This document discusses connecting pipelines across software delivery to address challenges from cloud adoption and increasing delivery speed. It identifies four "disconnects" that can disturb businesses: 1) CI/CD happening without visibility, 2) lack of tool integrations, 3) insufficient focus on security and operations, and 4) disconnect between business and IT delivery processes. The document advocates connecting CI/CD, tools, security/operations, and business/IT processes through approaches like integrating development tools into pipelines, embedding security checks in pipelines, and connecting business release planning to automated IT execution. This helps maximize the speed of business value delivery through DevOps and overcome challenges of scaling practices across large organizations.
2. 2
A little background
▪ 6,5 of test consultancy
▪ Lean Consultant
▪ Agile/DevOps Coach
▪ Team manager 4 DevOps teams
▪ VP Product Development
▪ VP Product Strategy
3. 3
Disconnected Pipelines: The Missing Link
▪ XebiaLabs Company and market background
▪ 3 Major impacts of the cloud, that drive the need for DevSecOps
▪ Connecting tools, delivery, and disciplines
▪ Scale it towards the enterprise
4. 4
Hundreds of Companies
deliver software with
XebiaLabs
XebiaLabs DevOps Platform
providing intelligence, automation and control
across the entire software delivery process
Shift to
the Cloud
Migrate to
Containers
Connect all
Pipelines
Connect
CI/CD &
ITSM
Improve
Governance
& Security
SCALE DEVOPS ACROSS THE ENTERPRISE
5. 5
Adoption Timeline
“I lack a clear view of what’s going on in my releases.”
“I need to know when there’s risk to the schedule.”
“We must meet Audit and Compliance requirements.”
“I need CD to fully realize the benefits of agile.”
“My failure rate is too high.”
“I need to enhance legacy apps & modernize my delivery process.”
“I have heterogeneous applications & mainframe apps.”
“We need standardization to ensure consistency & repeatability.”
“Automate all the things!”
“All steps & manual interactions need tracking.”
“Microservices & apps with complex dependencies need to be
delivered consistently.”
“Public/private cloud, hybrid and on-premise all need to be
standardized. We've hit a wall trying to manage everything with
scripts.”
“My developers need self-service.”
“We need to find & eliminate bottlenecks in our process.”
Dev + Ops
Needs
Automation
Efficiency
Speed
Error reduction
Enterprise
Requirements
Integrations
Process
Complexity
Heterogeneous
Systems
Compliance/ Security
Standardization/
Repeatability
Scale
Management +
Business Needs
Visibility/
Analytics
Decision Support
Risk Assessment
Feedback
Enterprise Adoption
6. Convergence of DevOps and Cloud
Monolithic N-Tier
Physical
Servers
Virtual
Servers
Data Center Hosted
Development Methodologies DevOps
Application Architecture
Application Packaging
Application Infrastructure
Microservices
Containers
Cloud
Waterfall Agile
Application Test Data Quarterly
Refresh
Monthly
Refresh
On-demand
(within minutes)
24. 24
The focus on Connected Pipelines will increase the
speed of business value creation
Focus on the 4 connects:
▪ Getting CI / CD out of the dark
▪ Connecting best of breed tools into the
toolchain
▪ Connecting Operations and Security into
the overall development chain
▪ Connecting the Business Delivery Process
to the IT Delivery Process
26. Onboarding and Scaling
How to scale from one team to many… Leverage your rock stars to
create standard and
reusable templates
Convert to blueprints so
that all your teams can
consume in a reliable way
Ensure you leverage tools
that are built for the
Enterprise
27. Security and Governance
Bake security and governance into your pipelines, don’t include as an afterthought
Strong role and
permission management
to ensure segregation of
duties
Cost controls
(automated rollback, full
cleanup of resources after
each deploy completes)
Protection of cloud
resources as if they were
on-premise
Security checks are
automatically completed
in the pipeline
28. Visibility and Auditability
Make data available to all users/roles within the organization
Manager:
Visualizing pipelines
Auditors:
Maintaining data compliance
Developer:
Troubleshooting speed
29. Deployment Plan Generation
Deployment orchestration to all clouds
Release Pipeline Orchestration
All apps, all roles and all environments
App
Code
Deployment
Code
Config
Code
Release
Code
Manage all Source Code
Overcome Cloud DevOps Challenges
Lack of Cloud Expertise
Best practice templates for common cloud services
Developer Experience
Leverage Release Orchestration that integrates with your
Developers’ favorite tools
Security & Governance
Bake security and governance into your pipelines
Onboarding and Scaling
Leverage standard templates and blueprints
Visibility and Auditability
Make data available for reports and audit trails
Connecting all disciplines to drive value creation
…
…
Best Practice Templates
Pre-built template to deploy
most common cloud services
Security & Governance
Security and control are standardized
within the release pipelines
Visibility & Auditability
VSM, pipeline history, predictive
info (ML), and audit control
30. 30
By the focus on connecting all your disciplines, the
speed and control of software delivery will increase
Editor's Notes
A quick introduction, for those of you who may not be familiar with XebiaLabs: we’ve been part of the DevOps movement since the very early days. We’re solely focused on DevOps and Continuous Delivery and we’ve been repeatedly recognized as a leader by the top analysts in this space. You can find our customers across many of the best known and best run companies around the world. They’re in all types of industries from financial services, to retail, to manufacturing... all the way to the public sector and government agencies.
As we’ve worked with these organizations, we’ve seen that many start to move toward DevOps because they have specific concerns.
For example, they might be looking to move applications the cloud, or to start taking advantage of container technologies
Or, maybe the most common issue that organizations need to address is how to make Continuous Integration part of the broader software delivery process
And of course, most organizations have IT Service Management policies and tools in place when they start adopting DevOps practices, so they need to figure out how to get the best of both worlds from ITSM and DevOps
And on top of all of this, there’s the topic we’re discussing today. Many organizations have security, compliance, and governance requirements to worry about. So, they might be looking at DevOps to accelerate software delivery, but they don’t want to introduce new security risks or compliance violations in the process. Not only that; ideally, they want to use DevOps best practices like Continuous Integration, Continuous Delivery, and automated testing to improve compliance and release software that’s more secure...
due to the fact that the deployment units are much more and much smaller and the infrastructure is changing more rapidly.
with the Cloud and the attached CI/CD move many choices are made by development engineers and a lot of the heavy lifting is done by them, where in the past even more operations and infrastructure specialist where involved
Companies choose to run on multiple clouds, and have the ability to move applications across AWS, GCP and Azure.
Lack of visibility of CI CD
Variety of tools being used with lack of best practices
Not aware of this is the RIGHT tool, and end up using wrong one
No place to see the entire toolchain
Some teams do, some don’t
Some do in different way
Devs are doing what they want to using their choice of tools and leadership is unaware of where the money is spent
Hard to find - What’s workinga nd what’s not working
Visible to everyone in org
Some typical remarks:
My IT teams work in Jenkins, and Jenkins can solve my problems
We use GitLab pipelines in our Dev organization
We go to the cloud we no longer need this
We are transformed towards modern IT and my dev engineers take care of this
On the journey of going to devops or already adopted devops, With the lack of ci/cd being visible to everyone, there are also so many tools that exist in the market and people are not aware of what to use?
They lack standard set of practices/blueprints while working with diff tools. End up using wrong tool all the way and then not able to scale.
On the other hand - Everyone is using tools of their choice and maintaining pipelines at so many different places that makes difficult to track and centrailize to show the changes.
own pipeline integration in a fragmenting tools landscape.
Use the tools what they are meant for – Jenkins would end up in scripting
Don’t abuse the tools
Securing the complete software delivery pipeline means testing for vulnerabilities across all of the components and stages of an application's lifecycle.
DevSecOps is all about “left shift” security and compliance to save effort and rework towards the end,
So its really imp to ensure sec right from the beginning of the delivery process
Where Security and Speed Meet
It's not surprising that the teams charged with accelerating the release rates of applications fail to bring their security counterparts to the table early enough. It's a challenge to bring these teams in, carry out all the necessary steps, and still meet deadlines. But if you ignore the security side of software delivery, you could lose everything from your customers' trust to your intellectual property.
https://dzone.com/articles/delivering-security-and-speed-the-3-core-principle?utm_medium=feed&utm_source=feedpress.me&utm_campaign=Feed:%20dzone%2Fdevops
Feature is in ideation phase
Goes to dev teams
Along the release process, more people get involved
From more to less technical people in the release process and more disjoint in the release as they all live in their own tool ecosystem.
CENTRALIZE all the tool chains
One tool to fit all
How to track cost benefits of diff processes and tools
Report on data through out the delivery process with single source of truth
3 Step Go-to-Customer approach (see slides)
Collaborate & Integrate: Connect Ops to Dev
Integrate Jira, Jenkins, Git etc via XL Release to the Servicenow Change Management solution. With this the connection is there, the insights are there…
Orchestrate & Automate: Servicenow shift left via XebiaLabs
Because XL Release already orchestrates and automates CICD, get’s all pipeline data in our system, we can push this valuable data into ServiceNow. We will do this for a couple of teams or one business domain. With this ServiceNow doesn’t fight Jira but will be on top of them. Jira doesn’t own all pipeline data, neither does Jenkins, XL Release does.
Manage & Scale: Scale through the Enterprise
We scale the solution though the entire organization of IT and Business. With this the Servicenow footprint will increase heavily and the C-level people have the E2E insights in what is happening in their organization.
Cloud Security - Cloud platforms provided shared responsibility… meaning they give you the tools, but you implement.