When migrating to cloud and microservices architecture, companies need to invest in foundational capabilities, such as a microservices platform, continuous delivery, and an immutable infrastructure. In this talk, we will discuss our experience implementing these capabilities on the enterprise scale with Google Cloud, Kubernetes, Istio, Envoy, Spinnaker, and Hashicorp stack. We will also discuss best practices of onboarding the cloud to facilitate DevOps, SRE without sacrificing quality or control.

1. Cloud, Microservices & DevOps
Enterprise-level implementation best practices

2. Introducing Grid Dynamics technology services
Digital transformation Big data, real time analytics, ML & AI
Microservices replatforming DevOps & cloud enablement
Open Source Cloud-ready Scalable Automated

3. 10 years of
experience in cloud,
DevOps and digital
transformation

4. Agility
Cost reduction
Flexibility
On-demand capacity
Pay as you go
Microservices
Continuous Delivery
Time to market
Speed
Automation
SRE
DevOps

5. Enterprise journey to
cloud, DevOps and SRE*
6
* based on a true story.

6. Infrastructure
Architecture
Platform
Process Organization

7. Datacenter
Web UI Search Checkout
Infra
team
Self-service portal
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team

8. Datacenter
Web UI Search Checkout
Infra
team
Self-service portal
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Can I have a VM please?

9. Datacenter
Web UI Search Checkout
Infra
team
Self-service portal
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Can I have a VM please? Sure. Tomorrow.

10. Web UI Search Checkout
Infra
team
Self-service portal
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Can I have a VM please? Sure. Tomorrow.
Cloud

11. Infrastructure team
(as seen by a developer)
Developer
(came to ask for a VM)
Cloud VMs
(carefully managed by infrastructure)

12. Web UI Search Checkout
Infra
team
Self-service portal
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Can I have a VM please? Sure. Tomorrow.
Cloud

13. Web UI Search Checkout
Infra
teamCompute
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Cloud
Storage Network Other
API API API API

14. Web UI Search Checkout
Infra
teamCompute
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Cloud
Storage Network Other
API API API API
Policy (cost, access, security, other)

15. Application teams access
No access
• Cloud projects
• Access policies
• Core networks
• IAM policies
Debatable
• Subnets
• Firewalls
• OS
• Base VM images
Has access
• VMs based on preapproved images
• Storage buckets
• Load balancers
• Firewalls within preapproved limits
• Other preapproved cloud services

16. Web UI Search Checkout
Infra
teamCompute
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Cloud
Storage Network Other
API API API API
Policy (cost, access, security, other)
Something is missing

17. Web UI
Search
Profile
Cart
Order
Price
(v1.1)
Product
Price
(v1.2)
auto-scale
self-heal
canary
release
rolling upgrade
find new version
of price
Refresh
username/password
of database
route 5% traffic to
price 1.2
register new
nodes in load
balancer

18. Packaging Package
repo
Deployment
Logging & monitoring
Provisioning
Load balancing
Lifecycle management
(scaling, failover, etc.)
Service mesh
Service registry & discovery,
secret management
Business configuration
management
Microservices platform

19. Microservices platform reference technology stack
Feature Container-based VM-based
Packaging
Artifact repository
Deployment and provisioning
Load balancing and routing
Service mesh
Service registry and discovery
Secret management
Feature flags management
Resource management
Auto-scaling, self-healing
Logging and monitoring
Spinnaker Spinnaker

20. Web UI
Search
Profile
Cart
Order
Price
(v1.1)
Product
Production traffic

21. Web UI
Search
Profile
Cart
Order
Price
(v1.1)
Product
Price
(v1.2)
Production traffic Canary or test traffic

22. Web UI
Search
Profile
Cart
Order
Price
(v1.1)
Product
Price
(v1.2)
Production traffic Canary or test traffic
Order
Cart
Search
Product
Web UI

23. Web UI
Search
Profile
Cart
Order
Price
(v1.1)
Product
Price
(v1.2)
Production traffic Canary or test traffic

24. Web UI
Search
Profile
Cart
Order
Price
(v1.1)
Product
Price
(v1.2)
Production traffic Canary or test traffic

25. Web UI
Search
Profile
Cart
Order
Price
(v1.1)
Product
Price
(v1.2)
Production traffic Canary or test traffic

26. Web UI
Search
Profile
Cart
Order
Price
(v1.1)
Product
Price
(v1.2)
Production traffic Canary or test traffic

27. Web UI
Search
Profile
Cart
Order
Price
(v1.1)
Product
Price
(v1.2)
Production traffic Canary or test traffic

28. Web UI Search Checkout
Infra
teamCompute
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Cloud
Storage Network Other
API API API API
Microservices platform
API
Platform
team
Policy (cost, access, security, other)

29. Web UI Search Checkout
Infra
teamCompute
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Cloud
Storage Network Other
API API API API
Microservices platform
API
Platform
team
Policy (cost, access, security, other)

30. Web UI Search Checkout
Infra
teamCompute
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Cloud
Storage Network Other
API API API API
Microservices platform
API
Platform
team
applications deploy themselves?
Policy (cost, access, security, other)

31. Application deployment package
Environment
Deployable unit
Build-time dependencies
Configuration
Deployment
scriptApplication artifact
Platform
& infra
teams
Development
engineers
QA
engineers
Deployment
engineers
Application can deploy itself

32. Application deployment package
Environment
Deployable unit
Build-time dependencies
Configuration
Deployment
scriptApplication artifact
Platform
& infra
teams
Development
engineers
QA
engineers
Deployment
engineers
Application can deploy itself

33. Application deployment package
Environment
Platform
team
Application
team
Data
Business
configuration
Microservices
platform
Run-time
dependencies
Infrastructure Infrastructure
team

34. Application configuration
(static, built into package)
1. Resource requirements (CPU, RAM).
2. Vertical scalability.
3. Application container settings (JVM, GC).
4. Cluster settings.
Environment configuration
(dynamic, updated in run-time)
1. Horizontal scalability.
2. Pre-tested feature flags.
3. Business configuration.
4. Upstream components endpoints.
Risky to change, needs testing.
Same as code.
Low-risk of change, pre-tested.
Same as data.

35. Application deployment package
Environment
Deployable unit (VM) Deployment script
Infrastructure
Microservices platformUpstream services

36. Application deployment package
Environment
Deployable unit (VM) Deployment script
Infrastructure
Deploy
Instance group
Load balancer
VM
image
Microservices platformUpstream services

37. Application deployment package
Environment
Deployable unit (VM) Deployment script
Infrastructure
Instance group
Load balancer
VM
image Instance Instance Instance
Microservices platformUpstream services

38. Application deployment package
Environment
Deployable unit (VM) Deployment script
Infrastructure
Instance group
Load balancer
VM
image Instance Instance Instance
Microservices platformUpstream services

39. Application deployment package
Environment
Deployable unit (VM) Deployment script
Infrastructure
Instance group
Load balancer
VM
image Instance Instance Instance
Microservices platformUpstream services

40. Application deployment package
Environment
Deployable unit (VM) Deployment script
Infrastructure
Instance group
Load balancer
VM
image Instance Instance Instance
Microservices platformUpstream services
Rolling upgrade

41. Application deployment package
Environment
Deployable unit (VM) Deployment script
Infrastructure
Instance group
Load balancer
VM
image Instance Instance Instance
Microservices platformUpstream services

42. Application deployment package
Environment
Deployable unit (VM) Deployment script
Infrastructure
Instance group
Load balancer
VM
image Instance Instance Instance
Microservices platformUpstream services

43. Application deployment package
Environment
Deployable unit (VM) Deployment script
Infrastructure
Instance group
Load balancer
VM
image Instance Instance Instance
Microservices platformUpstream services

44. Application deployment package
Environment
Deployable unit (VM) Deployment script
Infrastructure
Instance group
Load balancer
VM
image Instance Instance Instance
Microservices platformUpstream services

45. Application deployment package
Environment
Deployable unit (VM) Deployment script
Infrastructure
Instance group
Load balancer
VM
image Instance Instance
Microservices platformUpstream services

46. Application deployment package
Environment
Deployable unit (VM) Deployment script
Infrastructure
Instance group
Load balancer
VM
image Instance Instance Instance
Microservices platformUpstream services

47. Application deployment package
Environment
Deployable unit (VM) Deployment script
Infrastructure
Instance group
Load balancer
VM
image Instance Instance Instance
Microservices platformUpstream services

48. Release
Engineer
Dev
QA
DevOps
Perf QA
Business
Test environment
Production
deployment CR
sign offs
Dev Lead
QA Lead
Perf Lead
Business
Ops Lead
Security Lead

49. All changes to production should be authorized

50. All changes to production should be authorized
1. Development lead should sign off
2. Functional QA lead should sign off
3. Performance QA lead should sign off
4. Security lead should sign off
5. Operations lead should sign off
6. Artifact deployed to production should be the same as tested in QA environment

51. Source
code
Production
Web UI
Search
v1.1
Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
All changes to production
should be authorized

52. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Code
review
All changes to production
should be authorized

53. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Code
review
Build,
code analysis,
unit testing
All changes to production
should be authorized

54. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Code
review
Build,
code analysis,
unit testing
Service
testing
All changes to production
should be authorized
Small QA
environment

55. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Search
v1.2
Code
review
Build,
code analysis,
unit testing
Service
testing
Deploy
All changes to production
should be authorized
Small QA
environment

56. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Search
v1.2
Code
review
Build,
code analysis,
unit testing
Service
testing
Deploy
All changes to production
should be authorized
Integration testing
Small QA
environment

57. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Search
v1.2
Code
review
Build,
code analysis,
unit testing
Service
testing
Deploy
All changes to production
should be authorized
Integration testing
UAT
Small QA
environment

58. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Search
v1.2
Code
review
Build,
code analysis,
unit testing
Service
testing
Deploy
All changes to production
should be authorized
Integration testing
UAT
Canary release (1% traffic)
Small QA
environment

59. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Search
v1.2
Code
review
Build,
code analysis,
unit testing
Service
testing
Deploy
All changes to production
should be authorized
Integration testing
UAT
Canary release (1% traffic)
Full release
Small QA
environment
1 hour

60. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Search
v1.2
Code
review
Build,
code analysis,
unit testing
Service
testing
Deploy
All changes to production
should be authorized
Integration testing
UAT
Canary release (1% traffic)
Full release
Small QA
environment
1 hour
Spinnaker

61. Web UI
Search
Profile
Cart
Order
v1.1
Price
Product
v1.1
Production traffic

62. Web UI
Search
Profile
Cart
Order
v1.1
Price
Product
v2.3
Production traffic Canary traffic
Product
v2.4 Order
v1.2
Test traffic
Spinnaker

63. Requirements
management
Project
management
Source code
repository
Continuous integration and delivery pipeline
Approvals and audit log
Change management dashboard
Release notes
generation
Functional testing platform
Performance testing platform
Security testing platform
Code review
Code analysis
CICD platform components

64. CICD platform sample technology stack
Feature Technology options
Requirements and project management
SCM and code review
Static code analysis and scanning
CICD pipeline
Functional testing platform
Performance testing platform
Approvals and audit log
Change management dashboard
Release notes generation
Spinnaker

65. Digital organization service architecture
Infrastructure
Storage Networking
Base OS
Security
Logging &
Monitoring
Business domain (applications)
Support
(SRE)
Microservices platform
Security
Logging &
Monitoring
Support
(SRE)
Databases, caches, message queues, load balancers
CICD pipeline, self-service
Microservices
Compute

66. Digital organization team structure
Infrastructure (IaaS)
Business domain (applications)
Business
domain
PMO
VP
Architecture &
security
Service(s)
Service
Release engineering
Support
(SRE)
Director/Manager/Lead
QADev Deployment
VP Cloud API Base OS Networking Release
engineering
Architecture &
security
Support
(SRE)

67. Back-end
developers
Front-end
developers
Performance
engineers
Quality
engineers
Deployment
engineers
CI
engineers
Complete
specialization

68. Back-end
developers
Front-end
developers
Performance
engineers
Quality
engineers
Deployment
engineers
CI
engineers
Complete
specialization
No division of
labor
Engineers
(each writes back-end and front-end code, tests, and deployment scripts)

69. Back-end
developers
Front-end
developers
Performance
engineers
Quality
engineers
Deployment
engineers
CI
engineers
Complete
specialization
Balanced
No division of
labor
Full-stack developers Quality
engineers
Deployment and CI
engineers
Engineers
(each writes back-end and front-end code, tests, and deployment scripts)

70. Full-stack
developer
Quality
engineer
Source code
and tests
Full-stack
developer
Source code
and tests
Full-stack
developer
Pair programming
App
code
Test
code
App
code
Test
codeVersus

71. Closing notes
72

72. Capabilities for enterprise cloud, DevOps, and SRE
Organization Technology Process
Service-oriented organization
Cross-functional teams
DevOps culture and skills
Infrastructure as a service
Site reliability engineering
Microservices architecture
Continuous delivery platform
Chaos engineering
Immutable infrastructure
AI/ML for operations
Microservices platform
Policy-driven CICD
Testing in production
Single environment
Ultra-light change management
Change-driven design
Covered
Not covered

73. www.griddynamics.com
Thank you!