Download - Building a Service Delivery Infrastructure
Building a Service Delivery Infrastructure
1
Paula Paul
@paulapaultweets
ThoughtworksTechnology Principal
Rosemary Wang
@joatmon08
ThoughtworksInfrastructure Consultant
2
What is it?
3
4
services & applications
business capability
delivered in
services & applications
business capability
delivered in
infrastructure
delivered on
delivered by
business value
5
Literal “Delivery” Infrastructure
6
Given a record identifier associated with a customer,
When I call an API endpoint
Then I should get the customer’s name.
7
Deliver Me, “Hello Customer!”
CONSTRAINTS
8
Given a record identifier associated with a customer,
When I call an API endpoint
Then I should get the customer’s name.
Deliver Me, “Hello Customer!”
As a developer...
9
I WANT TO BE PRODUCTIVE.
10
Narratives
As a… I want to… So that…
More / less detail
Consider acceptance criteria
11
As a developer
I want to use CPU and memory resources
So that I can deliver some business capability.
Core Compute
12
As a developer
I want to securely and automatically manage my secrets
So that I can mitigate the exposure to sensitive strings such as passwords and keys.
Secrets Management
13
As a developer
I want to have access control for my service endpoints
So that I can enforce authorized access and mitigate security risks.
Identity & Authorization
14
Infrastructure Boundaries
CORE COMPUTE BUILD PIPELINES NETWORK
CONTAINER ORCHESTRATION
IDENTITY AND ACCESS
SECRETS MANAGEMENT
OBSERVABILITY
VULNERABILITY MANAGEMENT
(SECURITY)
CONTAINER AND IMAGE REGISTRY
SAAS ANDEXTERNAL SYSTEMS
INTEGRATION
DATA AND PERSISTENCE
15
Infrastructure as Software
Agile Infrastructure
Domain-Driven DesignTest-Driven DevelopmentThin SlicingYAGNIPairingAcceptance Criteria
16
As an infrastructure engineer...
17
I WANT TO RECLAIM NIGHTS & WEEKENDS.
18
NEITHER!
Achieve a ubiquitous language.
Learn infrastructure-as-code.
Remember - you want to deliver “Hello, Customer!”.
“Expert Developer” or “Hero Operator”?
19
As a [ developer | infrastructure engineer ]
I want to deliver my [service | infrastructure ] in an automated way
So that it is secure, legally compliant, and ready for my user.
Deployment Pipelines
20
Infrastructure Deployment Pipeline
Unit Build Secure Monitor Perform PromoteTestConfiguration
CheckAutomation Integration Test
Conformance Tests
(can run async)
Production Ready!
terraform plan
terraform apply
pytest inspec-gcpawspec
scout2g-scout pytest locust
pumba
21
As an [ developer | infrastructure engineer ]
I want to control how other services reach each other
So that I can minimize my threat surface.
Networking
https://www.youtube.com/watch?v=j7HYpSCCEY0 22
unit
smoke
integration
e2e
exploratory
component
validates config/syntax
signals that we can test further
tests multiple components not in our control
tests component is configured
tests EVERYTHINGco
st
23
Network Policy Example
24
As an architect...
25
I WANT TO CHAMPION PRODUCTIVITY &
ARCHITECTURE “-ILITIES”.
26
Objective Metrics
architecturalfitness functions
security0 high vulnerabilities
resiliency< 1% deployment error rate
auditability< 90 days since last audit
27http://evolutionaryarchitecture.com/
https://www.thoughtworks.com/insights/blog/fitness-function-driven-development 28
services & applications
business capability
delivered in
infrastructure
delivered on
delivered by
business value
29
As a CxO...
30
The Balancing Act
Build vs.Buy
Vendor Lock-in
Fixed vs.On-Demand
Capacity
Cost
Compliance
Vendor Management
Global vs. Regional
Evolvability
Autonomy
Complexity
31
2019 IT Budgets
The 2019 State of IT, spiceworks
32
Metrics
33
Evolvability Mean Time to Resolution
Time to Market
services & applications
business capability
delivered in
infrastructure
delivered on
delivered by
business value
34
Where do we start?
35
Team Structure?
Capabilities Development?
Executive Buy-In?
Known Journey?
As an organization...
36
▢ remember your customer!
▢ experiment
▢ read examples
▢ join / build a community
As an individual...
37
Paula Paul
@paulapaultweets
Thank you!Rosemary Wang
@joatmon08
38
Rate today ’s session!
Session page on oreillysacon.com/ny O’Reilly Events App
39