How Organizations Can Set Themselves Up for DevOps Success
These strategies can help IT teams adopt more effective development practices.
Organizations are adopting DevOps methodologies to improve app quality, decrease time to deployment and optimize organizational efficiency. But DevOps requires more than just new tools and processes. A successful initiative will emphasize not only the tools and skills needed to implement DevOps but also the culture change that necessarily comes with the upending of traditional development practices.
In the few years that DevOps has been a relatively mainstream IT practice, something of an old joke has already sprouted up. “A customer calls up a tech vendor to make a purchase — Order quantity: One DevOps.” The implication, of course, is that IT and business leaders often wish they could implement DevOps in their organizations simply by swiping a credit card.
While DevOps implementation is far more complex than that, there are a number of practices and strategies that can help organizations set themselves up for success.
Continuous Integration and Continuous Delivery
CI/CD describes the frequent delivery of apps to customers by integrating development teams with day-to-day data center operations. This is the fundamental concept that most distinctly sets DevOps apart from other development and deployment models. It requires organizations to break down silos so teams can work together to deploy code as quickly as possible — with minimal outages or within the error budget. Applications that cannot have any outages are expensive to operate and difficult to evolve. DevOps strategies aim to set acceptable volumes of small outages where users do not perceive the issue. Canary testing is an example in which an organization deploys a new application to a very small selection of users and confirms the operating behavior. If it performs as expected, the organization can choose to deploy it. This also implies that impacts can be effectively measured too.
While the “CD” in CI/CD stands for continuous delivery, organizations must also emphasize continuous deployment. The primary difference is a manual approval and promotion process between all the CI steps and deployment into a production environment. This usually comes down to teams trusting automation tools and their ability to roll back changes if something breaks. Company politics can play a role here too, as change advisory boards look to put every change under a microscope. This by itself can slow down the process by days or weeks. A lightweight change approval process is a core DevOps capability. The faster you can get something into production, the faster you know what doesn’t work and can fix it. Teams should be able to perform rollbacks easily.
74%
The percentage of organizations that have adopted a DevOps approach within their IT environments, up from 66 percent a year earlier
Source: DevOps Institute, “Upskilling 2020: Enterprise DevOps Skills Report” (PDF), March 2020
Application Modernization
Closely associated with the use of containers, app modernization is the process of modernizing the platform infrastructure, internal architecture and other features of legacy applications. Legacy applications can still have an agile development process. The emphasis on application modernization is breaking up large monolithic applications into small decoupled microservices. Containers have become popular largely because they support this architectural pattern. This does add some complexity — for example, instead of having 100 virtual machines, you may have thousands of containers, each with a different piece of the application. Teams can be organized around these services, and development can happen independently. Teams should be able to own and update their services without relying on another team as a dependency.
Containers allow organizations to virtualize their applications, breaking them into individual pieces that can be delivered and patched faster than ever before. According to Forrester, application modernization is associated with a number of benefits, including greater operational efficiency, improved developer productivity and reduced costs. Also, Forrester notes, organizations that successfully modernize their applications reduce the likelihood that additional staff will be needed to support applications in the future.
Infrastructure as Code
This is a foundational pillar of DevOps. Without Infrastructure as Code, teams must maintain the settings of individual deployment environments, which evolve over time into “snowflakes” — configurations so unique that they cannot be replicated.
IaC can help organizations eliminate this problem by allowing them to manage their IT infrastructure using configuration files. Since infrastructure configuration takes the form of simple code in IaC, it is easy for IT teams to edit, copy and distribute as they would with any other source code file. This stands in contrast to the more cumbersome (and more costly) practices associated with managing physical infrastructure. Even cloud infrastructure, with its high availability and scalability, cannot match IaC in terms of consistency. IaC also enables quick setup, but the top benefits are likely consistency and accountability.
72%
The percentage of organizations that cite the need to modernize their application delivery environments as a top technology bottleneck
Source: IDC, “Why a Data Strategy Is the Glue for Application Modernization” (PDF), October 2020
Security
A core DevOps concept is “shifting left” on security. Shifting left refers to the timeline of the software development lifecycle. Moving from left to right, your process has planning, building, testing, deployment, and ongoing operations and maintenance. Traditional security is an operations and maintenance concern that typically results in security being bolted on instead of being integrated into the full lifecycle of an application.
Security controls, policy and governance should be considered at every phase of the software development lifecycle, hence shifting from right to left in the timeline. Security teams should be consulted during planning phases. Tools can be embedded directly into development environments to give instant feedback. Many types of scanning and testing can be performed on an application and where code is stored, and security teams should put policies and governance in place, as well as the tooling necessary for visibility and controls in a cloud-native environment.
Security teams are often thought of as limiting the ability of DevOps teams to move quickly, so some culture change needs to happen here too. Instead of just saying no, security teams should respond more along the lines of, “Yes, but here is how we can do it more securely.” Security teams need to position themselves as the partners of DevOps teams. Indeed, many DevOps teams have rebranded as DevSecOps.
Cloud-Native Approach
A cloud-native approach to DevOps can deliver instant business insights and help organizations control costs by making it easier for IT leaders to monitor consumption and usage rates. But the best cloud tools also allow organizations to become infrastructure-agnostic, which increases flexibility and agility. Also, cloud-native applications allow organizations to control application lifecycles from inside the application rather than relying on external processes and monitors.
To learn more about how DevOps can drive innovation and speed up the delivery of new capabilities, read the white paper “How DevOps Is Revolutionizing IT” from CDW.
MKT49855