We are all hearing about the unprecedented impact that COVID-19 has on the lives of almost the entire world population. Technology is playing its part to maintain some sanity among all the chaos. Whether it is communication, online ordering, connecting remotely to a workplace, online banking and healthcare – technology is contributing. And that means, it is vital that all these technology systems keep running, bear the increased load (scalable), provide the same quality of services (reliable) without compromising security and have new features rolled out continuously. And ‘DevOps’ is something that helps us do that.
Let’s briefly touch base on key principles/features of DevOps
- Everything as Code: Infrastructure, functional tests, security tests, build, and deployment are all version-controlled as code along with data.
- Continuous everything: DevOps emphasizes on continuous and automated integration, build, deployment and testing.
- Collaboration between development, operations and security teams: For any incident in production (and even in non-production) environments, it is essential to reach to the root cause as much early as possible or better, catch the symptoms before they result in incidents (Proactive monitoring). This means that systems require an end to end tools – network monitoring, infra monitoring, application monitoring, security monitoring, logging, log searching, dashboarding, etc. and they should be integrated with code and environment correctly. This requires the strong building of collaborations between Development, Security and Operations teams from the very beginning when systems are architected/designed/built/modified and tools are finalized.
- Fail fast: DevOps enables ‘failing fast’ which means that problems come to the fore faster because of robust automation, tooling and processes and that encourages more rapid deployments rather than spending a lot of time in design and testing and delaying the rollout of new features.
- Share: It is recommended to have a strong mechanism like API management platform, in place to share the code with co-workers
- Automated environment provisioning: Having consistency across development, tests and production environments and ensuring automation (Infrastructure as Code) and configuration management for environments is critical for ensuring reliable releases
- Security is vital from the word go: As I mentioned above, the security team should be involved from the requirement gathering phase to make sure that factors like compliance and security measures are taken care of. Static security code analysis, dynamic security testing, penetration testing, continuous security monitoring, vulnerability management and all such similar measures are at the heart of healthy systems
Please note that DevOps is never a direct jump from base to top. It’s a journey where small, organized and sustainable steps are essential and the end goal varies based on nature and scale of the organization.
So, how we keep the momentum going when all the team members are working remotely and in the hyper distributed model?
- A lot of companies already have distributed teams working in DevOps fashion. It requires robust tools and processes but more importantly, it requires strong people culture – culture to understand each other and culture to continuously improve. Video conferencing for meetings is definitely one way to ensure that people see faces and emotions behind words. Virtual team-building exercise like online team games could be used for bonding. Its important that all these virtual meets/team buildings are not done just for the sake of it but are done out of a genuine effort to get along with each other. Sometimes, we need to go out of the way to make sure that interactions happen on a sustainable basis. It certainly helps!
- Collaboration tools (Teams/Slack), allowing audio/video conferencing, messaging, document sharing are almost the must.
- Strong application lifecycle management tools (For example – Jira, Azure DevOps) integrated with code reviews, testing and release management help simplify collaboration among remote teams. Simple things like sending email notifications for check-in of codes or release failures go a long way to keep teams in sync. Processes should ensure that all the tool features are leveraged correctly and only to the extent suitable for organization scale and complexity.
- Proactive and integrated remote monitoring tools across data centers are essential. Monitoring tools should have hybrid capabilities (Should work on private and public infrastructure), inherent sophisticated alerting, troubleshooting and predictive mechanisms.
- Security monitoring and governance across datacenters and across individual devices that are connecting to corporate/related networks are of utmost importance. Regular communication (through emails, webinars, mandatory training) regarding security Do’s and Don’ts while connecting remotely are essential.
- Regular remote meetings among project, operations and security teams at all crucial project junctures (architecture review, design review, steering committee meetings, risk reviews, etc.) are critical.
- To ensure that all these tools, processes and people work together, strong project/program governance is required, and it is more important than ever before.
If not already done, it is worth doing DevOps assessment of where the organization is at the moment and where it wants to go from a DevOps perspective and chart out the path for that journey.
So, Its never too late!. Let’s not stop the discussions around DevOps as that is going to make our virtual professional life a lot more productive, peaceful and fun! And that is all what we want, right?
As we all are saying to each other these days, stay safe and healthy!