roles and responsibilities on devops adoption€¦ · [distribution statement a] approved for...

[DISTRIBUTION STATEMENT A] Approved for public release and unlimited distribution

Software Engineering Institute

Carnegie Mellon University

Pittsburgh, PA 15213


Roles and Responsibilities on DevOps Adoption

Hasan Yasar

Technical Manager, Adjunct Faculty Member

Secure Lifecycle Solutions

CERT | SEI | CMU

2Roles and Responsibilities on DevOps Adoption© 2018 Carnegie Mellon University


Copyright 2018 Carnegie Mellon University. All Rights Reserved.

This material is based upon work funded and supported by the Department of Defense under Contract No. FA8702-15-D-

0002 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research

and development center.

The view, opinions, and/or findings contained in this material are those of the author(s) and should not be construed as an

official Government position, policy, or decision, unless designated by other documentation.

NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS

FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND,

EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF

FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE

MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO

FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

[DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see

Copyright notice for non-US Government use and distribution.

This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form

without requesting formal permission. Permission is required for any other use. Requests for permission should be directed

to the Software Engineering Institute at [email protected].

Carnegie Mellon® and CERT® are registered in the U.S. Patent and Trademark Office by Carnegie Mellon University.

DM18-0297



Background

• The Software Engineering Institute (SEI) is a

Federally Funded Research and Development

Center (FFRDC)

• Source of CMMI, TSP, PSP

• Research software and cybersecurity problems

of considerable complexity, create and test

innovative technologies, and transition maturing

solutions to widespread use.

• Assisted numerous government organizations

in modernizing their software development

practices in the spirit of DevOps principles.

• 25+ years of software development

experiences

• Certified Scrum Practitioner

• Various roles throughout SDLC ; Manager,

Architect, Tester, Developer, QA, IT Manager,

Project Manager, VP…

• Started with waterfall in 1990

• Started with agile in 2003

• Started with DevOps in 2010

• Instructor on delivering DevOps course at

CMU, SEI since 2015



Gen. Chance SaltzmanDirector of current operations.

Title of the Presentation Goes Here© 2018 Carnegie Mellon University


DevOps

Reduce time: Concept to Capability



DevOps? A Brief History!

DevOps (a portmanteau of "development" and "operations”) emphasizes communication,

collaboration, and integration between software developers and information technology

(IT) operations personnel. [1]

[1] http://en.wikipedia.org/wiki/DevOps

• Patrick Debois “Agile infrastructure and operations: how infra-gile are you?”, Agile 2008 Conference

• John Allspaw “ 10+Deploys per Day: Dev and Ops Cooperation”, Velocity 2009

• DevOpsDays, October 30th 2009, #DevOps term born



DevOps aims to Increase…

…the pace of innovation

…responsiveness to business needs

…collaboration

…software stability and quality

... continuous feedback



DevOps has four Fundamental Principles

Collaboration: between project team roles

Infrastructure as Code: all assets are versioned, scripted, and shared where possible

Automation: deployment, testing, provisioning, any manual or human-error-prone

process

Monitoring: any metric in the development or operational spaces that can inform

priorities, direction, and policy



We “ALL” are Responsible



• Follow Agile methodologies

- Using Scrum, Kanban and modern

development approaches

- Self directing, self managed, self organized

• Using any new technology

- Each Dev has own development strategy

- OpenSource,

Is it Just Dev & Ops ?

Dev wants to deliver software faster with new requirements…Ops wants to maintain stability, operations up-time…

• Operations

- Runs the application

- Manages the infrastructure

- Support the applications

• Operations provides

- Service Strategy, Design,

Operations

- Secure Systems



DevelopersDeployment

Maintenance

Security

Programming

Infrastructure

Scalability

Networks

Functional Requirements

Performance

Testing

User Interface

Technical Documentation

Updates

Code Review

Release Review

User Documentation

Data Privacy

Intrusion Detection

UserRequirements

Business Constraints

Legal Issues

Market Needs

Budgets / Timelines

Monitoring

Incident response

It is more than Dev and Ops

IT Operations

Quality Assurance /Tester

Business Analyst

Information Security



Development Lifecycle



A full DevOps Lifecycle

Enhancing the SDLC



Pre-Production (PM, Users)

• Acquisition

• Requirements to Capability

• Test cases

• Resource allocation



DevOps Pipeline (OPS)

• Tool installation

• Configuration

• Integration of various tools ( ~200)

• Design for deployment, monitoring



Development (DEV)

• Frequent code commit

• Code review

• CI/CD

• Testing ( {non}functional

• Security Testing



Deployment/Rollback (SRE)

• Continuous Integration, automated

testing

• Continuous Delivery /Deployment

• Approval

• Rollback decision



Monitoring and Feedback(All)

• Across DevOps Pipeline

• Application health

• Development Progress



Incident Handling

• Developers are the first responders

• Separate team dedicated to reliability

are the first responders



DevOps is p3



DevOps: People

Heavy collaboration between all stakeholders

• Continuous Design / Architecture decisions

• Agreed on Environment / Network configuration

• Continuous Deployment planning

• Continuous Code Review

Constantly available open communication channels:

• Dev and Ops together in all project decision meeting

- Virtually or physical but sharing common collaboration environment

• Chat/e-mail/Wiki services available to all team members



DevOps: Process

Establish a process to enable people to succeed using the platform to develop Secure application

Such that;

• Constant communication and visible to all

• Ensures that tasks are testable and repeatable

• Frees up human experts to do challenging, creative work

• Allows tasks to be performed with minimal effort or cost

• Creates confidence in task success, after past repetitions

• Faster deployment , frequent quality release



DevOps: Platform

Where people use process to build

software

• Automated environment creation and

provisioning

• Automated infrastructure testing

• Parity between Development, QA, Staging,

and Production environments

• Sharing and versioning of environmental

configurations

• Collaborative environment between all

stakeholders



SLS team GitHub Projects

• Once Click DevOps deployment

https://github.com/SLS-ALL/devops-microcosm

• Sample app with DevOps Process

https://github.com/SLS-ALL/flask_api_sample

• Tagged checkpoints

• v0.1.0: base Flask project

• v0.2.0: Vagrant development configuration

• v0.3.0: Test environment and Fabric deployment

• v0.4.0: Upstart services, external configuration files

• v0.5.0: Production environment

• On YouTube:

https://www.youtube.com/watch?v=5nQlJ-FWA5A

https://github.com/SLS-ALL/devops-microcosm

https://www.youtube.com/watch?v=5nQlJ-FWA5A



For more information…

DevOps Blog: https://insights.sei.cmu.edu/devops

Webinar : https://www.sei.cmu.edu/publications/webinars/index.cfm

Podcast : https://www.sei.cmu.edu/publications/podcasts/index.cfm

https://insights.sei.cmu.edu/devops

https://www.sei.cmu.edu/publications/webinars/index.cfm

https://www.sei.cmu.edu/publications/podcasts/index.cfm



https://resources.sei.cmu.edu/news-events/events/scss/

https://resources.sei.cmu.edu/news-events/events/scss/



Any Questions?

Hasan Yasar

Technical Manager, Adjunct Faculty

Secure Lifecycle Solutions

[email protected]

@securelifecycle

mailto:[email protected]

roles and responsibilities on devops adoption€¦ · [distribution statement a] approved for...

Documents