product Development at Netflix - OSCON 2012
From devOps to front end Ops, test first
Devops security-An Insight into Secure-SDLC
Shepherding change: leading your DevOps transformation
Implementing an Application Security Pipeline in Jenkins
Devops at Netflix (re:Invent)

Similar to Optimizing the Ops in DevOps

PDF
DevSecOps: The Open Source Way
PDF
2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructure
PDF
OpenStack Preso: DevOps on Hybrid Infrastructure
PDF
Unlocking the Cloud Operating Model
PPTX
Managing IT environment complexity in a Multi-Cloud World
PPTX
DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole
PPTX
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
PDF
Evolving Infrastructure and Management for Business Agility
PDF
451’s Berkholz on How DevOps, Automation and Orchestration Combine for Contin...
PDF
You Build It, You Secure It: Higher Velocity and Better Security with DevSecOps
PDF
DevSecOps: The Open Source Way
PPTX
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
PDF
DevOps - Top Trends In 2019
PDF
DevOps in the Modern Era - Thoughtfully Critical Podcast
PDF
Migrate Oracle WebLogic Applications onto a Containerized Cloud Data Center
PPTX
Conversations in the Cloud
PPTX
7 Innovations That Will Transform IT Operations
PDF
Ignite Innovation: Turn Developers Loose on the Hybrid Cloud”
PPTX
OpenStack at EBSCO
 
PDF
Gluecon Preso: Hybrid Container Infrastructure
DevSecOps: The Open Source Way
2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructure
OpenStack Preso: DevOps on Hybrid Infrastructure
Unlocking the Cloud Operating Model
Managing IT environment complexity in a Multi-Cloud World
DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
Evolving Infrastructure and Management for Business Agility
451’s Berkholz on How DevOps, Automation and Orchestration Combine for Contin...
You Build It, You Secure It: Higher Velocity and Better Security with DevSecOps
DevSecOps: The Open Source Way
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
DevOps - Top Trends In 2019
DevOps in the Modern Era - Thoughtfully Critical Podcast
Migrate Oracle WebLogic Applications onto a Containerized Cloud Data Center
Conversations in the Cloud
7 Innovations That Will Transform IT Operations
Ignite Innovation: Turn Developers Loose on the Hybrid Cloud”
OpenStack at EBSCO
 
Gluecon Preso: Hybrid Container Infrastructure

More from Gordon Haff

PDF
Artificial Intelligence: Beyond Machine Learning
PDF
Blockchains for Business 101
PDF
Preserving privacy while sharing data
PDF
Lightning Talk: Using Data without Compromising Privacy
PDF
Free and Open:An Historical Perspective
PDF
Why do we contribute (to open source)?
PDF
How do you get started in AI?
PDF
The good the bad and the ugly: Getting started doing AI
PDF
Cloud-Native: A New Ecosystem for Putting Containers into Production
PDF
Containers: Don't Skeu Them Up
PDF
Cloud-Native: A New Ecosystem for Putting Containers into Production
PDF
DevSecOps: The Open Source Way for CloudExpo 2018
PDF
AI: The Good, the Bad, and the Practical for CloudExpo 2018
PDF
Ten layers of container security for CloudCamp Nov 2017
PDF
That's not a metric! Data for cloud-native success
PDF
The Interesting IoT: Digitizing Operations
PDF
A short history of packaging (Monkigras 2017)
PDF
The New Platform: You Ain't Seen Nothing Yet
PDF
The New Open Distributed Application Architecture
PDF
DevOps: Lessons from Manufacturing and Open Source
Artificial Intelligence: Beyond Machine Learning
Blockchains for Business 101
Preserving privacy while sharing data
Lightning Talk: Using Data without Compromising Privacy
Free and Open:An Historical Perspective
Why do we contribute (to open source)?
How do you get started in AI?
The good the bad and the ugly: Getting started doing AI
Cloud-Native: A New Ecosystem for Putting Containers into Production
Containers: Don't Skeu Them Up
Cloud-Native: A New Ecosystem for Putting Containers into Production
DevSecOps: The Open Source Way for CloudExpo 2018
AI: The Good, the Bad, and the Practical for CloudExpo 2018
Ten layers of container security for CloudCamp Nov 2017
That's not a metric! Data for cloud-native success
The Interesting IoT: Digitizing Operations
A short history of packaging (Monkigras 2017)
The New Platform: You Ain't Seen Nothing Yet
The New Open Distributed Application Architecture
DevOps: Lessons from Manufacturing and Open Source

Recently uploaded

PDF
Building Custom Insurance Applications With
PPTX
Key Benefits of Odoo Customization Services
PPTX
Performance Testing Transformation - LTB 2024
PDF
Bring AI and build AI agents into your Jakarta EE Apps with LangChain4J-CDI
PDF
DSD-INT 2025 Next-Generation Flood Inundation Mapping for Taiwan - Challenges...
PPTX
Future of Software Testing: AI-Powered Open Source Testing Tools
PDF
Breaking the Vulnerability Management Cycle with Anchore and Echo
PDF
DSD-INT 2025 UK Coastal Flooding Incident Guide - Dam
PDF
DSD-INT 2025 DevOps - Automated testing and delivery of Delft3D FM - van West...
PDF
DSD-INT 2025 Coupling SFINCS to a flood risk model to evaluate the effects of...
PDF
DSD-INT 2025 Advancing Urban Flood Modeling with Delft3D FM 1D2D - A Pilot St...
PDF
DSD-INT 2025 Transport and Fate of Microplastics in Fluvial System (Rhine Riv...
PDF
DSD-INT 2025 Flood Early Warning System for the Trans-African Hydrometeorolog...
PPTX
Moving Cloud 360:- Busy Software Provider In Delhi NCR
PDF
2025_11_19 - OpenMetadata Community Meeting.pdf
PDF
DSD-INT 2025 REACT - Rapid E-flow Assessment and Communication Tool - Flores
PDF
DSD-INT 2025 Exploring different domain decomposition approaches for enhanced...
PDF
Oracle AI Database 26ai _ AI-Native Database for Enterprises.pdf
PDF
Smarter Testing Safer Systems Balancing AI and Oversight in Regulated Environ...
PDF
IAAM Meetup #7 chez Onepoint - Construire un Rag-as-a-service en production. ...
Building Custom Insurance Applications With
Key Benefits of Odoo Customization Services
Performance Testing Transformation - LTB 2024
Bring AI and build AI agents into your Jakarta EE Apps with LangChain4J-CDI
DSD-INT 2025 Next-Generation Flood Inundation Mapping for Taiwan - Challenges...
Future of Software Testing: AI-Powered Open Source Testing Tools
Breaking the Vulnerability Management Cycle with Anchore and Echo
DSD-INT 2025 UK Coastal Flooding Incident Guide - Dam
DSD-INT 2025 DevOps - Automated testing and delivery of Delft3D FM - van West...
DSD-INT 2025 Coupling SFINCS to a flood risk model to evaluate the effects of...
DSD-INT 2025 Advancing Urban Flood Modeling with Delft3D FM 1D2D - A Pilot St...
DSD-INT 2025 Transport and Fate of Microplastics in Fluvial System (Rhine Riv...
DSD-INT 2025 Flood Early Warning System for the Trans-African Hydrometeorolog...
Moving Cloud 360:- Busy Software Provider In Delhi NCR
2025_11_19 - OpenMetadata Community Meeting.pdf
DSD-INT 2025 REACT - Rapid E-flow Assessment and Communication Tool - Flores
DSD-INT 2025 Exploring different domain decomposition approaches for enhanced...
Oracle AI Database 26ai _ AI-Native Database for Enterprises.pdf
Smarter Testing Safer Systems Balancing AI and Oversight in Regulated Environ...
IAAM Meetup #7 chez Onepoint - Construire un Rag-as-a-service en production. ...

Optimizing the Ops in DevOps

  • 1.
    OPTIMIZING THE OPSINDEVOPSGORDON HAFFTechnology Evangelist, Red HatCloud Expo Silicon Valley3 November 2016
  • 3.
  • 4.
    FOCUS ONCLOUD-NATIVEAPPLICATIONARCHITECTURES● Single-functionunits ownedby a team● Bounded context● Communicate throughlightweight APIsSource: PWC
  • 5.
    FOCUS ON IMPROVEDANDLESS ISOLATEDDEVELOPER WORKFLOWS● Collaboration● CI/CD● Issue tracking● Source code control● Code review● IDE● xPaaSSource: Mike McGarr, Netflix
  • 6.
    AN OPPOSING VIEW"Iwant to change my job because there is this horrible concept of"pager duty" or "oncall". Where the developer has to be ready forany issues that may occur. Are most software jobs like this? Is thisa norm? Where can I find software development positions withoutsuch concepts?"Anonymous Quora user
  • 7.
    WE ALSO TALKABOUTCULTURE A LOT● Empathy● Trust● Learning● Cooperation● Responsibility
  • 8.
    DevOpsBUT WHAT ABOUTTHE OPS IN DEVOPS?
  • 9.
  • 10.
  • 11.
    NO OPS? (ORIS IT EVOLVED DEVOPS?)"We have built tooling that removes many of theoperations tasks completely from the developer, andwhich makes the remaining tasks quick and selfservice. There is no ops organization involved inrunning our cloud, no need for the developers tointeract with ops people to get things done, and lesstime spent actually doing ops tasks than developerswould spend explaining what needed to be done tosomeone else."Adrian Cockroft, Netflix, 2012
  • 12.
    FOCUS ON PROVIDINGCORE SERVICESAND GETTING OUT OF THE WAY● Deploy a modern container platform● Enable automated developer workflows● Mitigate risk and automate security
  • 13.
  • 14.
    NEW CLOUD PLATFORMNEEDSWhat? Why?Scale-out to meet highly elastic servicerequirementsScale-up is not flexible or scalable enough tomeet changing business needsSoftware-defined everythingSoftware functions running on standardizedhardware increase flexibilityFocused on applications composed ofloosely-coupled servicesLarge monolithic applications are fragile andcan’t be updated quicklyEnable lightweight iterative softwaredevelopment and deploymentModern applications are often short-lived andrequire frequent refreshes/replacements
  • 15.
    COMPREHENSIVE CLOUD-NATIVE INFRASTRUCTUREPhysicalhardwareContainer orchestrationContainer-optimized LinuxContainer/servicesContainer/servicesContainer/servicesContainer/servicesContainer/servicesContainer/servicesHybrid cloud managementDevelopertoolingSoftware-defined compute, storage, and networkingPublicclouds
  • 16.
  • 17.
    MAKING CONTAINERS USEFUL:ECOSYSTEMAND DEFACTO STANDARDS1 Open Container Initiative (OCI)2 Cloud Native Computing Foundation (CNCF)
  • 18.
    OPERATED AT SCALE•Different aspects of scale:• Large scale workloads• Diverse workloads (batch and services)• Complex resource management (QoS,latency sensitivity, etc.)• Focus on lightweight containerized instances• Orchestration and resource management
  • 19.
    HYBRID MANAGEMENT SERVICESSERVICEAUTOMATIONCompletelifecycle andoperational managementthat allows IT to remain incontrol.POLICY &COMPLIANCEDeploy across virtualization,private cloud, public cloud andcontainer-basedenvironments.UNIFIED HYBRIDMANAGEMENTDraws on continuousmonitoring and deepinsights to raise alerts orremediate issues.Streamline complex servicedelivery processes, savingtime and money.OPERATIONALVISIBILITY
  • 20.
  • 21.
  • 22.
    LOTS OF TOOLSFOR THE PIPELINEgerrit
  • 23.
  • 24.
  • 25.
    TRADITIONAL SECURITYWhat wedid The problemCode audited for current complianceNew vulnerabilities constantlydiscovered and exploited with noopportunity for rapid remediation.Applications and systems deployed on“secured” platformThere is no perimeter.Largely relied on checklists, writtenprocesses, and manual actionsLimited throughput and prone to errors.“Patch Tuesdays” last all month.Primarily an end-of-process checkpoint Security is such a bottleneck!
  • 26.
    DevSecOps● Build onthe mindset that "everyone is responsible for security"● It’s the practice of building security into development processes● Security as code● Flips security from a defensive to an offensive posture that is both automated andconstant
  • 27.
    BAKE IN SECURITYAND ASSURANCE● Components built from source code using a secure, stable, reproducible buildenvironment● Careful selection, configuration, and security tracking of packages● Automated analysis and enforcement of security practices● Active participation in upstream and community involvement● Thoroughly validated vulnerability management process
  • 28.
    INTEGRATED SECURITY"Our goalas information security architects must be toautomatically incorporate security controls without manualconfiguration throughout this cycle in a way that is as transparentas possible to DevOps teams and doesn't impede DevOps agility,but fulfills our legal and regulatory compliance requirements aswell as manages risk. "DevSecOps: How to Seamlessly Integrate Security Into DevOpsGartner. DevSecOps: How to Seamlessly Integrate Security Into DevOps. September 2016. G00315283
  • 29.
  • 30.
    SECURING CONTENTEXAMPLE: CONTAINERSAvalidated supplychain helps ensureuse of tested andpatched software.
  • 31.
    AN OPEN HYBRIDCLOUD JOURNEYHybrid policy & managementData, workflow, & API integrationAutomationSoftware-defined infrastructureLegacy modernizationSelf-service & flexibilityOptimized virtualizationCloud migrationOrchestrated container platformDevOps toolingMobileOpen Innovation LabsSecured software supply chain
  • 32.
    CREDITSDev: Nelson Pavlosky/flickrunder CC http://www.flickr.com/photos/skyfaller/113796919/Ops: Leonardo Rizzi/flickr under CC http://www.flickr.com/photos/stars6/4381851322/Rainbows and Unicorns: http://kaigumo.deviantart.com/art/Unicorns-Fart-Rainbows-3-151273843Piggy bank: https://www.flickr.com/photos/marcmos/3644751092Stop: https://www.flickr.com/photos/r_grandmorin/6922697037
  • 33.
  • 34.
    TRADITIONAL SECURITYWhat wedidCode audited for current complianceApplications and systems deployed on“secured” platformLargely relied on checklists, writtenprocesses, and manual actionsPrimarily an end-of-process checkpoint
  • 35.
    TRUSTED CONTAINER CONTENT"Froma security and governance perspective, trusting thecontainer image is a critical concern throughout the softwaredevelopment lifecycle. Ensuring that images are signed andoriginate from a trusted registry are solid security best practices. "5 keys to conquering container security, Amir Jerbi, Infoworld4 August 2016http://www.infoworld.com/article/3104030/security/5-keys-to-docker-container-security.html
  • 36.
    NoOps?"This is partof what we call NoOps. The developers used tospend hours a week in meetings with Ops discussing what theyneeded, figuring out capacity forecasts and writing tickets torequest changes for the datacenter. Now they spend secondsdoing it themselves in the cloud."Adrian Cockroft, Netflix, 2012
  • 37.
    BACK TO ADRIAN"We have built tooling that removes many of the operations taskscompletely from the developer, and which makes the remainingtasks quick and self service. There is no ops organization involvedin running our cloud, no need for the developers to interact withops people to get things done, and less time spent actually doingops tasks than developers would spend explaining what neededto be done to someone else. "Adrian Cockroft, Netflix, 2012
  • 38.
    Strategies for sourcingsoftwareWild WestGo aheadand grab it!BlacklistIs it from aknown badsource?WhitelistIs it a known good source?Digitally signed/securely deliveredRapid updates for vulnerabilitiesRepeatable release processes
  • 39.
    THE MOVE TOHYBRID INFRASTRUCTURESBRINGS ADDITIONAL MANAGEMENT CHALLENGESAPPLICATIONARCHITECTUREINFRASTRUCTUREPLATFORMOPERATIONALMODELOPERATIONALCHALLENGESTraditional ApplicationsVirtualizationOperationalAutomationOrchestrationAutomationPrivate CloudScalableApplicationsPublic CloudSaaS and PaaSCloud NativeServiceBrokeringContainersMicroservicesSelf-serviceAutomated provisioningLifecycle managementRoot cause analysisPerformance andcapacity managementHybrid ManagementPolicy complianceQuota enforcementChargeback
  • 40.
    WHAT DEFINES AMODERN PLATFORM?● Built through collaborative innovation in Linux and other open source communities● Composed of integrated core software services● Open container format, runtime, and orchestration● Focused on large distributed system scale points
  • 41.
    THE NEEDED MANAGEMENTSERVICESSERVICEAUTOMATIONComplete lifecycle andoperational managementthat allows IT to remain incontrol.POLICY &COMPLIANCEDeploy across virtualization,private cloud, public cloud andcontainer-basedenvironments.UNIFIED HYBRIDMANAGEMENTDraws on continuousmonitoring and deepinsights to raise alerts orremediate issues.Streamline complex servicedelivery processes, savingtime and money.OPERATIONALVISIBILITY
  • 42.
    OPERATIONAL VISIBILITY CHALLENGESSystemsthat are not being utilizedshould be retired to reclaim resources.Budgets are tight. We have tomake sure that we are utilizingour systems efficiently.Tracking problems across infrastructurelayers can be a challenge.I’ve got to project infrastructure usageout into the future for planning purposes.CHALLENGESLIFECYCLE MANAGEMENTROOT-CAUSE ANALYSIS CAPACITY MANAGEMENTRESOURCE OPTIMIZATION
  • 43.
    OPERATIONAL VISIBILITY WITHHYBRID MANAGEMENTWe now have complete lifecyclemanagement: provisioning, reconfiguration,deprovisioning, and retirement.Automatic resource optimizationintelligently places VMs and offersright-sizing recommendations.I can drill-down through infrastructurelayers to determine the root cause.Resource tracking and trending aids incapacity and what-if scenario planning.CHALLENGESLIFECYCLE MANAGEMENTROOT-CAUSE ANALYSIS CAPACITY MANAGEMENTRESOURCE OPTIMIZATION
[8]ページ先頭
©2009-2025 Movatter.jp