DOES15 - Joshua Corman & John Willis - Immutable Awesomeness?

Immutable Awesomeness?
Where Containers Collide
with SW Supply Chains
!
Joshua Corman - @joshcorman!
John Willis - @botchagalupe!
!
#DOES15

Devops and Immutable
Infrastructure
John Wills!
Director of Ecosystem Development
IMMUTABLE

@joshcorman
• 20 Years in SW & Security
• IBM ISS, The 451 Group,
Akamai, Sonatype
• Founder, Rugged Software
• Founder, I Am the Cavalry
• Adjunct Professor, Carnegie
Mellon University Heinz College

@botchagalupe
• a.k.a. John Willis
• 35 Years in IT Operations
• Exxon, Canonical, Chef,
Enstratius, Socketplane
• Devopsdays Core Organizer
• Devopscafe on iTunes

h/t$@petecheslock$DevOpsDays$Aus4n$2015$

Beyond Heartbleed: OpenSSL in 2014
(31 in NIST’s NVD thru December)
CVE-2014-3470 6/5/2014 CVSS Severity: 4.3 MEDIUM ! SIEMENS *
CVE-2014-0221 6/5/2014 CVSS Severity: 4.3 MEDIUM
CVE-2013-7373 4/29/2014 CVSS Severity: 7.5 HIGH
CVE-2014-2734 4/24/2014 CVSS Severity: 5.8 MEDIUM ** DISPUTED **
CVE-2014-0160 4/7/2014 CVSS Severity: 5.0 MEDIUM ! HeartBleed
CVE-2014-0017 3/14/2014 CVSS Severity: 1.9 LOW
…
As#of#today,#internet#scans#
by#MassScan##reveal#300,000#
of#original#600,000#remain#
unpatched#or#unpatchable#

Product Vulnerability Disclosures Following the HeartBleed Announcement (Circle Size Indicates CVSS Severity Score)
F5
New OpenSSL Disclosures (Both CVSS Level 10)
Here
IBM
Cisco
IBM
McAfee
Initial 'HeartBleed' OpenSSL Disclosure (CVSS Level 5 (underscored))
NumberofProductsIncludedinAnnouncement
0
10
20
30
40
50
60
70
80
90
100
110
120
Days Since HeartBeed Announcement
0 10 20 30 40 50 60 70 80 90 100 110 120
!!
X!Axis:!!Time!(Days)!following!ini6al!HeartBleed!disclosure!and!patch!availability!
Y!Axis:!!Number!of!products!included!in!the!vendor!vulnerability!disclosure!
Z!Axis!(circle!size):!!Exposure!as!measured!by!the!CVE!CVSS!score!
!
COMMERCIAL!RESPONSES!TO!OPENSSL!

Innovate!)
PRODUCTIVITY)
TIME)

Quality?)
Security?)
Maintainability?)
Repeatability?)
Raw)innova6on))
Innova&on'at''
any'cost'
Net)innova6on))
Net'value'to'the'
organiza&on'

Supply&chain&advantage&
Source:(Toyota(Supply(Chain(
Management:(A(Strategic(
Approach(to(Toyota’s(
Renowned(System,(by(Ananth(
Iyer(and(Sridhar(Seshadri(
Toyota&
Advantage&
Toyota&
Prius&
Chevy&
Volt&
Unit%Retail%Price% 61%& $24,200% $39,900%
Units%Sold/Month% 13x& 23,294% 1,788%
In?House%ProducBon% 50%& 27%% 54%%
Plant%Suppliers% 16%&& 125% 800%
Firm@Wide(Suppliers( 4%# 224( 5,500(

Use their highest
quality parts
Use fewer, better
suppliers
Track which parts
you use & where

Actual Exploitation 2015 VZ DBIR

Use their highest
quality parts
Use fewer, better
suppliers
Track which parts
you use & where
Fewer service
interruptions
Less unplanned,
unscheduled work
Faster MTTD &
MTTR

“Operational pain can neither
be created nor destroyed -
only moved to someone else”
-Nick Galbreath
!
“Well… you can create it… :)”
-Joshua Corman

Immutable Awesomeness?: Where
Containers Collide with SW Supply Chains
John Willis!
Director of Ecosystem Development

@bglpe
Guns Germs and
Microservices

@bglpe
Immutable Infrastructure

“The least-cost way to ensure that the behavior of any
two hosts will remain completely identical is always to
implement the same changes in the same order on both
hosts.”
Immutable Matters

Management Methods
• Divergence
• Convergence
• Congruence

V4L : Left to Right Flow
• Variety!
• Determine your variety of offerings
based on operational efﬁciency and
market demand!
• Velocity!
• Maintain a steady ﬂow through all
processes of the supply chain!
• Variability!
• Manage inconsistencies carefully to
reduce cost and improve quality!
• Visibility!
• Ensure the transparency of all
processes to enable continuous
learning and improvement

Left to Right Flow
•Variety 
• Lean Startup  
• Minimal Viable Product 
• Pivot 
• Build Measure Learn 
• Customer Development
Methodology

Left to Right Flow
• Velocity!
• Developer Flow
• Integration Flow
• Deployment Flow
https://upload.wikimedia.org/wikipedia/commons/7/74/Continuous_Delivery_process_diagram.png

Left to Right Flow
• Variation
• Converged Isolation
• Immutable Infrastructure
• Immutable Delivery
https://en.wikipedia.org/wiki/Standard_deviation

Left to Right Flow
• Visibility!
• Containerization
• Microservices
• Data Gravity

References
DOCKER AND THE THREE WAYS OF DEVOPS PART 1: THE FIRST WAY – SYSTEMS THINKING!
https://blog.docker.com/2015/05/docker-three-ways-devops/!
!
DevOpsDays Chicago Sept 2015 - State of the DevOps by John Willis!
https://www.youtube.com/watch?t=16&v=319wIaAiaHM!
!
Guns Germs and Microservices!
https://vimeo.com/129822162!
!
Become More Agile and Get Ready for DevOps by Using Docker in Your Continuous Integration
Environments!
https://www.gartner.com/doc/3016317/agile-ready-devops-using-docker!
!
The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win!
http://www.amazon.com/The-Phoenix-Project-Helping-Business/dp/0988262592!
!
Immutable Infrastructure with Docker and EC2 by Michael Bryzek (Gilt)!
https://www.youtube.com/watch?v=GaHzdqFithc!
!
Toyota Kata: Managing People for Improvement, Adaptiveness and Superior Results!
http://www.amazon.com/Toyota-Kata-Managing-Improvement-Adaptiveness/dp/0071635238!

john.willis@docker.com
@botchagalupe
jcorman@sonatype.com
@joshcorman

DOES15 - Joshua Corman & John Willis - Immutable Awesomeness?

More Related Content

What's hot (12)

Viewers also liked (20)

Similar to DOES15 - Joshua Corman & John Willis - Immutable Awesomeness? (20)

More from Gene Kim (20)

Recently uploaded (20)

DOES15 - Joshua Corman & John Willis - Immutable Awesomeness?