SlideShare a Scribd company logo
OPTIMIZING THE OPS
IN DEVOPS
GORDON HAFF
Technology Evangelist, Red Hat
Cloud Expo Silicon Valley
3 November 2016
Optimizing the Ops in DevOps
DevOps
FOCUS ON
CLOUD-NATIVE
APPLICATION
ARCHITECTURES
● Single-function units owned
by a team
● Bounded context
● Communicate through
lightweight APIs
Source: PWC
FOCUS ON IMPROVED
AND LESS ISOLATED
DEVELOPER WORKFLOWS
● Collaboration
● CI/CD
● Issue tracking
● Source code control
● Code review
● IDE
● xPaaS
Source: Mike McGarr, Netflix
AN OPPOSING VIEW
"I want to change my job because there is this horrible concept of
"pager duty" or "oncall". Where the developer has to be ready for
any issues that may occur. Are most software jobs like this? Is this
a norm? Where can I find software development positions without
such concepts?"
Anonymous Quora user
WE ALSO TALK
ABOUT CULTURE A LOT
● Empathy
● Trust
● Learning
● Cooperation
● Responsibility
DevOps
BUT WHAT ABOUT THE OPS IN DEVOPS?
DevOps
Biz
Sec
A FABLE
FOR
DEVOPS
NO OPS? (OR IS IT EVOLVED DEVOPS?)
"We have built tooling that removes many of the
operations tasks completely from the developer, and
which makes the remaining tasks quick and self
service. There is no ops organization involved in
running our cloud, no need for the developers to
interact with ops people to get things done, and less
time spent actually doing ops tasks than developers
would spend explaining what needed to be done to
someone else."
Adrian Cockroft, Netflix, 2012
FOCUS ON PROVIDING CORE SERVICES
AND GETTING OUT OF THE WAY
● Deploy a modern container platform
● Enable automated developer workflows
● Mitigate risk and automate security
MODERN PLATFORM
NEW CLOUD PLATFORM NEEDS
What? Why?
Scale-out to meet highly elastic service
requirements
Scale-up is not flexible or scalable enough to
meet changing business needs
Software-defined everything
Software functions running on standardized
hardware increase flexibility
Focused on applications composed of
loosely-coupled services
Large monolithic applications are fragile and
can’t be updated quickly
Enable lightweight iterative software
development and deployment
Modern applications are often short-lived and
require frequent refreshes/replacements
COMPREHENSIVE CLOUD-NATIVE INFRASTRUCTURE
Physical hardware
Container orchestration
Container-optimized Linux
Container/
services
Container/
services
Container/
services
Container/
services
Container/
services
Container/
services
Hybrid cloud management
Developertooling
Software-defined compute, storage, and networking
Public
clouds
OPENSTACK SOFTWARE-DEFINED INFRASTRUCTURE
MAKING CONTAINERS USEFUL:
ECOSYSTEM AND DEFACTO STANDARDS
1 Open Container Initiative (OCI)
2 Cloud Native Computing Foundation (CNCF)
OPERATED AT SCALE
• Different aspects of scale:
• Large scale workloads
• Diverse workloads (batch and services)
• Complex resource management (QoS,
latency sensitivity, etc.)
• Focus on lightweight containerized instances
• Orchestration and resource management
HYBRID MANAGEMENT SERVICES
SERVICE
AUTOMATION
Complete lifecycle and
operational management
that allows IT to remain in
control.
POLICY &
COMPLIANCE
Deploy across virtualization,
private cloud, public cloud and
container-based
environments.
UNIFIED HYBRID
MANAGEMENT
Draws on continuous
monitoring and deep
insights to raise alerts or
remediate issues.
Streamline complex service
delivery processes, saving
time and money.
OPERATIONAL
VISIBILITY
AUTOMATED
DEVELOPER WORKFLOWS
BUILD A PIPELINE
LOTS OF TOOLS FOR THE PIPELINE
gerrit
TRACK AND
VALIDATE
THIRD-PARTY
TOOLS
AND
COMPONENTS
MITIGATE RISK
AUTOMATE SECURITY
TRADITIONAL SECURITY
What we did The problem
Code audited for current compliance
New vulnerabilities constantly
discovered and exploited with no
opportunity for rapid remediation.
Applications and systems deployed on
“secured” platform
There is no perimeter.
Largely relied on checklists, written
processes, and manual actions
Limited throughput and prone to errors.
“Patch Tuesdays” last all month.
Primarily an end-of-process checkpoint Security is such a bottleneck!
DevSecOps
● Build on the mindset that "everyone is responsible for security"
● It’s the practice of building security into development processes
● Security as code
● Flips security from a defensive to an offensive posture that is both automated and
constant
BAKE IN SECURITY AND ASSURANCE
● Components built from source code using a secure, stable, reproducible build
environment
● Careful selection, configuration, and security tracking of packages
● Automated analysis and enforcement of security practices
● Active participation in upstream and community involvement
● Thoroughly validated vulnerability management process
INTEGRATED SECURITY
"Our goal as information security architects must be to
automatically incorporate security controls without manual
configuration throughout this cycle in a way that is as transparent
as possible to DevOps teams and doesn't impede DevOps agility,
but fulfills our legal and regulatory compliance requirements as
well as manages risk. "
DevSecOps: How to Seamlessly Integrate Security Into DevOps
Gartner. DevSecOps: How to Seamlessly Integrate Security Into DevOps. September 2016. G00315283
AUTOMATING SECURITY
CONFIGURATION
ERRORS
MISSINGPATCHES
CODINGMISTAKE
HUMAN ERROR
BAD OPSEC
SECURING CONTENT
EXAMPLE: CONTAINERS
A validated supply
chain helps ensure
use of tested and
patched software.
AN OPEN HYBRID CLOUD JOURNEY
Hybrid policy & management
Data, workflow, & API integration
Automation
Software-defined infrastructure
Legacy modernization
Self-service & flexibility
Optimized virtualization
Cloud migration
Orchestrated container platform
DevOps tooling
Mobile
Open Innovation Labs
Secured software supply chain
CREDITS
Dev: Nelson Pavlosky/flickr under CC http://www.flickr.com/photos/skyfaller/113796919/
Ops: Leonardo Rizzi/flickr under CC http://www.flickr.com/photos/stars6/4381851322/
Rainbows and Unicorns: http://kaigumo.deviantart.com/art/Unicorns-Fart-Rainbows-3-151273843
Piggy bank: https://www.flickr.com/photos/marcmos/3644751092
Stop: https://www.flickr.com/photos/r_grandmorin/6922697037
THANK YOU
plus.google.com/+RedHat
linkedin.com/company/red-hat
youtube.com/user/RedHatVideos
facebook.com/redhatinc
twitter.com/RedHatNews
TRADITIONAL SECURITY
What we did
Code audited for current compliance
Applications and systems deployed on
“secured” platform
Largely relied on checklists, written
processes, and manual actions
Primarily an end-of-process checkpoint
TRUSTED CONTAINER CONTENT
"From a security and governance perspective, trusting the
container image is a critical concern throughout the software
development lifecycle. Ensuring that images are signed and
originate from a trusted registry are solid security best practices. "
5 keys to conquering container security, Amir Jerbi, Infoworld
4 August 2016
http://www.infoworld.com/article/3104030/security/5-keys-to-docker-container-security.html
NoOps?
"This is part of what we call NoOps. The developers used to
spend hours a week in meetings with Ops discussing what they
needed, figuring out capacity forecasts and writing tickets to
request changes for the datacenter. Now they spend seconds
doing it themselves in the cloud."
Adrian Cockroft, Netflix, 2012
BACK TO ADRIAN
" We have built tooling that removes many of the operations tasks
completely from the developer, and which makes the remaining
tasks quick and self service. There is no ops organization involved
in running our cloud, no need for the developers to interact with
ops people to get things done, and less time spent actually doing
ops tasks than developers would spend explaining what needed
to be done to someone else. "
Adrian Cockroft, Netflix, 2012
Strategies for sourcing software
Wild West
Go ahead
and grab it!
Blacklist
Is it from a
known bad
source?
Whitelist
Is it a known good source?
Digitally signed/securely delivered
Rapid updates for vulnerabilities
Repeatable release processes
THE MOVE TO HYBRID INFRASTRUCTURES
BRINGS ADDITIONAL MANAGEMENT CHALLENGES
APPLICATION
ARCHITECTURE
INFRASTRUCTURE
PLATFORM
OPERATIONAL
MODEL
OPERATIONAL
CHALLENGES
Traditional Applications
Virtualization
Operational
Automation
Orchestration
Automation
Private Cloud
Scalable
Applications
Public Cloud
SaaS and PaaS
Cloud Native
Service
Brokering
Containers
Microservices
Self-service
Automated provisioning
Lifecycle management
Root cause analysis
Performance and
capacity management
Hybrid Management
Policy compliance
Quota enforcement
Chargeback
WHAT DEFINES A MODERN PLATFORM?
● Built through collaborative innovation in Linux and other open source communities
● Composed of integrated core software services
● Open container format, runtime, and orchestration
● Focused on large distributed system scale points
THE NEEDED MANAGEMENT SERVICES
SERVICE
AUTOMATION
Complete lifecycle and
operational management
that allows IT to remain in
control.
POLICY &
COMPLIANCE
Deploy across virtualization,
private cloud, public cloud and
container-based
environments.
UNIFIED HYBRID
MANAGEMENT
Draws on continuous
monitoring and deep
insights to raise alerts or
remediate issues.
Streamline complex service
delivery processes, saving
time and money.
OPERATIONAL
VISIBILITY
OPERATIONAL VISIBILITY CHALLENGES
Systems that are not being utilized
should be retired to reclaim resources.
Budgets are tight. We have to
make sure that we are utilizing
our systems efficiently.
Tracking problems across infrastructure
layers can be a challenge.
I’ve got to project infrastructure usage
out into the future for planning purposes.
CHALLENGES
LIFECYCLE MANAGEMENT
ROOT-CAUSE ANALYSIS CAPACITY MANAGEMENT
RESOURCE OPTIMIZATION
OPERATIONAL VISIBILITY WITH HYBRID MANAGEMENT
We now have complete lifecycle
management: provisioning, reconfiguration,
deprovisioning, and retirement.
Automatic resource optimization
intelligently places VMs and offers
right-sizing recommendations.
I can drill-down through infrastructure
layers to determine the root cause.
Resource tracking and trending aids in
capacity and what-if scenario planning.
CHALLENGES
LIFECYCLE MANAGEMENT
ROOT-CAUSE ANALYSIS CAPACITY MANAGEMENT
RESOURCE OPTIMIZATION

More Related Content

PDF
Your Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
PDF
Enterprise Cloud Native is the New Normal
PPTX
Building next gen applications and microservices
PPTX
All Things Open : Crash Course in Open Source Cloud Computing
PPTX
App Development Evolution: What has changed?
PDF
OpenWhisk - Serverless Architecture
PPTX
Cloud native programming model comparison
PPTX
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Your Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
Enterprise Cloud Native is the New Normal
Building next gen applications and microservices
All Things Open : Crash Course in Open Source Cloud Computing
App Development Evolution: What has changed?
OpenWhisk - Serverless Architecture
Cloud native programming model comparison
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...

What's hot (20)

PDF
Enable DevSecOps using Jira Software
PDF
Cloud Native Applications Maturity Model
PPTX
DevOps to DevSecOps Journey..
PPTX
Jelastic Docker Orchestrator
PPTX
Cloud Native Summit 2019 Summary
PPT
IBM Bluemix OpenWhisk: Interconnect 2016, Las Vegas: CCD-1088: The Future of ...
PDF
Evolving to Cloud-Native - Nate Schutta (2/2)
PDF
OpenWhisk - A platform for cloud native, serverless, event driven apps
PPTX
Bahrain ch9 introduction to docker 5th birthday
PDF
How to Design a Backend for IoT
PDF
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps
PPTX
2017 State Enterprise Multi Cloud Webinar
PPTX
Executive Briefing: The Why, What, and Where of Containers
PDF
Microservices for Mortals
PDF
Kick starting Network Automation
PPTX
IBM Bluemix OpenWhisk: Cloud Foundry Summit 2016, Frankfurt, Germany: The Fut...
PDF
Bi-modal IT: Bridge Traditional and Agile IT Services by Michal Svec, SUSE
PDF
DevSecOps at the GSA
PPT
OpenWhisk Introduction
PPTX
Api more than payload (2021 Update)
Enable DevSecOps using Jira Software
Cloud Native Applications Maturity Model
DevOps to DevSecOps Journey..
Jelastic Docker Orchestrator
Cloud Native Summit 2019 Summary
IBM Bluemix OpenWhisk: Interconnect 2016, Las Vegas: CCD-1088: The Future of ...
Evolving to Cloud-Native - Nate Schutta (2/2)
OpenWhisk - A platform for cloud native, serverless, event driven apps
Bahrain ch9 introduction to docker 5th birthday
How to Design a Backend for IoT
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps
2017 State Enterprise Multi Cloud Webinar
Executive Briefing: The Why, What, and Where of Containers
Microservices for Mortals
Kick starting Network Automation
IBM Bluemix OpenWhisk: Cloud Foundry Summit 2016, Frankfurt, Germany: The Fut...
Bi-modal IT: Bridge Traditional and Agile IT Services by Michal Svec, SUSE
DevSecOps at the GSA
OpenWhisk Introduction
Api more than payload (2021 Update)
Ad

Viewers also liked (20)

PDF
Fail Fast, Fail Often
PDF
Applying Lean Security To The Business
PDF
Containers: Don't Skeu Them Up. Use Microservices Instead.
PPTX
NetflixOSS for Triangle Devops Oct 2013
PDF
DevOps vs Traditional IT Ops (DevOps Days ignite talk by Oliver White)
PPTX
Demystifying DevOps for Ops - Including Findings from the 2015 State of DevOp...
PDF
DevOps with Sec-ops
PDF
Spring Cloud Netflix OSS
PDF
~~Putting~~ Convincing the Ops in DevOps by Jamie Jones
PDF
Netflix IT Ops 2014 Roadmap
PDF
DevSecOpsNess: Adding the business dimension to DevOps by Tanusree McCabe
PDF
Business Value of CI, CD, & DevOpsSec: Scaling to Billion User Systems Using ...
PDF
Disruption of Enterprise IT and DevOps
PDF
Continuous Security in DevOps
KEY
Consumer Science and Product Development at Netflix - OSCON 2012
PDF
From devOps to front end Ops, test first
PDF
Devops security-An Insight into Secure-SDLC
PPTX
Shepherding change: leading your DevOps transformation
PPTX
Implementing an Application Security Pipeline in Jenkins
PPT
Devops at Netflix (re:Invent)
Fail Fast, Fail Often
Applying Lean Security To The Business
Containers: Don't Skeu Them Up. Use Microservices Instead.
NetflixOSS for Triangle Devops Oct 2013
DevOps vs Traditional IT Ops (DevOps Days ignite talk by Oliver White)
Demystifying DevOps for Ops - Including Findings from the 2015 State of DevOp...
DevOps with Sec-ops
Spring Cloud Netflix OSS
~~Putting~~ Convincing the Ops in DevOps by Jamie Jones
Netflix IT Ops 2014 Roadmap
DevSecOpsNess: Adding the business dimension to DevOps by Tanusree McCabe
Business Value of CI, CD, & DevOpsSec: Scaling to Billion User Systems Using ...
Disruption of Enterprise IT and DevOps
Continuous Security in DevOps
Consumer Science and Product Development at Netflix - OSCON 2012
From devOps to front end Ops, test first
Devops security-An Insight into Secure-SDLC
Shepherding change: leading your DevOps transformation
Implementing an Application Security Pipeline in Jenkins
Devops at Netflix (re:Invent)
Ad

Similar to Optimizing the Ops in DevOps (20)

PDF
DevSecOps: The Open Source Way
PDF
2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructure
PDF
OpenStack Preso: DevOps on Hybrid Infrastructure
PDF
Unlocking the Cloud Operating Model
PPTX
Managing IT environment complexity in a Multi-Cloud World
PPTX
DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole
PPTX
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
PDF
Evolving Infrastructure and Management for Business Agility
PDF
451’s Berkholz on How DevOps, Automation and Orchestration Combine for Contin...
PDF
You Build It, You Secure It: Higher Velocity and Better Security with DevSecOps
PDF
DevSecOps: The Open Source Way
PPTX
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
PDF
DevOps - Top Trends In 2019
PDF
DevOps in the Modern Era - Thoughtfully Critical Podcast
PDF
Migrate Oracle WebLogic Applications onto a Containerized Cloud Data Center
PPTX
Conversations in the Cloud
PPTX
7 Innovations That Will Transform IT Operations
PDF
Ignite Innovation: Turn Developers Loose on the Hybrid Cloud”
PPTX
OpenStack at EBSCO
PDF
Gluecon Preso: Hybrid Container Infrastructure
DevSecOps: The Open Source Way
2016 - Open Mic - IGNITE - Open Infrastructure = ANY Infrastructure
OpenStack Preso: DevOps on Hybrid Infrastructure
Unlocking the Cloud Operating Model
Managing IT environment complexity in a Multi-Cloud World
DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
Evolving Infrastructure and Management for Business Agility
451’s Berkholz on How DevOps, Automation and Orchestration Combine for Contin...
You Build It, You Secure It: Higher Velocity and Better Security with DevSecOps
DevSecOps: The Open Source Way
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
DevOps - Top Trends In 2019
DevOps in the Modern Era - Thoughtfully Critical Podcast
Migrate Oracle WebLogic Applications onto a Containerized Cloud Data Center
Conversations in the Cloud
7 Innovations That Will Transform IT Operations
Ignite Innovation: Turn Developers Loose on the Hybrid Cloud”
OpenStack at EBSCO
Gluecon Preso: Hybrid Container Infrastructure

More from Gordon Haff (20)

PDF
Artificial Intelligence: Beyond Machine Learning
PDF
Blockchains for Business 101
PDF
Preserving privacy while sharing data
PDF
Lightning Talk: Using Data without Compromising Privacy
PDF
Free and Open:An Historical Perspective
PDF
Why do we contribute (to open source)?
PDF
How do you get started in AI?
PDF
The good the bad and the ugly: Getting started doing AI
PDF
Cloud-Native: A New Ecosystem for Putting Containers into Production
PDF
Containers: Don't Skeu Them Up
PDF
Cloud-Native: A New Ecosystem for Putting Containers into Production
PDF
DevSecOps: The Open Source Way for CloudExpo 2018
PDF
AI: The Good, the Bad, and the Practical for CloudExpo 2018
PDF
Ten layers of container security for CloudCamp Nov 2017
PDF
That's not a metric! Data for cloud-native success
PDF
The Interesting IoT: Digitizing Operations
PDF
A short history of packaging (Monkigras 2017)
PDF
The New Platform: You Ain't Seen Nothing Yet
PDF
The New Open Distributed Application Architecture
PDF
DevOps: Lessons from Manufacturing and Open Source
Artificial Intelligence: Beyond Machine Learning
Blockchains for Business 101
Preserving privacy while sharing data
Lightning Talk: Using Data without Compromising Privacy
Free and Open:An Historical Perspective
Why do we contribute (to open source)?
How do you get started in AI?
The good the bad and the ugly: Getting started doing AI
Cloud-Native: A New Ecosystem for Putting Containers into Production
Containers: Don't Skeu Them Up
Cloud-Native: A New Ecosystem for Putting Containers into Production
DevSecOps: The Open Source Way for CloudExpo 2018
AI: The Good, the Bad, and the Practical for CloudExpo 2018
Ten layers of container security for CloudCamp Nov 2017
That's not a metric! Data for cloud-native success
The Interesting IoT: Digitizing Operations
A short history of packaging (Monkigras 2017)
The New Platform: You Ain't Seen Nothing Yet
The New Open Distributed Application Architecture
DevOps: Lessons from Manufacturing and Open Source

Recently uploaded (20)

PPTX
Materi_Pemrograman_Komputer-Looping.pptx
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
PPTX
Introduction to Artificial Intelligence
PPTX
Odoo POS Development Services by CandidRoot Solutions
PPTX
Operating system designcfffgfgggggggvggggggggg
PPTX
ManageIQ - Sprint 268 Review - Slide Deck
PDF
Design an Analysis of Algorithms I-SECS-1021-03
PDF
Complete React Javascript Course Syllabus.pdf
PPTX
history of c programming in notes for students .pptx
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 41
PPTX
Transform Your Business with a Software ERP System
PDF
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
PDF
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
PPT
JAVA ppt tutorial basics to learn java programming
PDF
System and Network Administration Chapter 2
PDF
How Creative Agencies Leverage Project Management Software.pdf
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
PDF
Understanding Forklifts - TECH EHS Solution
PDF
top salesforce developer skills in 2025.pdf
Materi_Pemrograman_Komputer-Looping.pptx
Adobe Illustrator 28.6 Crack My Vision of Vector Design
Introduction to Artificial Intelligence
Odoo POS Development Services by CandidRoot Solutions
Operating system designcfffgfgggggggvggggggggg
ManageIQ - Sprint 268 Review - Slide Deck
Design an Analysis of Algorithms I-SECS-1021-03
Complete React Javascript Course Syllabus.pdf
history of c programming in notes for students .pptx
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
Internet Downloader Manager (IDM) Crack 6.42 Build 41
Transform Your Business with a Software ERP System
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
JAVA ppt tutorial basics to learn java programming
System and Network Administration Chapter 2
How Creative Agencies Leverage Project Management Software.pdf
How to Migrate SBCGlobal Email to Yahoo Easily
Understanding Forklifts - TECH EHS Solution
top salesforce developer skills in 2025.pdf

Optimizing the Ops in DevOps

  • 1. OPTIMIZING THE OPS IN DEVOPS GORDON HAFF Technology Evangelist, Red Hat Cloud Expo Silicon Valley 3 November 2016
  • 4. FOCUS ON CLOUD-NATIVE APPLICATION ARCHITECTURES ● Single-function units owned by a team ● Bounded context ● Communicate through lightweight APIs Source: PWC
  • 5. FOCUS ON IMPROVED AND LESS ISOLATED DEVELOPER WORKFLOWS ● Collaboration ● CI/CD ● Issue tracking ● Source code control ● Code review ● IDE ● xPaaS Source: Mike McGarr, Netflix
  • 6. AN OPPOSING VIEW "I want to change my job because there is this horrible concept of "pager duty" or "oncall". Where the developer has to be ready for any issues that may occur. Are most software jobs like this? Is this a norm? Where can I find software development positions without such concepts?" Anonymous Quora user
  • 7. WE ALSO TALK ABOUT CULTURE A LOT ● Empathy ● Trust ● Learning ● Cooperation ● Responsibility
  • 8. DevOps BUT WHAT ABOUT THE OPS IN DEVOPS?
  • 11. NO OPS? (OR IS IT EVOLVED DEVOPS?) "We have built tooling that removes many of the operations tasks completely from the developer, and which makes the remaining tasks quick and self service. There is no ops organization involved in running our cloud, no need for the developers to interact with ops people to get things done, and less time spent actually doing ops tasks than developers would spend explaining what needed to be done to someone else." Adrian Cockroft, Netflix, 2012
  • 12. FOCUS ON PROVIDING CORE SERVICES AND GETTING OUT OF THE WAY ● Deploy a modern container platform ● Enable automated developer workflows ● Mitigate risk and automate security
  • 14. NEW CLOUD PLATFORM NEEDS What? Why? Scale-out to meet highly elastic service requirements Scale-up is not flexible or scalable enough to meet changing business needs Software-defined everything Software functions running on standardized hardware increase flexibility Focused on applications composed of loosely-coupled services Large monolithic applications are fragile and can’t be updated quickly Enable lightweight iterative software development and deployment Modern applications are often short-lived and require frequent refreshes/replacements
  • 15. COMPREHENSIVE CLOUD-NATIVE INFRASTRUCTURE Physical hardware Container orchestration Container-optimized Linux Container/ services Container/ services Container/ services Container/ services Container/ services Container/ services Hybrid cloud management Developertooling Software-defined compute, storage, and networking Public clouds
  • 17. MAKING CONTAINERS USEFUL: ECOSYSTEM AND DEFACTO STANDARDS 1 Open Container Initiative (OCI) 2 Cloud Native Computing Foundation (CNCF)
  • 18. OPERATED AT SCALE • Different aspects of scale: • Large scale workloads • Diverse workloads (batch and services) • Complex resource management (QoS, latency sensitivity, etc.) • Focus on lightweight containerized instances • Orchestration and resource management
  • 19. HYBRID MANAGEMENT SERVICES SERVICE AUTOMATION Complete lifecycle and operational management that allows IT to remain in control. POLICY & COMPLIANCE Deploy across virtualization, private cloud, public cloud and container-based environments. UNIFIED HYBRID MANAGEMENT Draws on continuous monitoring and deep insights to raise alerts or remediate issues. Streamline complex service delivery processes, saving time and money. OPERATIONAL VISIBILITY
  • 22. LOTS OF TOOLS FOR THE PIPELINE gerrit
  • 25. TRADITIONAL SECURITY What we did The problem Code audited for current compliance New vulnerabilities constantly discovered and exploited with no opportunity for rapid remediation. Applications and systems deployed on “secured” platform There is no perimeter. Largely relied on checklists, written processes, and manual actions Limited throughput and prone to errors. “Patch Tuesdays” last all month. Primarily an end-of-process checkpoint Security is such a bottleneck!
  • 26. DevSecOps ● Build on the mindset that "everyone is responsible for security" ● It’s the practice of building security into development processes ● Security as code ● Flips security from a defensive to an offensive posture that is both automated and constant
  • 27. BAKE IN SECURITY AND ASSURANCE ● Components built from source code using a secure, stable, reproducible build environment ● Careful selection, configuration, and security tracking of packages ● Automated analysis and enforcement of security practices ● Active participation in upstream and community involvement ● Thoroughly validated vulnerability management process
  • 28. INTEGRATED SECURITY "Our goal as information security architects must be to automatically incorporate security controls without manual configuration throughout this cycle in a way that is as transparent as possible to DevOps teams and doesn't impede DevOps agility, but fulfills our legal and regulatory compliance requirements as well as manages risk. " DevSecOps: How to Seamlessly Integrate Security Into DevOps Gartner. DevSecOps: How to Seamlessly Integrate Security Into DevOps. September 2016. G00315283
  • 30. SECURING CONTENT EXAMPLE: CONTAINERS A validated supply chain helps ensure use of tested and patched software.
  • 31. AN OPEN HYBRID CLOUD JOURNEY Hybrid policy & management Data, workflow, & API integration Automation Software-defined infrastructure Legacy modernization Self-service & flexibility Optimized virtualization Cloud migration Orchestrated container platform DevOps tooling Mobile Open Innovation Labs Secured software supply chain
  • 32. CREDITS Dev: Nelson Pavlosky/flickr under CC http://www.flickr.com/photos/skyfaller/113796919/ Ops: Leonardo Rizzi/flickr under CC http://www.flickr.com/photos/stars6/4381851322/ Rainbows and Unicorns: http://kaigumo.deviantart.com/art/Unicorns-Fart-Rainbows-3-151273843 Piggy bank: https://www.flickr.com/photos/marcmos/3644751092 Stop: https://www.flickr.com/photos/r_grandmorin/6922697037
  • 34. TRADITIONAL SECURITY What we did Code audited for current compliance Applications and systems deployed on “secured” platform Largely relied on checklists, written processes, and manual actions Primarily an end-of-process checkpoint
  • 35. TRUSTED CONTAINER CONTENT "From a security and governance perspective, trusting the container image is a critical concern throughout the software development lifecycle. Ensuring that images are signed and originate from a trusted registry are solid security best practices. " 5 keys to conquering container security, Amir Jerbi, Infoworld 4 August 2016 http://www.infoworld.com/article/3104030/security/5-keys-to-docker-container-security.html
  • 36. NoOps? "This is part of what we call NoOps. The developers used to spend hours a week in meetings with Ops discussing what they needed, figuring out capacity forecasts and writing tickets to request changes for the datacenter. Now they spend seconds doing it themselves in the cloud." Adrian Cockroft, Netflix, 2012
  • 37. BACK TO ADRIAN " We have built tooling that removes many of the operations tasks completely from the developer, and which makes the remaining tasks quick and self service. There is no ops organization involved in running our cloud, no need for the developers to interact with ops people to get things done, and less time spent actually doing ops tasks than developers would spend explaining what needed to be done to someone else. " Adrian Cockroft, Netflix, 2012
  • 38. Strategies for sourcing software Wild West Go ahead and grab it! Blacklist Is it from a known bad source? Whitelist Is it a known good source? Digitally signed/securely delivered Rapid updates for vulnerabilities Repeatable release processes
  • 39. THE MOVE TO HYBRID INFRASTRUCTURES BRINGS ADDITIONAL MANAGEMENT CHALLENGES APPLICATION ARCHITECTURE INFRASTRUCTURE PLATFORM OPERATIONAL MODEL OPERATIONAL CHALLENGES Traditional Applications Virtualization Operational Automation Orchestration Automation Private Cloud Scalable Applications Public Cloud SaaS and PaaS Cloud Native Service Brokering Containers Microservices Self-service Automated provisioning Lifecycle management Root cause analysis Performance and capacity management Hybrid Management Policy compliance Quota enforcement Chargeback
  • 40. WHAT DEFINES A MODERN PLATFORM? ● Built through collaborative innovation in Linux and other open source communities ● Composed of integrated core software services ● Open container format, runtime, and orchestration ● Focused on large distributed system scale points
  • 41. THE NEEDED MANAGEMENT SERVICES SERVICE AUTOMATION Complete lifecycle and operational management that allows IT to remain in control. POLICY & COMPLIANCE Deploy across virtualization, private cloud, public cloud and container-based environments. UNIFIED HYBRID MANAGEMENT Draws on continuous monitoring and deep insights to raise alerts or remediate issues. Streamline complex service delivery processes, saving time and money. OPERATIONAL VISIBILITY
  • 42. OPERATIONAL VISIBILITY CHALLENGES Systems that are not being utilized should be retired to reclaim resources. Budgets are tight. We have to make sure that we are utilizing our systems efficiently. Tracking problems across infrastructure layers can be a challenge. I’ve got to project infrastructure usage out into the future for planning purposes. CHALLENGES LIFECYCLE MANAGEMENT ROOT-CAUSE ANALYSIS CAPACITY MANAGEMENT RESOURCE OPTIMIZATION
  • 43. OPERATIONAL VISIBILITY WITH HYBRID MANAGEMENT We now have complete lifecycle management: provisioning, reconfiguration, deprovisioning, and retirement. Automatic resource optimization intelligently places VMs and offers right-sizing recommendations. I can drill-down through infrastructure layers to determine the root cause. Resource tracking and trending aids in capacity and what-if scenario planning. CHALLENGES LIFECYCLE MANAGEMENT ROOT-CAUSE ANALYSIS CAPACITY MANAGEMENT RESOURCE OPTIMIZATION