software supply chain automation removes roadblocks to rugged devops
TRANSCRIPT
![Page 1: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/1.jpg)
1
Nexus World Tour - Boston 2016
with
![Page 2: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/2.jpg)
2
About Me
Ernie SavoieVice PresidentGlobal Investment Technology
• Highly respected industry innovator.• Over 22 years at MFS. • Worked in both operations and development. • CI/CD evangelist.• Passionate about fly fishing.
![Page 3: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/3.jpg)
About MFS
• Global Asset Manager - founded in 1924
• 1,900 employees worldwide
• The firm ranked as the 24th largest money management firm in the US according to Institutional Investor magazine and 12th largest U.S. mutual fund manager, according to research firm Strategic Insight
• Eighth straight year ranked one of the "Best Mutual Fund Families" by Barron's
![Page 4: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/4.jpg)
Our Development Environment
• Java and .NET shop• 200 developers • TFS code repository – 300 team projects• 100 plus critical applications• Jenkins build servers• Nexus • AppScan• SonarQube• UDeploy
![Page 5: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/5.jpg)
5
Benefits of Jenkins and Nexus
• Helped us manage the growth of external resources • Standardize desktop development environment• Shortened the onboarding time for developers • Inventory and manage artifacts used and produced by the
development teams • Improve security and code quality • Understand and reduce risks associated with open source licensing• Improve traceability in development and deployment process.
• Which modules were built and when.• Which sources were used • Dependencies used• Environment variables• What packages were installed and where
![Page 6: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/6.jpg)
6
• Had tremendous growth. Been very successful in attracting new and retaining existing clients
• Investing in technology. New systems. Upgrades to existing systems. • Growing staff.
• How were we as a technology team going to manage this?• How do we manage and measure the work of outside resources?• How do we quickly spin up development teams?• What can we do to improve quality of our work?• Is the code secure?• What changes have been introduced and where are they used? • Who has access to what systems and components.• Can we automate these tasks?
Managing Growth
![Page 7: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/7.jpg)
7
Implement SonarQube
![Page 8: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/8.jpg)
8
• Only a small subset of critical applications were on boarded.
• Many inconsistencies in the TFS build environment.
• Lack of centralized build management and reporting.
• Poor adoption.
• Didn't really resolve many of the other issues we had.
Limited Success
![Page 9: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/9.jpg)
9
Solution: Replace Build Servers
Partnered with
![Page 10: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/10.jpg)
10
Asking The Right Questions
![Page 11: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/11.jpg)
11
What's Your Branching Strategy?
![Page 12: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/12.jpg)
12
Where Do You Store Your Artifacts?
![Page 13: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/13.jpg)
Managing Artifacts
![Page 14: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/14.jpg)
14
How Many Templates?
![Page 15: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/15.jpg)
15
Adopt Maven and NuGet
![Page 16: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/16.jpg)
16
Scope Increase
Adoption of these tools forced us to address many core issues
• Restructure code repositories for standardized branching• Manage artifacts by implementing Nexus• Standardize our development structure by adopting Maven and
NuGet• Upgrade developer's IDE• Standardize developer desktop configuration• Develop standards• Train developers
![Page 17: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/17.jpg)
17
More Changes
• Implement Udeploy for deployments. Integrated nicely with what we were doing with Nexus
• Adopt AppScan and integrate with Jenkins
• Implement Nexus LifeCycle.
![Page 18: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/18.jpg)
18
Benefits of Jenkins and Nexus• Far reaching. Helped us address our core issues and breed good
habits.• Helped us manage the growth of external resources • Standardize development environment• Shortened the onboarding time for developers through the use of
Maven and NuGet.• Inventory artifacts. Both internal and external.• Improve security and code quality through automated builds and
scanning (Application security certification process)• Understand and reduce risks associated with open source licensing• Helped us define traceability and accountability in development and
deployment process.• Which modules were built• Which sources were used • Dependencies used• Environment variables• What packages were installed and where
![Page 19: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/19.jpg)
19
Recommendations
Don't just implement solutions. Develop a strong core.
![Page 20: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/20.jpg)
20
Recommendations
There is not always a single right answer. Make a decision and go from there.
![Page 21: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/21.jpg)
21
Recommendations
Build off your successes.
![Page 22: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/22.jpg)
22
Recommendations
Work with an experienced partner that can help quickly identify roadblocks and develop a roadmap to the future.
![Page 23: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/23.jpg)
23
About Me
Randy HowieCEOBlack Diamond Software
• Artificial Intelligence Research at Carnegie Mellon University• Founded Black Diamond Software in 1990• From innovative software developers to ALM experts and
evangelists• Co-Author of Our ALM Transformation Solution• I love tennis and my two daughters• Have given Roger Federer advice about raising daughters
![Page 24: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/24.jpg)
About Black Diamond Software
• ALM Transformation Specialists• Agile, Continuous Delivery, DevOps, Continuous Quality Transformations• Atlassian, CloudBees, Sonatype, Docker, Puppet• Have successfully completed end to end Enterprise CD• Successfully completed one of the earliest and largest Nexus lifecycle
implementations
![Page 25: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/25.jpg)
You are practicing Continuous Delivery (CD) when:
• Software is deployable throughout its lifecycle
• Teams prioritize keeping software deployable over new features
• Anybody can get fast, automated feedback on the production readiness of systems any time somebody makes a change
• Deployments of any version of the software to any environment on demand are push-button
Continuous Delivery
![Page 26: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/26.jpg)
Impacts the entire application development lifecycle:
1. All changes must tie back to requirements/defects
2. SCM workflows must keep software deployable when it changes
3. Builds must be tied to SCM changes from one build to the next
4. The supply chain of software components must be managed
5. Deployment tools must create a pipeline that enables us to push artifacts to increasingly more production-like environments and track which executables are deployed to which environments.
Continuous Delivery
![Page 27: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/27.jpg)
27
Packages for Continuous Delivery and Quality
Agile Panning
SCM Continuous Delivery
Software Lifecycle
Management
1,All changes must tie back to requirements and defects
2,SCM Workflows must keep software deployable when it changes
3,Builds must be tied to SCM changes from one build to the next
4,The supply chain of software components must be carefully managed
1
4
2
3
![Page 28: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/28.jpg)
Adoption
Status Quo
AutomationManual
Agility, Continuous Integration and
Delivery
Tool Centric, Separation of
Tools and Development
Agilenistas,Separation of
Process and Tools
Legacy Tools and Processes
CD Transformation
Maturity Quadrant for ALM Transformation
![Page 29: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/29.jpg)
Blueprint for Continuous Delivery and Quality
![Page 30: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/30.jpg)
MFS Continuous Delivery Workflow
![Page 31: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/31.jpg)
Nexus LifecycleComponent Intelligence andContinuous Delivery
Establish Policy – Different groups, different applicationsPolicy must be consistent with definition of quality
Component intelligence can be assessed at different points in the lifecycleNexus Repository: component selectionNexus LifeCycle: build and deployement
Establish a test-fast CD approach, using Nexus Repository to intelligently select comonentsDesign CI builds for fast, test-early, shift-left detectionLifeCycle Scan after nightly and release builds Component intelligence is essential to achieve true CD
![Page 32: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/32.jpg)
Goals and KPIs
Goals• Improve Quality• Increase Efficiency• Reduce Deployment Issues
KPIs• Production Defects• Development Velocity• Deployment Issues
![Page 33: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/33.jpg)
Recommendation ACTION: Improve Quality
Quality Analysis
• Static Code Quality Analysis• Vulnerability Detection• Continuous Integration• Test Driven Development• Peer Review• Shift Left Testing
Traceability
• Continuous Delivery• End to End Traceability• Feature Driven Development
![Page 34: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/34.jpg)
Recommendation ACTION: Increase Efficiency
• Build Automation• Test Automation• Deployment Automation• Traceability Automation
Process Improvements
• Agile Development• Continuous Delivery• Process Uniformity
Automated Processes
![Page 35: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/35.jpg)
Recommended ACTIONS: Reduce Deployment Issues
Continuous Integration – Root out integration issues by compiling applications and unit testing them each time changes are made.Continuous Delivery – Keeping the code always deliverable to reduce errors from partial implementationsDeployment Automation – Automating all deployments reduces errors from manual processes.
![Page 36: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/36.jpg)
Transformation Cycles
![Page 37: Software Supply Chain Automation Removes Roadblocks to Rugged DevOps](https://reader031.vdocument.in/reader031/viewer/2022013013/587eeba11a28ab17388b6db1/html5/thumbnails/37.jpg)
37
Questions