Topo pal does2016
3 likes1,081 views
Capital One is a large digital bank that has undergone an agile and DevOps transformation journey from waterfall to continuous delivery. They focus on building their own software, using microservices and open source on public clouds. Topo Pal discusses Capital One's DevOps practices including automated pipelines with security and compliance controls to deliver high quality software faster through continuous integration and deployment. He highlights opportunities to improve their branching strategy and release processes and risks mitigation through DevOps practices.
Topo pal does2016
- 1. DevOps at Capital One Focusing on Pipeline and Measurement
- 3. @TopoPal Capital One ! Millions of accounts ! One of the largest Digital Banks ! #1 Information Week’s Elite 100 ! ~ 20 years old
- 4. @TopoPal Different DNA ! Build our own software ! Build on public cloud ! MicroServices ! Open Source ! DevOpsSec and Continuous Delivery
- 5. @TopoPal • Enterprise Architecture • DevOpsSec Strategy Owner • DevOps Evangelist • Shared Technology Group • Product Manager of Continuous Delivery Tools Platform • DevOps Evangelist • Core Contributor and Community Manager of Hygieia Personal Journey
- 6. @TopoPal
- 7. @TopoPal • Waterfall • Manual Build • Manual Deployment • Manual Test • Data Center • Closed Source First • Agile • Automated Build • Automated Deployment • Automated Test • Public Cloud • Open Source First Agile & DevOps Transformation Journey
- 8. @TopoPal Mostly Out-Sourced Mostly In-Sourced Agile & DevOps Transformation Journey Vertical Silos Product Team Dev, Ops, QA, RM Engineers
- 9. @TopoPal ! DOES 2014 Building out Automation steps ! DOES 2015 Scaling DevOps, Open Source, Cloud, Innovation ! DOES 2016 Measure, Improve, Mature
- 10. @TopoPal Typical DevOps Success Story Code Commit Random 100s /day Deployment Prod Manual Automated Integration Monthly 15 mins QA, Perf Monthly 4 / day Monthly/ Quarterly Once / sprint Testing Manual Automated
- 11. @TopoPal 2016 What’s in your pipeline?
- 13. @TopoPal Deliver High Quality Working Software Faster
- 14. @TopoPal Deliver High Quality Working Software Faster • No security flaws • No legal flaws • Minimum defects • All levels of testing done • Code reviewed and source controlled • Across LOBs, Shared Services and 3rd Parties • Tested end-to-end • All dependencies are satisfied • How fast? ASAP?
- 16. @TopoPal
- 17. @TopoPal Feb 8, 1700 — March 17, 1782 Daniel J. Bernoulli
- 18. @TopoPal Constrict flow, Increase Speed, Lessen Pressure https://www.khanacademy.org/science/physics/fluids/fluid-dynamics/a/what-is-volume-flow-rate
- 23. @TopoPal • Design • Measure • Improve Pipeline
- 25. @TopoPal Pipeline must have 16 gates Source code version control Optimum branching strategy Static analysis > 80% Code coverage Vulnerability scan Open source scan Artifact version control Auto provision Immutable servers Integration testing Performance testing Build, Deploy,Testing automated for every commit Automated Change Order Zero downtime release Automated rollback Feature Toggle
- 29. @TopoPal Increase Speed = Reduce Wait Time
- 30. @TopoPal Opportunities • Branching Strategy • Process
- 32. @TopoPal Branching • We recommend “Trunk based” development. • Other option:
- 33. @TopoPal Pipeline Improvement Improve Process • Automate Release Process • Revisit Audit & Compliance
- 34. @TopoPal Risks are real • Intentional damage • Unintentional damage • Untested code in production But…. There is a better way
- 35. @TopoPal Hypothesis • DevOpsSec & CI/CD provide better controls • A model with ~30 practices can satisfy audit and compliance • If everything is source code, no one needs access to production • For emergency,“Break Glass”
- 36. @TopoPal Result Production Release 1+ / dayOnce / sprint # of Applications with Release Automation: 20+ Max. # of Releases in 1 day for 1 Application: 34 With “Segregation of Duties”
- 38. @TopoPal Coming Soon to Open Source • A secure & compliant pipeline model • A forked and enhanced version of “LGTM”
- 39. @TopoPal