DevOps Toolchain
1 Introduction accordingly based on the problem at hand. DevOps may need little introduction these days, Similarly, most systems administrators possess but many are still at a loss to explain precisely competent programming abilities for traversing what the movement entails. Some emphasize the the stack—on top of the requisite skills for portmanteau of the two terms, stating that the managing IT operations. The industry has heart of DevOps is the collaboration between been quick in attaching new labels to these developers and operations staff. Others choose emerging hybrid roles: DevOps Engineer and to focus on the tools and the problems they solve, DevOps Specialist being the most common. singing the praises of DevOps for fixing their Notwithstanding, the key takeaway is that no respective infrastructure woes. Tools—though single IT skill is more important or valuable than crucial enablers of the movement—only form part another; subsequently, many different tools are of the equation. DevOps encompasses cultural required to do the job effectively. So as DevOps innovation, a breaking down of walls and silos is comprised of a group of concepts clustered between software development, operations, around the premise of continuous software and QA/ testing—in addition to the tools and delivery, these concepts in turn encompass a methodologies enabling this transformation. range of associated tools for fulfilling particular Ultimately, the definition of DevOps varies per functions. organization. Since its meaning depends heavily on the audience and context in question, general All in all, these complementary tools fill out the discussions around the true definition of DevOps DevOps toolchain, unifying the best elements are for the most part inconsequential. If you is from development and operations. Keep in specifically concerned about what is/not DevOps, mind that both tools and cultural innovation check out our ebook “DevOps for Cynics” and are required for DevOps; adopting a popular our blog post “Defining DevOps.” If you want to solution on its own as a magic on- ramp to know about tools that can make your life easier, DevOps is a quick path to disillusioned, as there what makes each one unique, and how they fit are no “DevOps” tools, per se. The combination together, read on. of cultural changes, information de-siloing, and tooling implemented along way is what enables Hybridization of Roles an organization to recognize ROI from DevOps. A discussion regarding tools and DevOps should In a sentence, it’s not just about the tools, but the therefore begin by considering the individuals people as well. who will be utilizing the tools. The rise of so- called “polyglot programmers” and systems administrators with coding proficiency reflects a general trend inIT towards despecialization. Developers these days are adept in a number of languages and approaches, applying each
2 Agile Roots and server components. This unification of all At first glance, DevOps may seem like an sides of the software delivery puzzle is also evolutionor extension of Agile and Lean referred to as “programmable infrastructure,” methodologies that have gained prominence and is central to practicing DevOps. in the last decade. While this is certainly true in many respects, an important distinction lies in scope: while Agile deals primarily on the development side of affairs, DevOps stresses a unified approach that covers the entire scope of software delivery. So as Agile stresses cross-functional collaboration to aid incremental, continuous development of quality software, DevOps expands this ideal to include development, IT operations, and QA/ Testing teams as interdependent cogs of the same software delivery mechanism. Indeed, many of the Agile tools and methodologies find their way into the DevOps toolchain and workflow, as the two promote the same style of collaboration. Furthermore, as software development ultimately depends on operations for deployment, a closer integration of the two groups will naturally boost quality and efficiency.
Infrastructure as Code With Agile software teams becoming commonplace, IT operations needs a way to keep up infrastructure with this rapid pace of development. Furthermore, as virtualized environments and cloud infrastructures become more commonplace, the operations side needs a more dynamic, flexible approach to managing systems. Borrowing from their software development counterparts, systems administrators can now manage their infrastructures as code—automating and tracking configurations like source code. This enables the ability for version control, rolling back of changes, as well as integrated testing and deployment to production of necessary software
3 The DevOps Toolchain
Project Infrastructure changes are tracked as tickets in UpGuard Examples: Management and sent to your project management tool of choice. �ira, Asana, Pivotal
Requirements The requirements of current applications are avaliable in Examples: Gathering UpGuard’s system state documentation. Word, Wikis, Spreadsheets
Artifacts Code and UpGuard policies are versioned and Examples: Versioning checked in to be used in build and deployment process Git, SVN
Continuous integration and deployment tools use Examples: Continuous UpGuard policies to validate environments before �enkins, Team City, Travis, Integration and after deployment. CircleCI, Drone.io
UpGuard generates manifests for configuration Configuration Examples: management tools like Puppert, Chef, Powershell DSC, Management Puppet, Chef, Ansible Ansible, Salt and more.
Configuration state is continuously checked for deviation Examples: Monitoring from baseline, much like you would with Shell Scripts performance monitoring.
Complete configuration state is documented and Examples: Discovery accessible for anomaly analysis and troubleshooting. CMDBs
After confirming the system state’s health, Examples: New Baseline UpGuard documents the new baseline None for development.
UpGuard provides the feedback mechanism from the Examples: Standardize end of one development cycle to the beginning of the next. None
4 Versioning and Source Control Testing and Validation Tracking code level changes is a common Tools and frameworks for testing and validation and necessary activity of today’s software are important for ensuring quality at all phases developers. Doing so enables concurrent of development. In many cases, unique solutions development, merging, and rollback capabilities are applied to a specific aspect of testing— for applications/ software. Source Control for example, one tool may be used for unit Management (SCM) tools are popular options for testing while another is used for integration keeping track of software code; many DevOps testing. Solutions like UpGuard provide crucial practitioners also track versions of their systems functionality for testing/validating environments, configuration with these tools, essentially and are indispensable for troubleshooting and managing their infrastructure “as code.” For debugging software applications. The platform example, it’s a common practice for systems allows one to anticipate changes and pre-validate administrators to store and manage their Puppet every environment before deployment; by Manifests or Chef Cookbooks in GitHub. generating tests directly from development and running them against the target environment, Continuous Integration DevOps practitioners can confidently release and Orchestration quality, error-free software. Combined, these Continuous integration (CI) and testing and validation solutions provide a orchestration tools enable the integration of consistent mechanism and format for testing development code into the overall software application features and behavior on both a product frequently and early in order to mitigate micro and macro-level. potential conflicts down the line. Typically, these tools are employed to automate software builds Configuration Management (CM) and testing, and are crucial for applying quality CM tools allow one to define the desired state control on a continual basis (as opposed to after of a system and/or environment in regards to the software has been developed and released). configuration files, software installed, users, These tools can also be used to track and manage groups and many other resource types. They changes for CM—for example, Chef Cookbooks also provide functionality to automatically can also be stored in version control with Github. push changes onto specific machines, also The appropriate CI tool can then be used to test known as automation and orchestration. Tools cookbooks for bugs and errors, and set up to like UpGuard can provide initial discovery and automatically to do so every time infrastructure visibility into an infrastructure, create “golden changes are committed and merged.This is an images” for automation tools like Puppet and area where the automation side of DevOps Chef, and validate that results are in line with really comes into play. Automated deployment, expectations, post-automation. automated testing and continuous integration are key. When managing environments and Containerization moving applications through them consistency Containerization essentially allows one to is what you want. The first step towards that is package up or “containerize” an application in its consistent builds. Automated deployment tools own environment, making software easier are a must. No PM wants to hear that it will take
5 Application Performance System of Record Management (APM) The cross-functional collaboration and In contrast to testing and validation on the information “un-siloing” promoted by DevOps code level, APM solutions allow one to test is deceptively straightforward in theory but can and troubleshoot a software application’s be quite challenging in practice. Much of this performance under various conditions. For is due to the sheer volume of disparate moving example, SaaS applications are commonly tested parts required to make the DevOps machinery and monitored with APM tools to ensure high operate: developers checking in/out and merging availability, low response time, and quality of application code, operations staff bringing up/ service. By gauging how efficiently an application down and patching systems, and any number of is utilizing system resources, developers can continuous integration activities. These factors— more easily identify and resolve performance along with the natural tendency for system bottlenecks—the net result being superior configurations to drift over time—make a single service delivery of one’s software applications. system of record for DevOps crucial for a myriad of critical functions. This mechanism ensures Continuous Security Testing and the validity and consistency of environment- Monitoring wide configuration information, and provides The importance of continually testing a common datasource for CM activities, and monitoring one’s infrastructure for automation, and continuous security monitoring, vulnerabilities, configuration changes, and drift among others. cannot be stressed enough. Developers may be savvy enough to avoid code-level security issues Consider activities instrumental to CM and in an application, but ultimately the software automation like baselining or “golden image” is as vulnerable as its underlying systems and creation: to attain a specified desired state, one infrastructure. Detecting and remediating must have a correct reference model to work security flaws at all levels of the application from. This can be for any number of purposes: and technology stack is therefore crucial to to harden one’s infrastructure security posture, bolstering a software application against security replicate environments for testing, or to threats and potential compromise. Implemented confidently automate provisioning; referencing as part of the continuous integration process in a common datasource for systems information ongoing software iterations, continuous security is necessary in these and many other scenarios. testing and monitoring help to maintain a Having a single system of record enables proper strong security posture throughout all phases of visibility and validation for consistent delivery of development. UpGuard provides comprehensive quality software and services. vulnerability scanning and monitoring to ensure that one’s infrastructure and systems As mentioned previously, UpGuard performs are optimally poised against an evolving threat a critical role in capturing desired system and landscape. environment states. In this capacity, it serves as the single source of record for CM, testing, and other constituent components of the DevOps
6 toolchain. UpGuard closes the feedback loop rolled out successfully, as well as provide further to ensure that developers begin from the same validation that any deployed applications and state as production, post- automation states are systems are free of vulnerabilities through in line with expectations, and infrastructures are comprehensive vulnerability scanning. monitored against an up-to-date, secure “golden In the context of DevOps, the whole is truly image.” greater than the sum of its parts. One must be equipped with the proper range of tools to address the unique, ongoing challenges of continuous integration and software delivery, Conclusion and no one tool can do the job alone. DevOps is about delivering higher quality applications A typical DevOps toolchain might consist of quicker and with less errors; this is accomplished the following: UpGuard to discover and track by breaking down silos between development and what you have and to determine what your operations and creating a smoother path towards environment should look like. The platform can software delivery. DevOps and its underlying then output to a tool like Chef, Puppet, or Ansible concepts provide undisputed benefits to any for provisioning and automation—or directly to forward-thinking organization, and the DevOps Docker for creating containers or Vagrant for toolchain provides mechanisms to realize these creating development and test environments. benefits. Once systems changes and applications have been deployed to production, UpGuard can validate that the changes have indeed been
7 Businesses depend on trust, but breaches and outages erode that trust. UpGuard is the world’s first cyber resilience platform, designed to proactively assess and manage the business risks posed by technology.
UpGuard gathers complete information across every digital surface, stores it in a single, searchable repository, and provides continuous validation and insightful visualizations so companies can make informed decisions.
© 2017 UpGuard, Inc. All rights reserved. UpGuard and the 909 San Rafael Ave. UpGuard logo are registered trademarks of UpGuard, Inc. All other Mountain View, CA 94043 products or services mentioned herein are trademarks of their +1 888 882 3223 respective companies. Information subject to change without notice. www.UpGuard.com 8
UNKNOWN